KR20130042914A - Virtualization system of peripheral devices of computer system - Google Patents

Virtualization system of peripheral devices of computer system Download PDF

Info

Publication number
KR20130042914A
KR20130042914A KR1020110107069A KR20110107069A KR20130042914A KR 20130042914 A KR20130042914 A KR 20130042914A KR 1020110107069 A KR1020110107069 A KR 1020110107069A KR 20110107069 A KR20110107069 A KR 20110107069A KR 20130042914 A KR20130042914 A KR 20130042914A
Authority
KR
South Korea
Prior art keywords
processor
mode
virtualization
peripheral
monitor
Prior art date
Application number
KR1020110107069A
Other languages
Korean (ko)
Inventor
김재열
고광원
김강호
안창원
Original Assignee
한국전자통신연구원
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한국전자통신연구원 filed Critical 한국전자통신연구원
Priority to KR1020110107069A priority Critical patent/KR20130042914A/en
Publication of KR20130042914A publication Critical patent/KR20130042914A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/26Power supply means, e.g. regulation thereof
    • G06F1/28Supervision thereof, e.g. detecting power-supply failure by out of limits supervision
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45504Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Memory System Of A Hierarchy Structure (AREA)
  • Storage Device Security (AREA)

Abstract

PURPOSE: A peripheral device virtualization system of a computer system is provided to improve a virtualization performance by using a memory area setting function supporting hardware. CONSTITUTION: A first processor(30) is operated as a secure state in a special right mode. A second processor(20) is operated as a normal state in a user mode and the special right mode. The second processor includes a kernel operated in a special right mode and a user process operated in the user mode. A monitor mode(40) controls the access of the second processor to a memory area set as the secure state in the first processor. A handler processes a reading or a writing request for a memory according to an analysis result by analyzing the state information in the occurrence of abort data. [Reference numerals] (40) Monitor mode; (AA,CC) User mode; (BB,DD) Privilege mode;

Description

VIRTUALIZATION SYSTEM OF PERIPHERAL DEVICES OF COMPUTER SYSTEM}

The present invention relates to a computer system, and more particularly, to a virtualization system of a computer system for virtualizing a system peripheral device, for example, a timer, a power management module, and the like by using a security function provided by a processor in a virtualization technology. will be.

Virtualization technology is a technology that virtualizes input / output devices such as CPU (Central Processing Unit), memory, disk, network, and monitor, which are hardware resources used by operating system (OS).

A system with virtualization technology blocks the operating system from accessing the hardware directly and provides the operating system with a virtual hardware interface so that multiple operating systems can run on one hardware.

These virtualization technologies can be classified into virtualization for each device in detail, so that they can be divided into virtualization such as CPU virtualization, memory virtualization, and disk and network. In the case of CPU virtualization, the CPU architecture generally supports more than one mode.

Each mode has a different privilege level. The operating system runs in Privileged mode, and the general application runs in Unprivileged mode. In privileged mode, all the instructions provided by the CPU can be used. In non-privileged mode, only the remaining instructions can be executed in the CPU except those that can only be executed in privileged mode. Here, the operating system generally operates in a privileged mode, thereby obtaining a right to control an application program.

In contrast, in a virtualization system, operating systems cannot access hardware directly, so that many virtual machines can operate. To do this, privileged mode is assigned to the virtual machine monitor, and the operating system and applications are allowed to run in non-privileged mode to virtualize the CPU.

Among several processor architectures, ARM has recently added a function called trust zone to enhance the security of the processor.

The trust zone provides two processor regions, the secure state and the normal state. The two states have a user mode in which the application runs and a private mode in which the operating system runs.

Among the two areas, important tasks requiring security are performed in the secure state, and other tasks are performed in the normal state, thereby increasing the security of the system. The TrustZone feature provides a new mode called monitor mode to move between these secure and normal states. In this case, the monitor mode must be passed in order to transition from one state of the secure state and the normal state to the other state.

Trust zones provide some functionality internally. One of them provides a function of selectively setting a memory area mapped to an internal device as a security area and a non-security area.

A protection bit is provided for each system peripheral implemented in the Arm System-on-Chip (Ar SoC) so that only the secure state can access the memory mapped to the system peripheral. In addition to restrictive control, it also provides memory access restriction based on trust zone configuration.

Security features supported by CPU hardware, such as those described above, are very efficient because they can perform the same task with a smaller load than software alone.

Background art of the present invention is disclosed in Korean Patent Publication No. 10-2006-0079088 (2005.12.07).

An object of the present invention is to improve the performance of a virtualization system by using a memory area setting function supported by hardware to virtualize a system peripheral device that is responsible for system time, power control, interrupt controller, etc. in a computer system. The purpose is to provide a device virtualization method.

Peripheral virtualization system of a computer system according to an aspect of the present invention comprises a first processor operating in a privileged mode set to a secure state; A second processor set to a normal state and operated in a user mode and a privileged mode; And a monitor mode for controlling access of the second processor to a memory region designated by the first processor in the secure state.

The second processor of the present invention includes a user process operating in the user mode and a kernel operating in the privileged mode.

The first processor of the present invention stores a value of a processor status register (PSR) of the second processor and a value of a register of the second processor that are copied to a saved processor status register (SPSR) when a data abort occurs. And changing the normal state to the secure state through the monitor mode.

After changing the normal state to the secure state through the monitor mode, the first processor reads the address where the data abbot is generated and the status information when it occurs, and the status information when the data abort is generated. Analyze the virtualization through the handler of the data peripheral is generated system characterized in that the virtual handling.

The handler of the present invention is characterized in that the system peripheral device processes the read / write request for the mapped memory according to the analysis result by analyzing state information when the data abort occurs.

The first processor of the present invention is configured to restore the register when the virtualization handling is terminated.

The first processor of the present invention is characterized in that the virtual machine monitor.

The second processor of the present invention is characterized in that the guest virtual machine.

The present invention can support the system peripheral virtualization using a hardware support function, it is possible to efficiently perform virtualization for the system peripheral device, thereby improving the performance of the entire virtualization system.

1 is a block diagram of a TrustZone Protection Control (TZPC) applied to the present invention.
2 is a block diagram of a peripheral virtualization system of a computer system according to an embodiment of the present invention.
3 is a flowchart illustrating a memory access exception processing procedure according to an embodiment of the present invention.

Hereinafter, a peripheral virtualization method of a computer system according to an embodiment of the present invention will be described in detail with reference to the accompanying drawings. In this process, the thicknesses of the lines and the sizes of the components shown in the drawings may be exaggerated for clarity and convenience of explanation. In addition, terms to be described later are terms defined in consideration of functions in the present invention, which may vary according to the intention or convention of a user or an operator. Therefore, the definitions of these terms should be made based on the contents throughout the specification.

1 is a block diagram of a TrustZone Protection Control (TZPC) applied to the present invention, Figure 2 is a block diagram of a peripheral virtualization system of a computer system according to an embodiment of the present invention, Figure 3 is a block diagram of the present invention 1 is a flowchart illustrating a memory access exception processing procedure according to an exemplary embodiment.

The present invention relates to a method of virtualizing a system peripheral device such as a timer and a power management module by using a security function provided by a processor in a virtualization technology. The present invention can provide various security functions for each processor, and an embodiment of the present specification describes an example of using a trust zone provided by an ARM processor.

The present invention is a method for controlling the access of a system peripheral device mapped to a memory using a security-specific function provided by a process, and using the same, to support system peripheral virtualization.

The security-specific feature provided by the ARM processor is TrustZone, which uses TrustZone Protection Control (hereinafter simply referred to as TZPC).

The TZPC 10 includes system peripherals added to the ARM core, such as a system timer, a system control unit, a general purpose input / output pin (GPIO), Memory mapped to AUDIO, VIC (Vectored Interrupt Timer), etc. may be set as a secure area and a non-secure area.

Trust zone protection control applied to the embodiment of the present invention, as shown in Figure 1, the TZPC 10 is an APB (Advanced Peripheral Bus) interface module 11 and TZPC control that largely provides a bus interface (bus interface) Includes a register set 12 for.

The register set 12 allows a user to selectively set a memory area connected to a specific system peripheral device as a secure area.

Therefore, in the present embodiment, a method of virtualizing a system peripheral device mapped to a memory using the memory area security setting function will be described using the TZPC 10 as an example.

System virtualization is divided into full-virtualization and para-virtualization according to the form of virtualization.

Full virtualization is a method that does not modify the guest operating system operating on the virtual machine, while para-virtualization is a method of modifying the guest operating system to match the interface provided by the lower virtual machine monitor 30.

Full virtualization has the advantage of not modifying the guest operating system, but generally has the disadvantage of lower performance than paravirtualization.

Conversely, paravirtualization is superior to full virtualization, but has the disadvantage of modifying the guest operating system.

In this embodiment, it is possible to compensate for the disadvantages of performance while supporting full virtualization. This is because the performance provided by the hardware can be reduced by utilizing the functions provided by the hardware. The present invention can also be used for para-virtualization, which can depend entirely on the design of the virtual machine monitor 30 described below.

As shown in FIG. 2, the peripheral virtualization system of the computer system according to an exemplary embodiment of the present invention includes a second processor 20 operating in a normal state which is an unsecured area and a secure state that is a secure area. It includes a first processor 30 that operates in the).

The first processor may be a virtual machine monitor (VMM), and the second processor may be a guest virtual machine (GuestVM).

The guest virtual machine 20 is operated by the virtual machine monitor 30 in the user mode and the privileged mode of the normal state.

The virtual machine monitor 30 manages the stability of the entire system, and operates in the privileged mode of the secure state.

As such, the virtual machine monitor 30 may be isolated from the guest virtual machine 20 to ensure better stability.

Computing systems using the von Neumann architecture are basically interrupt-based systems. In general, only one exception routine including interrupts can be registered throughout the system.

However, ARM architectures that support trust zones support the inclusion of an exception vector (not shown) in each of the normal state, monitor mode 40, and secure state, and any exceptions that occur. You can also set the map to process in the processing vector.

In the trust zone, when a memory area designated as a secure zone is accessed from the normal state using the TZPC 10 setting, a data abort handler of the exception vector of the monitor mode 40 is executed. The mode of the processor is also changed to the monitor mode 40.

This mechanism allows the virtual machine monitor 30 to control the virtual machine access to the system peripherals.

A process performed after the virtual machine monitor 30 intercepts a memory access mapped to a system peripheral device will be described with reference to FIG. 3.

When the guest virtual machine 20 approaches the TZPC set memory area of the ARM, the control is transferred to the data abort handler of the monitor mode 40 and then processed. This occurs when the kernel of the guest virtual machine 20 accesses memory through a device driver (not shown) of the system peripheral.

In response, the normal state is changed to the monitor mode through the data abort exception processing of the monitor mode 40 from the privileged mode.

When an exception occurs in the ARM architecture, the Current Processor Status Register (CPSR) value of the previous state is copied to the Saved Processor Status Register (SPSR), which is a banked register in Monitor Mode (40), and the Monitor Mode (40). The value in the SPSR of is copied to the CPSR.

The data abort handler first stores the PSR value of the guest virtual machine 20 and the register value of the guest virtual machine 20 copied to the SPSR (S10). In this case, the PSR value and the register value of the guest virtual machine 20 may be stored in a stack of the monitor mode 40 or a specific location of a memory.

As described above, after the value of the register is stored, the normal state is changed to the secure state (S20).

The monitor mode 40 can exist in both normal and secure states. In this case, the monitor mode 40 must be passed to change the normal state and the secure state.

As such, when the state changes from the normal state to the secure state, the virtual memory space is changed from the memory mapping of the guest virtual machine 20 to the memory space of the virtual machine monitor 30 so that the code of the virtual machine monitor 30 can be executed. do.

Next, the address where the data abort occurred and the status information at the time of occurrence are read (S30).

Here, the data fault address register (DFAR) has address information on which data abort has occurred, and the data fault status register (DFSR) has status information on which a batter abort has occurred.

The fault address is read and analyzed to determine which device is accessed (S40), and then the corresponding handler is executed. Such devices include vectored interrupt controllers (VICs) and system timers.

Each device's handler performs virtualization handling that matches the device's characteristics. The virtualization handling of the device handles the read / write request for the mapped memory of the device, and the request information can be checked through the DFSR.

Therefore, the handler determines whether to read / write through the DFSR and processes the information based on the information and policy maintained by the virtual machine monitor 30.

When the virtual handling for each device is completed, the virtual machine monitor 30 restores the stored register (S60), and returns to the next command of the guest virtual machine 20 in which the data abort has occurred (S70).

The present invention provides a method for supporting virtualization of a system peripheral through such a series of processes.

The above description uses the ARM architecture as an example. Other processors can also use hardware support to support virtualization of system peripherals.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is clearly understood that the same is by way of illustration and example only and is not to be taken by way of limitation, I will understand. Accordingly, the true scope of the present invention should be determined by the following claims.

10: TZPC 11: APB Interface Module
12: register set 20: guest virtual machine
30: Virtual Machine Monitor 40: Monitor Mode

Claims (8)

A first processor set to a secure state and operating in a privileged mode;
A second processor set to a normal state and operated in a user mode and a privileged mode; And
And a monitor mode for controlling access of the second processor to a memory area designated by the first processor to the secure state. 2. The system of claim 1, wherein the second processor comprises a user process operating in the user mode and a kernel operating in the privileged mode. The method of claim 1, wherein the first processor generates a data abort,
Saves the value of the processor status register (PSR) of the second processor and the value of the register of the second processor copied to the saved processor status register (SPSR), and changes the normal state to the secure state through the monitor mode. Peripheral virtualization system of a computer system, characterized in that. The method of claim 3, wherein the first processor
After changing the normal state to the secure state through the monitor mode, the address where the data abbot is generated and the status information when the data is generated are read, and the data information is generated by analyzing the status information when the data abort is generated. Peripheral virtualization system of a computer system, characterized in that to perform the virtualization handling through the handler of the system peripheral. The peripheral device of claim 4, wherein the handler analyzes the state information when the data abort occurs and processes the read / write request to the mapped memory according to the analysis result. Virtualization system. The method of claim 3, wherein the first processor
And when the virtualization handling ends, restoring the registers. The peripheral virtualization system of claim 1, wherein the first processor is a virtual machine monitor. The peripheral virtualization system of claim 1, wherein the second processor is a guest virtual machine.
KR1020110107069A 2011-10-19 2011-10-19 Virtualization system of peripheral devices of computer system KR20130042914A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020110107069A KR20130042914A (en) 2011-10-19 2011-10-19 Virtualization system of peripheral devices of computer system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020110107069A KR20130042914A (en) 2011-10-19 2011-10-19 Virtualization system of peripheral devices of computer system

Publications (1)

Publication Number Publication Date
KR20130042914A true KR20130042914A (en) 2013-04-29

Family

ID=48441379

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020110107069A KR20130042914A (en) 2011-10-19 2011-10-19 Virtualization system of peripheral devices of computer system

Country Status (1)

Country Link
KR (1) KR20130042914A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102405093B1 (en) * 2021-12-09 2022-06-07 한화시스템(주) System and method for verifying integrity of unmanned aerial vehicle

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102405093B1 (en) * 2021-12-09 2022-06-07 한화시스템(주) System and method for verifying integrity of unmanned aerial vehicle

Similar Documents

Publication Publication Date Title
US7209994B1 (en) Processor that maintains virtual interrupt state and injects virtual interrupts into virtual machine guests
JP5042848B2 (en) System and method for depriving components of virtual machine monitor
US7707341B1 (en) Virtualizing an interrupt controller
KR101019937B1 (en) Secure operating system switching
EP1939754B1 (en) Providing protected access to critical memory regions
US7506121B2 (en) Method and apparatus for a guest to access a memory mapped device
RU2265880C2 (en) New processor mode for limiting functioning of guest software, executed at virtual machine, supported by virtual machine monitor
JP5936640B2 (en) Creating an isolated execution environment for co-designed processors
US8291410B2 (en) Controlling virtual machines based on activity state
US7900204B2 (en) Interrupt processing in a layered virtualization architecture
KR20130050156A (en) Apparatus for translating virtual address space
JP6530723B2 (en) System and method for facilitating joint operation of multiple hypervisors in a computer system
WO2013101191A1 (en) Virtual machine control structure shadowing
US10963280B2 (en) Hypervisor post-write notification of control and debug register updates
US9086906B2 (en) Apparatus and method for guest and root register sharing in a virtual machine
JP4316882B2 (en) System and method for logical replacement of processor control in an emulated computing environment
US10248451B2 (en) Using hypervisor trapping for protection against interrupts in virtual machine functions
Baldin et al. Proteus, a hybrid virtualization platform for embedded systems
KR20130042914A (en) Virtualization system of peripheral devices of computer system
US10127064B2 (en) Read-only VM function chaining for secure hypervisor access
US20230161650A1 (en) Method and apparatus for inter-process communication, and computer storage medium
US11726811B2 (en) Parallel context switching for interrupt handling
US20230066447A1 (en) Execution of code in system memory
US20160378543A1 (en) Implementing pseudo non-masking interrupts behavior using a priority interrupt controller

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination