WO2012086106A1 - 仮想計算機システム及び仮想計算機システム制御方法 - Google Patents
仮想計算機システム及び仮想計算機システム制御方法 Download PDFInfo
- Publication number
- WO2012086106A1 WO2012086106A1 PCT/JP2011/005019 JP2011005019W WO2012086106A1 WO 2012086106 A1 WO2012086106 A1 WO 2012086106A1 JP 2011005019 W JP2011005019 W JP 2011005019W WO 2012086106 A1 WO2012086106 A1 WO 2012086106A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- processor
- execution state
- storage area
- execution
- hypervisor
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5061—Partitioning or combining of resources
- G06F9/5077—Logical partitioning of resources; Management or configuration of virtualized resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Definitions
- the present invention relates to a virtual machine system including a plurality of processors, and more particularly, to a program execution control technique on a plurality of processors having a plurality of privileged modes.
- Such a virtual machine system includes a hypervisor for causing a processor to execute an operating system switching execution control process.
- This hypervisor is executed in a privileged mode higher than the privileged mode in which the operating system is executed in order to perform switching control processing of the operating system executed in the privileged mode while ensuring the reliability of the system. It is necessary to
- a processor constituting the virtual machine system includes a supervisor mode and a hypervisor mode that is higher than the supervisor mode as privileged modes.
- the operating system is executed in the supervisor mode, and the hypervisor is executed in the hypervisor mode.
- the information to be kept secret should not be accessed by a program other than a specific program that can be trusted (hereinafter referred to as “secure program”). It is desirable to be protected.
- Such a virtual machine system requires a privileged mode for executing a secure program, separately from the supervisor mode and the hypervisor mode.
- the processor constituting the virtual machine system has a secure mode that is a privilege mode higher than the hypervisor mode.
- the secure program is executed in the secure mode.
- FIG. 16 is an operation mode diagram showing an operation mode of a processor constituting the virtual machine system in Patent Document 2.
- the processor constituting the virtual machine has three privilege modes, that is, a supervisor mode 1630, a hypervisor mode 1620, and a secure mode 1610.
- the application program is executed in the user mode 1640, the operating system is executed in the supervisor mode 1630, the hypervisor is executed in the hypervisor mode 1620, and the secure program is executed in the secure mode 1610.
- a processor having three or more privileged modes in addition to the user mode is generally a high-function processor, and has a higher power consumption and a higher price than a processor having only two privileged modes. There are many.
- the present invention has been made in view of such problems, and even if the constituting processor has only two privileged modes, an operating system switching processing function that ensures system reliability, and An object of the present invention is to provide a virtual machine system that can coexist with a security protection function using a secure program.
- a virtual machine system is a virtual machine system including a memory, a first processor and a second processor connected to the memory, and the first processor and the second processor. Each has a lower privilege mode and an upper privilege mode higher than the lower privilege mode, and the memory has an execution state storage area for storing execution state information relating to the execution state of the processor, and the virtual
- the computer system is an operating system that is executed in the lower privilege mode on a processor and a hypervisor that is executed in the upper privilege mode on the first processor.
- a hypervisor for performing a restoration notification to the second processor using the execution state information saved in the execution state saving area, and a restoration program executed in the lower privilege mode on the second processor.
- a restoration program for causing the second processor that has received the restoration notice to restore the execution state information stored in the execution state storage area as the execution state information of the second processor.
- the operating system that is the switching process target in the first processor is the second processor system. It becomes possible to migrate to the processor and execute it.
- the upper privilege mode of the second processor can be used as a secure mode for executing the secure program.
- the operating system switching processing function that ensures the system reliability and the security protection using the secure program Functions can coexist.
- Block diagram showing program modules operating on multiprocessor LSI 110 Flowchart of processing performed by second processor 102 in hypervisor call processing Flowchart of processing performed by first processor 101 in hypervisor call processing Flowchart of processing performed by first processor 101 in hypervisor call termination processing Flowchart of processing performed by second processor 102 in hypervisor call termination processing
- Block diagram showing program modules operating on multiprocessor LSI 110 A flowchart of processing performed by the second processor 102 in undefined interrupt processing
- a flowchart of processing performed by the second processor 102 in the modified hypervisor call processing A flowchart of processing performed by the first processor 101 in the modified hypervisor call processing
- Block diagram showing program modules operating on multiprocessor LSI 110 A flowchart of processing performed by the first processor 101 in the secure function call processing A flowchart of processing performed by the second processor 102
- the first processor and the second processor each have two privilege modes: a supervisor mode and a hypervisor / secure mode higher than the supervisor mode.
- the hypervisor / secure mode of the first processor is used to execute a hypervisor that causes the processor to execute an operating system switching process executed in the supervisor mode. For this reason, the secure program for realizing the secure function is not executed in the hypervisor / secure mode of the first processor.
- the hypervisor / secure mode of the second processor is not used for executing the hypervisor but is used for executing the secure program. For this reason, the hypervisor is not executed in the hypervisor / secure mode of the second processor.
- this virtual machine system has a function of decrypting a digital work that has been encrypted using an encryption key that should be kept secret from the user who uses the virtual machine system.
- FIG. 1 is a block diagram showing the main hardware configuration of the virtual machine system 100.
- the virtual computer system 100 is a computer device as hardware, and includes a multiprocessor LSI (Large Scale Integration) 110, a hard disk device 128, an output device 127, and an input device 126.
- LSI Large Scale Integration
- the multiprocessor LSI 110 includes a first processor 101, a second processor 102, an interrupt controller 103, a ROM (Read Only Memory) 104, a RAM (Random Access Memory) 105, a first interface 106, a second interface 107, and a third interface 108. , A timer 109, and an internal bus 120, which are connected to an input device 126, an output device 127, and a hard disk device 128.
- the first processor 101 and the second processor 102 are processors of the same type, and are connected to the internal bus 120 and the interrupt controller 103, respectively, and execute programs stored in the ROM 104 or RAM 105.
- the ROM 104, the RAM 105, the timer 109, the input device 126, the output device 127, and the hard disk device 128 are controlled to realize various functions.
- FIG. 2 is an operation mode diagram showing operation modes included in the first processor 101 and the second processor 102.
- the first processor 101 and the second processor 102 include a user mode 230 for executing an application program, a lower privilege mode (hereinafter referred to as “supervisor mode”) 220, and a supervisor mode 220. And a higher privilege mode (hereinafter referred to as “hypervisor / secure mode”) 210.
- the first processor 101 executes an application program (task A 231, task K 232, task L 233, etc. in the figure) in the user mode 230, and executes an operating system (first OS 221, second OS 222 in the figure) in the supervisor mode 220,
- the hypervisor 211 is executed in the hypervisor / secure mode 210.
- the second processor 102 executes application programs (task M234, task N235, task Z236, etc. in the figure) in the user mode 230, and executes operating systems (third OS 223, fourth OS 224 in the figure) in the supervisor mode 220.
- the secure program 212 is executed in the hypervisor / secure mode 210.
- the secure program 212 is a program including processing codes related to decryption performed using the encryption key stored in the ROM 104.
- the first processor 101 can access the memory area storing the hypervisor 211, but is set so that it cannot access the memory area storing the secure program 212.
- the second processor 102 can access the memory area storing the secure program 212, but cannot access the memory area storing the hypervisor 211. Is set.
- the second processor 102 has a function of setting its own processor in a standby state by executing an instruction for setting its own processor in a standby state.
- the standby state of the processor is a state in which the operation is stopped and the next instruction is not executed until an interrupt is notified from the interrupt controller 103. This standby state is canceled when an interrupt is notified from the interrupt controller 103 to the processor.
- the second processor 102 is set to execute a program having a start address as an address stored in a resume pointer storage area 342 (described later).
- the interrupt controller 103 is connected to the internal bus 120, the first processor 101, and the second processor 102, and receives an interrupt request to the first processor 101 via the internal bus 120 and notifies the first processor 101 of the interrupt. And a function of receiving an interrupt request to the second processor 102 via the internal bus 120 and notifying the second processor 102 of the interrupt.
- the ROM 104 is connected to the internal bus 120 and stores a program that defines the operation of the first processor 101 and the second processor 102 and data used by the first processor 101 and the second processor 102.
- the storage area of the ROM 104 is shared by the first processor 101 and the second processor 102. However, in the ROM 104, an area that is accessed only by the second processor 102 in the hypervisor / secure mode is set, and data to be concealed from the user who uses the virtual computer system 100, such as encryption, is set in the area. An encryption key for decrypting the converted digital work is stored.
- the RAM 105 is connected to the internal bus 120 and stores a program that defines the operations of the first processor 101 and the second processor 102 and data used by the first processor 101 and the second processor 102.
- the storage area of the RAM 105 is shared by the first processor 101 and the second processor 102. However, the RAM 105 has an area that is accessed only by the first processor 101 in the hypervisor / secure mode, an area that is accessed only by the second processor 102 in the hypervisor / secure mode, and a hypervisor / secure mode or a supervisor mode. An area that is accessed only by the processor is set.
- the first interface 106, the second interface 107, and the third interface 108 are connected to the internal bus 120, respectively, and function to mediate the exchange of signals between the internal bus 120 and the input device 126, the internal bus 120 and the output. It has a function of mediating exchange of signals with the device 127 and a function of mediating exchange of signals between the internal bus 120 and the hard disk device 128.
- the timer 109 is connected to the internal bus 120 and is controlled by the first processor 101 or the second processor 102.
- the internal bus 120 is connected to and connected to the first processor 101, the second processor 102, the interrupt controller 103, the ROM 104, the RAM 105, the first interface 106, the second interface 107, the third interface 108, and the timer 109. It has a function of transmitting signals between circuits.
- the input device 126 includes a keyboard, a mouse, and the like, is connected to the first interface 106, is controlled by the first processor 101 or the second processor 102, accepts an operation command from a user through the keyboard, a mouse, and the like, and receives an accepted operation A function of sending a command to the first processor 101 or the second processor 102;
- the output device 127 incorporates a display, a speaker, and the like, is connected to the second interface 107, and is controlled by the first processor 101 or the second processor 102. It has a function to display and output.
- the hard disk device 128 includes a hard disk, is connected to the third interface 108, is controlled by the first processor 101 or the second processor 102, and has a function of writing data to the internal hard disk and data written to the internal hard disk And a function of reading out.
- the virtual machine system 100 described above realizes various functions by the first processor 101 or the second processor 102 executing programs stored in the ROM 104 and the RAM 105.
- FIG. 3 is a block diagram showing program modules (hereinafter simply referred to as “modules”) to be executed on the multiprocessor LSI 110 at a certain time t0.
- a module group 300 is a set of modules that are to be executed by either one of the first processor 101 and the second processor 102, and includes modules included in the module group 300.
- a corresponding program is stored in the storage areas of the ROM 104 and the RAM 105.
- the module group 301 on the first processor is a set of modules that are to be executed by the first processor 101.
- the module group 302 on the second processor is a set of modules to be executed by the second processor 102.
- the user mode module group 305 is a set of modules executed in the user mode of the processor.
- the supervisor mode module group 306 is a set of modules executed in the supervisor mode of the processor.
- the hypervisor / secure mode module group 307 is a set of modules executed in the hypervisor / secure mode of the processor.
- the application program is executed and controlled by the multitasking operating system executed in the supervisor mode and executed in the user mode.
- the operating system is executed and controlled by the hypervisor executed in the hypervisor / secure mode and executed in the supervisor mode.
- the application program can request the operating system to perform processing by calling an operating system calling routine prepared in advance. Further, the operating system can request the hypervisor for processing by calling a hypervisor call routine prepared in advance.
- Task A 311 to task B 312, task L 313, and task N 314 are modules that are executed in the user mode of the processor, respectively.
- the tasks A 311 to B 312 and the task L 313 are modules to be executed by the first processor 101
- the task N 314 is a module to be executed by the second processor 102. It is.
- the register storage area 343 is one of the storage areas of the RAM 105 for storing processor register values set so as to be accessible only to modules that are executed in a privileged mode equal to or higher than the supervisor mode of the processor. Part area.
- the resume pointer storage area 342 is a storage in the RAM 105 for storing a pointer indicating the start address of a module, which is set to be accessible only to modules that are executed in a privileged mode equal to or higher than the supervisor mode of the processor. This is a partial area.
- the restoration module 341 is a module executed in the supervisor mode of the second processor 102 and has a function of restoring the value stored in the register storage area 343 to the register of the second processor 102.
- the first OS 321, the second OS 322, and the third OS 323 are multitasking operating systems that operate independently of each other, and are each executed by a supervisor mode processor.
- the first OS 321 and the second OS 322 are operating systems to be executed by the first processor 101, respectively, and the third OS 323 is an operating system to be executed by the second processor 102.
- the first OS 321 performs execution control of the tasks A 311 to B 312, the second OS 322 performs execution control of the task L 313, and the third OS performs execution control of the task N 314.
- the third OS 323 includes a state saving module 331, an interrupt notification module 332, and a standby processing module 333 therein.
- the state saving module 331 calls a call routine of a hypervisor 351 (described later) by a request from a task whose execution is controlled by the OS including its own module.
- the execution of the task is stopped by the instruction immediately after the call of the call routine, and the register value of the processor in which the module is operating is saved in the register save area 343.
- the interrupt notification module 332 has a function of notifying the first processor 101 of an interrupt using the interrupt controller 103 when the state saving module 331 saves the register value in the register saving area 343. Have.
- the standby processing module 333 has a function of placing the second processor 102 in a standby state when the interrupt notification module 332 notifies the first processor 101 of an interrupt.
- the hypervisor 351 is a hypervisor that is executed in the first processor 101 in the hypervisor / supervisor mode, and has a function of performing control to execute a plurality of OSs in a time-sharing manner using the timer 109.
- the hypervisor 351 includes an OS switching module 352, an OS management module 353, and a context update module 354 inside.
- the OS management module 353 includes a first OS context storage area 361, a second OS context storage area 362, and a third OS context storage area 363 therein, and a function for storing the register value of the processor in these storage areas. And a function of reading a register value of the processor from the storage area.
- the first OS context storage area 361 is a partial area of the storage area of the RAM 105 for storing the register value when the processor to which the register value is stored is executing the first OS 321. It is set to be accessible only to modules that are running in the hypervisor / secure mode of the processor.
- the second OS context storage area 362 is a part of the storage area of the RAM 105 for storing the register value when the processor to which the register value is to be stored is executing the second OS 322. It is set to be accessible only to modules that are running in the hypervisor / secure mode of the processor.
- the third OS context storage area 363 is a part of the storage area of the RAM 105 for storing the register value when the processor that is the storage target of the register value is executing the third OS 323. It is set to be accessible only to modules that are running in the hypervisor / secure mode of the processor.
- the OS switching module 352 measures the time using a function that stores an operating system to be controlled for execution and the timer 109 so that the maximum time slice time becomes a predetermined time T1 (for example, 10 ms).
- T1 for example, 10 ms.
- the operation of the task and operating system operating on one processor 101 is stopped, and the OS management module 353 is used to save the value of the register of the first processor 101 in the corresponding OS context storage area. Is used to read a register value corresponding to another execution control target OS and restore the read register value to the register of the first processor 101 (time division execution control function).
- the OS switching module 352 terminates the hypervisor call routine that is requested to be called to the third OS 323 from a task that is controlled by the third OS 323.
- the execution of the third OS 323 and the task running on the first processor 101 is stopped, and the OS management module 353 is used to save the register value of the first processor 101 to the third OS context storage area 363 to call the hypervisor. It has a function of notifying the context update module 354 that the routine has ended.
- the context update module 354 reads the register value of the processor saved in the register save area 343, and uses the read register value as the OS management.
- a function for notifying the OS switching module 352 of a signal indicating that the third OS 323 is added to the execution control target OS, and a hypervisor call routine from the OS switching module 352 are stored in the third OS context storage area 363 using the module 353.
- the OS management module 353 When notified of the completion, the OS management module 353 is used to read the register value stored in the third OS context storage area 363, store the read register value in the register storage area 343, and resume pointer Restore to storage area 342 The start address of the module 341 is written, the interrupt controller 103 is used to notify the second processor 102 of a hypervisor call end interrupt (described later), and a signal that the third OS 323 is excluded from the execution target OS And a function of notifying the switching module 352.
- the secure module 370 is a module that is executed by the second processor 102 in the hypervisor / supervisor mode, and has a function of performing processing related to decryption using the encryption key stored in the ROM 104.
- ⁇ Hypervisor call processing> a task (in this case, task N314) whose execution is controlled by the operating system (here, the third OS 323) being executed by the second processor 102 is requested to call the hypervisor 351 call routine from the third OS 323.
- the execution of the third OS 323 in the second processor 102 is stopped, and instead, the first OS 101 is executed in the first processor 101 instead.
- This hypervisor call processing is executed jointly by the first processor 101 and the second processor 102.
- FIG. 4 is a flowchart of processing performed by the second processor 102 in the hypervisor call processing
- FIG. 5 is a flowchart of processing performed by the first processor 101 in the hypervisor call processing.
- the hypervisor call processing is started when the task N314 requests the third OS 323 to call the hypervisor 351 call routine.
- the state saving module 331 stops the execution of the task by the instruction immediately after the call of the call routine, and saves the register value of the second processor in the register saving area 343 (FIG. 4: Step S400).
- the interrupt notification module 332 notifies the first processor 101 of a hypervisor call interrupt using the interrupt controller 103 (step S410). ).
- This hypervisor call interrupt is an interrupt for notifying the first processor 101 that the call routine of the hypervisor 351 has been called in the second processor 102.
- the standby processing module 333 sets the second processor 102 in a standby state (step S420).
- step S420 the second processor 102 ends the processing performed by the second processor 102 in the hypervisor call processing.
- the context update module 354 reads the processor register value saved in the register save area 343, and reads the read register value.
- the OS management module 353 is used to store the information in the third OS context storage area 363 (step S510), and the OS switching module 352 is notified of a signal indicating that the third OS 323 is added to the execution control target OS.
- the OS switching module 352 adds the third OS 323 to the execution target OS (step S520).
- step S520 the first processor 101 ends the process performed by the first processor 101 in the hypervisor call process, and the hypervisor call process ends.
- the third OS 323 operating on the second processor 102 starts operating on the first processor 101. Therefore, the third OS 323 can execute a call routine of the hypervisor 351.
- the hypervisor call termination processing is performed when the operating system (here, the third OS 323) that is the execution target of the first processor 101 by the hypervisor call processing is executed by the first processor 101, and the processing of the call routine of the hypervisor 351 is completed. Will start when you do.
- This hypervisor call termination processing is processing for stopping the third OS 323 being executed by the first processor 101 and causing the second processor 102 to execute the stopped third OS 323, and is jointly performed by the first processor and the second processor. It is a process executed in
- FIG. 6 is a flowchart of a process performed by the first processor 101 in the hypervisor call end process
- FIG. 7 is a flowchart of a process performed by the second processor 102 in the hypervisor call end process.
- the OS switching module 352 displays the first processor 101.
- the operation of the task operating in the third OS 323 is stopped, the value of the register of the first processor 101 is saved in the third OS context storage area 363 in the OS management module 353, and the hypervisor call routine is terminated. , Notify the context update module 354.
- the context update module 354 reads the register value stored in the third OS context storage area 363 using the OS management module 353, and registers the read register value.
- Store in the storage area 343 step S600
- write the start address of the restoration module 341 to the restart pointer storage area 342 step S610
- use the interrupt controller 103 to notify the second processor 102 of the end of the hypervisor call.
- Step S620 and notifies the OS switching module 352 of a signal indicating that the third OS 323 is excluded from the execution target OS.
- the hypervisor call end interrupt is an interrupt for notifying the second processor 102 that processing corresponding to the hypervisor call interrupt has ended in the first processor 101.
- the OS switching module 352 excludes the third OS 323 from the execution target OS (step S630).
- step S630 ends, the first processor 101 ends the process performed by the first processor 101 in the hypervisor call end process.
- step S700 When the hypervisor call end interrupt is notified to the second processor 102 (FIG. 7: step S700), the second processor 102 releases the standby state of the own processor (step S710), and refers to the resume pointer storage area 342. Then, the restoration module 341 using the address stored in the resume pointer storage area 342 as the start address is executed (step S720).
- the restoration module 341 restores the value stored in the register storage area 343 to the register of the second processor 102 by being executed by the second processor 102 (step S730).
- step S730 the second processor 102 ends the process performed by the second processor 102 in the hypervisor call end process, and the hypervisor call end process ends.
- the second processor 102 does not need to execute the hypervisor 351 in the hypervisor / secure mode 210, and can execute the secure module 370 in the hypervisor / secure mode 210.
- ⁇ Embodiment 2> ⁇ Overview>
- a modified virtual machine system obtained by modifying a part of the virtual machine system 100 according to the first embodiment will be described as an embodiment of the virtual machine system according to the present invention.
- the modified virtual machine system according to the second embodiment has the same hardware configuration as that of the virtual machine system 100 according to the first embodiment, but a part of the program to be executed is the virtual machine according to the first embodiment. Different from the computer system 100.
- the virtual computer system 100 according to the first embodiment is an example in which the number of operating systems to be executed by the second processor 102 is one, but in the modified virtual computer system according to the second embodiment, the first This is an example in which the number of operating systems to be executed by the two processors 102 is plural.
- the hardware configuration of the virtual machine system is the same as that of the virtual machine system 100 according to the first embodiment.
- FIG. 8 is a block diagram showing modules to be executed on the multiprocessor LSI 110 at a certain time t0.
- the module that operates on the multiprocessor LSI 110 in the modified virtual machine system has a fourth OS 824 added to the module that operates on the multiprocessor LSI 110 in the virtual computer system 100 according to the first embodiment, and the state save module 331 is in the state.
- the saving module 831 is transformed, the restoring module 341 is transformed into the third OS restoring module 841 and the fourth OS restoring module 842, and the register saving area 343 is changed to the third OS register saving area 843 and the fourth OS register saving area 844.
- the context update module 354 is transformed into the context update module 854, the OS management module 353 is transformed into the OS management module 853, and the OS switching module 352 is transformed into the OS switching module. It is deformed in Le 852.
- the hypervisor 351 is changed to the hypervisor as the context update module 354 is transformed into the context update module 854, the OS management module 353 is transformed into the OS management module 853, and the OS switching module 352 is transformed into the OS switching module 852.
- the state saving module 331 is changed to the state saving module 831
- the third OS 323 is changed to the third OS 823
- the fourth OS 824 is added, the execution is controlled by the fourth OS 824. Tasks X815 to Y816 are added.
- the third OS register storage area 843 is a storage in the RAM 105 for storing processor register values that are set to be accessible only to modules that are executed in a privileged mode equal to or higher than the supervisor mode of the processor. This is an area for storing a register value when the target processor is executing the third OS 823 among a part of the area.
- the fourth OS register storage area 844 is a storage in the RAM 105 for storing processor register values that are set to be accessible only to modules that are executed in a privileged mode equal to or higher than the supervisor mode of the processor. This is an area for storing a register value when the target processor is executing the fourth OS 824 among a part of the area.
- the third OS restoration module 841 is a module executed in the supervisor mode of the second processor 102, and has a function of restoring the value stored in the third OS register storage area 843 to the register of the second processor 102. .
- the fourth OS restoration module 842 is a module executed in the supervisor mode of the second processor 102 and has a function of restoring the value stored in the fourth OS register storage area 844 to the register of the second processor 102. .
- the fourth OS 824 is a multitasking operating system that operates independently of other operating systems, and is executed in the supervisor mode of the processor.
- the fourth OS 824 controls the execution of the task X 815 to the task Y 816, and includes a state saving module 836, an interrupt notification module 837, and a standby processing module 838.
- the execution of the fourth OS 824 is suspended, and the register value of the second processor 102 at the time when the execution of the fourth OS 824 was previously stopped is stored in the fourth OS register storage area 844. It shall be.
- the state saving module 831 is a modification of the state saving module 331 according to the first embodiment, and has the following two additional functions in addition to the function of the state saving module 331.
- Additional function 1 When an OS including its own module is executed by the second processor 102, an interrupt to the second processor 102 for an OS other than the OS including its own module (hereinafter referred to as "undefined interrupt"). Is notified, the operation of the task whose execution is controlled by the OS including the own module is stopped, and the register value of the processor in which the own module is operating is stored in the register storage area corresponding to the OS including the own module. The function to evacuate.
- Additional function 2 When an OS including its own module is executed by the second processor 102, when a secure function call interrupt (described later) is notified, the task whose execution is controlled by the OS including its own module A function that stops the operation and saves the value of the register of the processor in which the module is operating in a register storage area corresponding to the OS including the module.
- a secure function call interrupt described later
- the status saving module 836, the interrupt notification module 837, and the standby processing module 838 are modules having the same functions as the status saving module 831, the interrupt notification module 332, and the standby processing module 333, respectively.
- the OS management module 853 is a modification of the OS management module 353 according to the first embodiment, and a fourth OS context storage area 864 is added.
- the following 2 Has two additional functions.
- the fourth OS context storage area 864 is a part of the storage area of the RAM 105 for storing the register value when the processor that is the register value storage target is executing the fourth OS 824.
- the module is set to be accessible only to the module that is executed in the hypervisor / secure mode of the first processor.
- Additional function 1 A function of storing the register value of the processor in the fourth OS context storage area 864.
- Additional function 2 A function of reading the register value of the processor from the fourth OS context storage area 864.
- the OS switching module 852 is a modification of the OS switching module 352 according to the first embodiment, and has the following additional functions in addition to the functions of the OS switching module 352.
- the context update module 854 is a modification of the context update module 354 according to the first embodiment, and has the following four additional functions in addition to the functions of the context update module 354.
- Additional function 1 When an undefined interrupt occurrence interrupt (described later) is notified to the first processor 101, (1) the processor register value saved in the register saving area corresponding to the switching source OS is read, (2) The read register value is stored in the context storage area corresponding to the switching source OS using the OS management module 853, and (3) is stored in the context storage area corresponding to the switching destination OS using the OS management module 853. Read the saved register value, (4) store the read register value in the register saving area corresponding to the switching destination OS, and (5) write the start address of the restoration module of the switching destination OS in the restart pointer storage area 342 (6) Notifying the second processor 102 of an undefined interrupt response interrupt (described later) using the interrupt controller 103 That function.
- Additional function 2 When a modified hypervisor call interrupt (described later) is notified to the first processor 101, (1) the processor register value saved in the register storage area corresponding to the switching source OS is read, and (2 ) The read register value is stored in the context storage area corresponding to the switching source OS by using the OS management module 853. (3) A signal to the effect that the switching source OS is added to the execution control target OS is sent to the OS switching module. (4) Read the register value saved in the context storage area corresponding to the switching destination OS using the OS management module 853, and (5) Save the read register value to the register corresponding to the switching destination OS. (6) Write the start address of the restoration module of the switching destination OS in the restart pointer storage area 342, ) Using the interrupt controller 103, a function of notifying the deformation hypervisor response interrupt (described later) to the second processor 102.
- Additional function 3 When notified from the OS switching module 852 that the secure module has been called, (1) the OS management module 853 is used to read the register value stored in the context storage area of the corresponding OS (2) store the read register value in the corresponding OS register storage area, (3) write the start address of the OS restoration module corresponding to the resume pointer storage area 342, and (4) set the interrupt controller 103 to And a function of notifying the second processor 102 of a secure function call interrupt and (5) notifying the OS switching module 852 of a signal indicating that the corresponding OS is excluded from the execution target OS.
- Additional function 4 When a secure function response interrupt (described later) is notified to the first processor 101, (1) the processor register value saved in the register storage area corresponding to the switching source OS is read, (2 ) The read register value is stored in the context storage area corresponding to the switching source OS using the OS management module 853, and (3) the standby release interrupt is issued to the second processor 102 using the interrupt controller 103.
- Undefined interrupt processing is performed by the operating system (herein, the third OS 823) being executed by the second processor 102 when an interrupt to the operating system (in this case, the fourth OS 824) being stopped by the second processor 102 is notified. In this process, the processing is stopped, and instead, the second processor 102 restarts execution of the operating system whose execution is stopped.
- This undefined interrupt process is executed jointly by the first processor 101 and the second processor 102.
- FIG. 9 is a flowchart of processing performed by the second processor 102 in undefined interrupt processing
- FIG. 10 is a flowchart of processing performed by the first processor 101 in undefined interrupt processing.
- the undefined interrupt process is started when the second processor 102 is executing the third OS 823 and the second processor 102 is notified of an interrupt to the fourth OS 824 that is suspended.
- the state saving module 831 stops the operation of the task N314 executed by the third OS 823, and sets the register value of the second processor 102 for the third OS.
- the data is saved in the register storage area 843 (FIG. 9: Step S900).
- the interrupt notification module 332 uses the interrupt controller 103 to interrupt the first processor 101 with an undefined interrupt occurrence interrupt. Is notified (step S910).
- the undefined interrupt occurrence interrupt is an interrupt for causing the first processor 101 to notify the second processor 102 that an undefined interrupt has been notified.
- the standby processing module 333 sets the second processor 102 in a standby state (step S920).
- the context update module 854 reads the processor register value saved in the third OS register saving area 843.
- the read register value is stored in the third OS context storage area 363 by using the OS management module 853 (step S1010).
- the context update module 854 reads the register value stored in the fourth OS context storage area 864 using the OS management module 853, and stores the read register value in the fourth OS register save.
- the data is stored in the area 844 (step S1020), and the start address of the fourth OS restoration module 842 is written in the restart pointer storage area 342 (step S1030).
- step S1030 the context update module 854 notifies the second processor 102 of an undefined interrupt response interrupt using the interrupt controller 103 (step S1040).
- the undefined interrupt response interrupt is an interrupt for notifying the second processor 102 that the processing corresponding to the undefined interrupt occurrence interrupt has been completed in the first processor 101.
- step S1040 ends, the first processor 101 ends the process performed by the first processor 101 in the undefined interrupt process.
- Step S930: Yes When the undefined interrupt response interrupt is notified to the second processor 102 in the standby state (FIG. 9: Step S930: Yes), the second processor 102 releases the standby state of the own processor (Step S940) and resumes.
- the fourth OS restoration module 842 is executed with the address stored in the restart pointer storage area 342 as the start address (step S950).
- the fourth OS restoration module 842 is executed by the second processor 102 to restore the value stored in the fourth OS register storage area 844 to the register of the second processor 102 (step S960).
- step S960 the second processor 102 ends the processing performed by the second processor 102 in the undefined interrupt processing, and the undefined interrupt processing ends.
- the execution of the above-described undefined interrupt process causes the fourth OS 824 that has been suspended to resume execution on the second processor 102. Therefore, the fourth OS 824 can process the interrupt notified during the stop period.
- the modified hypervisor call processing is executed and controlled by the operating system (herein, the third OS 823) being executed by the second processor 102 when there is an operating system (herein, the fourth OS 824) being stopped by the second processor 102.
- the call of the call routine of the hypervisor 851 is requested to the operating system being executed from the task being executed (task N314 here)
- the execution of the operating system being executed by the second processor 102 is stopped, instead In this process, the first processor 101 executes the operating system that was being executed, and the second processor 102 restarts the execution of the operating system whose execution has been stopped by the second processor 102.
- This modified hypervisor call process is executed jointly by the first processor 101 and the second processor 102.
- FIG. 11 is a flowchart of processing performed by the second processor 102 in the modified hypervisor call processing
- FIG. 12 is a flowchart of processing performed by the first processor 101 in the modified hypervisor call processing.
- the modified hypervisor call process is started when the task N314 requests the third OS 823 to call the call routine of the hypervisor 851 when the fourth OS 824 is stopped by the second processor 102.
- the state saving module 831 stops the execution of the task by the instruction immediately after the call of the call routine, and saves the register value of the second processor 102 in the third OS register saving area 843. (FIG. 11: Step S1100).
- the interrupt notification module 332 notifies the first processor 101 of the modified hypervisor call interrupt using the interrupt controller 103. (Step S1110).
- This modified hypervisor call interrupt is to notify the first processor 101 that the call routine of the hypervisor 851 has been called in the second processor 102 when there is an operating system whose execution is suspended in the second processor 102. Interrupt.
- the standby processing module 333 sets the second processor 102 in a standby state (step S1120).
- step S1130 repeats No.
- the context update module 854 reads and reads the processor register value saved in the third OS register saving area 843.
- the register value is stored in the third OS context storage area 363 using the OS management module 853 (step S1210), and a signal to the effect that the third OS 823 is added to the execution control target OS is notified to the OS switching module 852.
- the OS switching module 852 When the OS switching module 852 is notified of the signal indicating that the third OS 823 is added to the execution control target OS, the OS switching module 852 adds the third OS 323 to the execution target OS (step S1220).
- the context update module 854 reads the register value stored in the fourth OS context storage area 864 using the OS management module 853, and stores the read register value in the fourth OS register save.
- the data is stored in the area 844 (step S1230), and the start address of the fourth OS restoration module 842 is written in the restart pointer storage area 342 (step S1240).
- step S1240 the context update module 854 notifies the second processor 102 of the modified hypervisor call end interrupt using the interrupt controller 103 (step S1250).
- the modified hypervisor call end interrupt is an interrupt for notifying the second processor 102 that the processing corresponding to the modified hypervisor call interrupt has been completed in the first processor 101.
- step S1250 the first processor 101 ends the processing performed by the first processor 101 in the modified hypervisor call processing.
- Step S1130 Yes
- the second processor 102 releases the standby state of the own processor (Step S1140), and the resume pointer Referring to the storage area 342, the fourth OS restoration module 842 is executed with the address stored in the restart pointer storage area 342 as the start address (step S1150).
- the fourth OS restoration module 842 is executed by the second processor 102 to restore the value stored in the fourth OS register storage area 844 to the register of the second processor 102 (step S1160).
- step S1160 the second processor 102 ends the process performed by the second processor 102 in the modified hypervisor call process, and the modified hypervisor call process ends.
- the third hypervisor 823 operating on the second processor 102 operates on the first processor 101 by executing the above-described modified hypervisor call processing. Therefore, the third OS 823 can execute the calling routine of the hypervisor 851.
- FIG. 13 is a block diagram showing modules to be executed on the multiprocessor LSI 110 at a certain time t1.
- the difference from the module (see FIG. 8) that is to be executed on the multiprocessor LSI 110 at time t0 is that the fourth OS 824 is a time-sharing execution target operating system in the first processor, and the fourth OS 824.
- the task whose execution is controlled by is only the task X815.
- the secure function calling process is a routine for calling the secure module 370 to the operating system being executed from the task (here, task X815) whose execution is controlled by the operating system (here, the fourth OS 824) being executed by the first processor 101. Is called, the execution of the operating system being executed by the first processor 101 is stopped, and the stopped operating system is executed by the second processor 102.
- This secure function call process is executed jointly by the first processor 101 and the second processor 102.
- FIG. 14 is a flowchart of a process performed by the first processor 101 in the secure function call process
- FIG. 15 is a flowchart of a process performed by the second processor 102 in the secure function call process.
- the secure function call process is started when the fourth OS 824 is being executed by the first processor 101, and the task X 815 requests the fourth OS 824 to call the call routine of the secure module 370.
- the OS switching module 852 stops the execution of the task X 815 and the fourth OS 824 with the instruction immediately after the calling of the calling routine, and causes the OS management module 853 to register the register of the first processor 101. Is saved in the fourth OS context storage area 864 (step S1400), and the context update module 854 is notified that the secure module has been called.
- the context update module 854 When notified that the secure module has been called, the context update module 854 reads the register value stored in the fourth OS context storage area 864 using the OS management module 853, and reads the read register value. Store in the 4OS register storage area 844 (step S1410), write the start address of the fourth OS restoration module 842 in the resume pointer storage area 342 (step S1420), and use the interrupt controller 103 to write to the second processor 102 The secure function call interrupt is notified (step S1430).
- the secure function call interrupt is an interrupt for notifying the second processor 102 that the first processor 101 has called the secure module.
- the context update module 854 When the context update module 854 notifies the second processor 102 of the secure function call interrupt, the context update module 854 notifies the OS switching module 852 of a signal indicating that the fourth OS 824 is excluded from the execution target OS.
- the OS switching module 852 excludes the fourth OS 824 from the execution target OS (step S1440).
- the context update module 854 then waits until a secure function response interrupt (described later) is notified (step S1450: No is repeated).
- step S1500 When the secure function call interrupt is notified to the second processor 102 (FIG. 15: step S1500), the state saving module 831 stops the operation of the task under execution control and sets the value of the register of the second processor 102. Then, the data is saved in the third OS register saving area 843 (step S1510).
- the interrupt notification module 332 notifies the first processor 101 of a secure function response interrupt using the interrupt controller 103. (Step S1520).
- the secure function response interrupt is an interrupt for notifying the first processor 101 that the processing corresponding to the secure function call interrupt has been completed in the second processor 102.
- the standby processing module 333 sets the second processor 102 in a standby state (step S1530).
- the context update module 854 reads the processor register value saved in the third OS register saving area 843, Using the OS management module 853, the read register value is stored in the third OS context storage area 363 (step S1460).
- the context update module 854 After storing the read register value in the third OS context storage area 363, the context update module 854 notifies the second processor 102 of a standby release interrupt using the interrupt controller 103 (step S1470).
- This standby release interrupt is an interrupt for notifying the second processor 102 that the standby state is released.
- step S1470 the first processor 101 ends the processing performed by the first processor 101 in the secure function call processing.
- Step S1540 When the standby release interrupt is notified to the second processor 102 (FIG. 15: Step S1540: Yes), the second processor 102 releases the standby state of the own processor (Step S1550), and refers to the resume pointer storage area 342. Then, the fourth OS restoration module 842 with the address stored in the resume pointer storage area 342 as the start address is executed (step S1560).
- the fourth OS restoration module 842 is executed by the second processor 102 to restore the value stored in the fourth OS register storage area 844 to the register of the second processor 102 (step S1570).
- step S1570 the second processor 102 ends the process performed by the second processor 102 in the secure function call process, and the secure function call process ends.
- the fourth OS operating on the first processor 101 operates on the second processor 102. Therefore, the fourth OS 824 can execute the secure module 370.
- the undefined interrupt processing described above is to stop the execution of the third OS 823 being executed by the second processor 102 and to execute the fourth OS 824 that has been stopped to execute by the second processor 102. This was started when an interrupt to the fourth OS 824 is notified.
- the state saving module 831 of the third OS 823 and the state saving module 836 of the fourth OS 824 each use the timer 109 and perform processing similar to the undefined interrupt processing every predetermined time T2 (for example, 10 ms). If the process is started, the third OS 823 and the fourth OS 824 can be switched and executed on the second processor 102 at a period of a predetermined time T2 (for example, 10 ms).
- the second processor 102 does not need to execute the hypervisor 851 in the hypervisor / secure mode 210, and can execute the secure module 370 in the hypervisor / secure mode 210.
- the example of the two virtual computer systems has been described in the first embodiment and the second embodiment. However, it can be modified as follows. Of course, the present invention is not limited to the virtual machine system as shown in the above-described embodiment. (1) Although an example in which the virtual machine system 100 includes two processors has been described in the first embodiment, the virtual computer system 100 includes at least one processor that executes a hypervisor and at least one processor that executes a secure module. Thus, the number of processors is not necessarily limited to two.
- the number of processors may be 3, 5, 10, or the like.
- the number of operating systems subject to the switching execution control processing by the hypervisor 351 in the first processor 101 is two has been described as an example, but the switching execution control processing target by the hypervisor 351 is to be processed. If possible, the number of operating systems is not necessarily limited to two. For example, the number of operating systems may be 3, 5, 10, or the like.
- the case where the number of operating systems to be executed in the second processor 102 is two has been described as an example. However, if the number of operating systems can be the execution target of the second processor 102, the number of operating systems is The number is not necessarily limited to two. For example, the number of operating systems may be 3, 5, 10, or the like.
- the first processor 101, the second processor 102, the interrupt controller 103, the ROM 104, the RAM 105, the first interface 106, the second interface 107, the third interface 108, and the timer 109 are one.
- each circuit is not necessarily integrated in one LSI, and if the function realized by the multiprocessor LSI 110 can be realized, it is not necessarily 1 There is no need to be integrated in one LSI.
- each circuit may be integrated in different integrated circuits.
- the example of saving or restoring the execution state using the register value of the processor when switching the operating system has been described.
- the case where the first processor 101 and the second processor 102 are each configured to include two privileged modes has been described as an example, but if each includes at least two privileged modes, The number of privileged modes is not necessarily limited to two.
- one of the first processor 101 and the second processor 102 may have three privileged modes.
- the restoration module 341 is provided outside the operating system has been described as an example. However, when the standby state is released in the second processor 102, the restoration module 341 The restoration module 341 is not necessarily provided outside the operating system as long as it can be executed by the second processor 102. For example, the restoration module 341 is provided inside the third OS 323. It doesn't matter.
- the register storage area 343 is provided outside the operating system has been described as an example. However, if it can be accessed from the context update module 354, the register storage area 343 is not necessarily provided. Need not be provided outside the operating system.
- the register storage area 343 may be provided inside the third OS 323.
- the secure program has a function of performing a process related to decryption using the encryption key stored in the ROM 104 has been described as an example. If it has a function related to processing that should be concealed, it is not necessarily limited to a function that performs processing related to decryption using the encryption key stored in the ROM 104. For example, a password of a credit card It may have a function related to the process of managing.
- the example in which the virtual machine system 100 includes the hard disk device 128 has been described. However, if the virtual computer system 100 includes a large-capacity external storage device, the hard disk device 128 is not necessarily provided. For example, a configuration including a large-capacity flash memory may be used. (9)
- the configuration of the virtual machine system according to an embodiment of the present invention, modifications thereof, and each effect will be described.
- a virtual computer system is a virtual computer system including a memory, a first processor and a second processor connected to the memory, and the first processor and the second processor. Each has a lower privilege mode and an upper privilege mode higher than the lower privilege mode, and the memory has an execution state storage area for storing execution state information relating to the execution state of the processor, and the virtual
- the computer system is an operating system that is executed in the lower privilege mode on a processor and a hypervisor that is executed in the upper privilege mode on the first processor. Is executed by saving and restoring execution state information in the execution state storage area.
- a hypervisor for notifying the second processor using the execution state information saved in the execution state storage area, and a restoration program executed in the lower privilege mode on the second processor.
- a restoration program for causing the second processor that has received the restoration notification to restore the execution state information stored in the execution state storage area as the execution state information of the second processor.
- the operating system that is the target of the switching process in the first processor, even if the hypervisor is not executed in the higher privilege mode in the second processor. It becomes possible to migrate to two processors and execute.
- the upper privilege mode of the second processor can be used as a secure mode for executing the secure program.
- the operating system switching processing function that ensures the system reliability and the security protection using the secure program Functions can coexist.
- FIG. 17 is a schematic configuration diagram of a virtual machine system 1700 in the above modification.
- the virtual machine system 1700 includes a first processor 1701, a second processor 1702, and a memory 1703.
- the memory 1703 has an execution state storage area 1711, and an operating system 1712, a hypervisor 1713, and a restoration program 1714 are loaded.
- the first processor 1701 is connected to the memory 1703 and has a lower privilege mode and an upper privilege mode higher than the lower privilege mode.
- the first processor 1701 is realized as the first processor 101 (see FIG. 1) in the first embodiment.
- the second processor 1702 is connected to the memory 1703 and has a lower privilege mode and an upper privilege mode higher than the lower privilege mode.
- the second processor 1702 is realized as the second processor 102 (see FIG. 1) in the first embodiment.
- the memory 1703 is connected to the first processor 1701 and the second processor 1702.
- the memory 1703 is realized as the ROM 104 and the RAM 105 (see FIG. 1) in the first embodiment.
- the execution state storage area 1711 is an area for holding execution state information regarding the execution state of the processor.
- the execution state storage area 1711 is realized as the register storage area 343, the first OS context storage area 361, the second OS context storage area 362, and the third OS context storage area 363 (see FIG. 3) in the first embodiment. .
- the operating system 1712 is an operating system executed in the lower privilege mode.
- the operating system 1712 is realized as the first OS 321, the second OS 322, the third OS 323 (see FIG. 3), or the like in the first embodiment.
- the hypervisor 1713 is a hypervisor that is executed in the higher privilege mode on the first processor 1701.
- the hypervisor 1713 performs operating system switching execution control processing on the first processor 1701, and saves and restores execution state information to the execution state storage area 1711.
- This is a hypervisor for performing a restoration notification to the second processor 1702 using the execution state information saved in the execution state storage area 1711.
- the hypervisor 1713 is realized as the hypervisor 351 (see FIG. 3) in the first embodiment.
- the restoration program 1714 is a program executed in the lower privilege mode on the second processor 1702, and the second processor 1702 that has received the restoration notice sends the execution state information stored in the execution state storage area 1711 to the second processor 1702. It is a program for restoring as execution state information.
- the restoration program 1714 is realized as the restoration module 341 in the first embodiment.
- the execution state storage area is inaccessible in the lower privilege mode from the first processor and the second processor, and is accessible in the upper privilege mode from the first processor.
- the hypervisor is configured to save and restore the execution state information to be executed by the processor.
- the two processors may include a standby state setting unit for saving the execution state information of the second processor to the second execution state storage area and shifting to the standby state.
- the virtual machine system further includes an interrupt controller, and each of the plurality of operating systems further causes the first processor to execute the own operating system when the OS stop condition is satisfied.
- An interrupt notification unit for causing the second processor to notify the first processor of a copy notification interrupt via the interrupt controller when the OS restart condition is satisfied, and the hypervisor causes the first processor to When the copy notification interrupt is notified, the first processor may include a setting unit that sets the execution state information saved in the second execution state storage area in the first execution state storage area. .
- the operating system when the operating system being executed by the second processor needs to be executed by the first processor, the operating system can be executed by the first processor.
- the second execution state storage area includes an OS corresponding execution state storage area corresponding to each of the plurality of operating systems, and the hypervisor is performed when the processor change condition is satisfied,
- the execution state information is set in the second execution state storage area by setting the OS corresponding execution state storage area corresponding to the operating system corresponding to the execution state information to be set.
- Setting of execution state information in the second execution state storage area which is performed when an OS stop condition is satisfied, is set in the OS corresponding execution state storage area corresponding to the operating system corresponding to the execution state information to be set
- the setting unit performs the first execution state storage area to be performed when the copy notification interrupt is notified.
- Setting execution status information to the may be performed by setting the execution state information saved in the OS corresponding execution state storage region corresponding to the operating system corresponding to the execution status information to be set.
- the second processor may release the standby state and execute the restoration program.
- the restoration program is executed by the second processor even if the second processor is in a standby state.
- the memory has an address storage area that can be accessed from the processor in the lower privilege mode, and the hypervisor is stored in the first execution state storage area in the first processor.
- the first processor has an address setting unit for storing the execution start address of the restoration program in the address storage area, and the second processor The restoration program may be executed with reference to an address set in the address storage area.
- the second processor can execute the restoration program with reference to the address set in the address storage area.
- the restoration program may be implemented as a part of an operating system executed by the virtual machine system, and the restoration program storage area may be included in the operating system storage area.
- the restoration program storage area can be set in a part of the operating system storage area.
- the execution state information stored in the execution state area may be a register value.
- execution state information stored in the execution state area can be generated by reading the register value from the register.
- the present invention can be widely used for virtual machine systems having a plurality of processors.
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Mathematical Physics (AREA)
- Computer Security & Cryptography (AREA)
- Storage Device Security (AREA)
- Hardware Redundancy (AREA)
Abstract
Description
<概要>
以下、本発明に係る仮想計算機システムの一実施形態として、第1プロセッサと第2プロセッサとを備え、これらのプロセッサを用いて複数のオペレーティングシステムを実行する仮想計算機システムについて説明する。
図1は、仮想計算機システム100の主要なハードウエア構成を示すブロック図である。
図3は、ある時刻t0において、マルチプロセッサLSI110上で実行されるべきものとなるプログラムモジュール(以下、単に「モジュール」という。)を示すブロック図である。
ここでは、仮想計算機システム100の行う動作のうち、特徴的な動作である、ハイパバイザ呼出処理と、ハイパバイザ呼出終了処理とについて説明する。
ハイパバイザ呼出処理は、第2プロセッサ102で実行中のオペレーティングシステム(ここでは第3OS323)によって実行制御されているタスク(ここではタスクN314)から第3OS323に対してハイパバイザ351の呼び出しルーチンの呼び出しが依頼された場合に、第2プロセッサ102での第3OS323の実行を停止させ、代わりに、第1プロセッサ101で第3OS323を実行させるという処理である。
ハイパバイザ呼出終了処理は、ハイパバイザ呼出処理によって第1プロセッサ101の実行対象になったオペレーティングシステム(ここでは第3OS323)が第1プロセッサ101によって実行されている場合において、ハイパバイザ351の呼び出しルーチンの処理が終了したときに開始される。このハイパバイザ呼出終了処理は、第1プロセッサ101で実行中の第3OS323を停止させて、停止させた第3OS323を第2プロセッサ102に実行させる処理であって、第1プロセッサと第2プロセッサとによって共同で実行される処理である。
上述の仮想計算機システム100によれば、ハイパバイザ351を実行していない第2プロセッサ102でハイパバイザ351の呼び出しルーチンが呼び出されても、ハイパバイザ351を実行している第1プロセッサ101で、そのハイパバイザ呼び出しルーチンが実行されることとなる。
<実施の形態2>
<概要>
以下、本発明に係る仮想計算機システムの一実施形態として、実施の形態1における仮想計算機システム100の一部を変形した変形仮想計算機システムについて説明する。
仮想計算機システムのハードウエア構成は、実施の形態1の係る仮想計算機システム100のハードウエア構成と同一のものである。
図8は、ある時刻t0において、マルチプロセッサLSI110上で実行されるべきものとなるモジュールを示すブロック図である。
ここでは、仮想計算機システム100の行う動作のうち、特徴的な動作である、未定義割込処理と変形ハイパバイザ呼出処理とセキュア機能呼出処理とについて説明する。
未定義割込処理は、第2プロセッサ102で実行停止中のオペレーティングシステム(ここでは第4OS824)に対する割込みが通知された場合に、第2プロセッサ102で実行中のオペレーティングシステム(ここでは第3OS823)の処理を停止させ、代わりに実行停止中のオペレーティングシステムを第2プロセッサ102で実行を再開させるという処理である。
変形ハイパバイザ呼出処理は、第2プロセッサ102で実行停止中のオペレーティングシステム(ここでは第4OS824)が存在する場合において、第2プロセッサ102で実行中のオペレーティングシステム(ここでは第3OS823)によって実行制御されているタスク(ここではタスクN314)から実行中のオペレーティングシステムに対してハイパバイザ851の呼び出しルーチンの呼び出しが依頼されたときに、第2プロセッサ102での実行中のオペレーティングシステムの実行を停止させ、代わりに、第1プロセッサ101でその実行中だったオペレーティングシステムを実行させ、さらに、第2プロセッサ102で実行停止中のオペレーティングシステムの実行を第2プロセッサ102で再開させるという処理である。
図13は、ある時刻t1において、マルチプロセッサLSI110上で実行されるべきものとなるモジュールを示すブロック図である。
前述の未定義割込処理は、第2プロセッサ102で実行中の第3OS823を実行停止させ、第2プロセッサ102で実行停止中の第4OS824を実行させるものであり、第2プロセッサ102で実行停止中の第4OS824に対する割込みが通知されることによって開始されるものであった。これに対して、例えば、第3OS823の状態退避モジュール831と第4OS824の状態退避モジュール836とが、それぞれタイマ109を用いて所定時間T2(例えば、10ms)毎に未定義割込処理と同様の処理を開始するようにしておけば、第2プロセッサ102上で、所定時間T2(例えば、10ms)周期で、第3OS823と第4OS824とを切替えて実行させることができるようになる。
上述の変形仮想計算機システムによれば、第2プロセッサ102で実行停止中のオペレーティングシステムに対する割込みが発生しても、そのオペレーティングシステムを再開させることで、その割込みに対する処理が実行されることとなる。
<補足>
以上、本発明に係る仮想計算機システムの一実施形態として、実施の形態1、実施の形態2において、2つの仮想計算機システムの例について説明したが、以下のように変形することも可能であり、本発明は上述した実施の形態で示した通りの仮想計算機システムに限られないことはもちろんである。
(1)実施の形態1において、仮想計算機システム100が2つのプロセッサを備える場合の例について説明したが、ハイパバイザを実行する少なくとも1つのプロセッサと、セキュアモジュールを実行する少なくとも1つのプロセッサとを備えていれば、プロセッサの数は、必ずしも2つに限られることはなく、例えば、プロセッサの数は、3、5、10等であっても構わない。
(2)実施の形態1において、第1プロセッサ101においてハイパバイザ351による切り換え実行制御処理対象となるオペレーティングシステムの数が2つの場合を例として説明したが、ハイパバイザ351による切り換え実行制御処理対象になることができれば、オペレーティングシステムの数は、必ずしも2つに限られる必要はなく、例えば、オペレーティングシステムの数は、3、5、10等であっても構わない。
(3)実施の形態1において、第1プロセッサ101と第2プロセッサ102と割込コントローラ103とROM104とRAM105と第1インターフェース106と第2インターフェース107と第3インターフェース108とタイマ109とが、1つのマルチプロセッサLSI110に集積されている場合の例について説明したが、これらの回路が必ずしも1つのLSIに集積されている必要はなく、マルチプロセッサLSI110によって実現される機能を実現することができれば、必ずしも1つのLSIに集積されている必要はなく、例えば、各回路がそれぞれ互いに異なる集積回路に集積されている構成であっても構わない。
(4)実施の形態1において、第1プロセッサ101と第2プロセッサ102とが、それぞれ2つの特権モードを備える構成の場合を例として説明したが、それぞれ少なくとも2つの特権モードを備えていれば、必ずしも特権モードの数は2つに限られる必要はなく、例えば、第1プロセッサ101と第2プロセッサ102とのうち、一方が3つの特権モードを備える構成であっても構わない。
(5)実施の形態1において、復元モジュール341がオペレーティングシステムの外部に設けられている構成の場合を例として説明したが、第2プロセッサ102において待機状態が解除された場合に、復元モジュール341が第2プロセッサ102によって実行されることができれば、必ずしも復元モジュール341は、オペレーティングシステムの外部に設けられている必要はなく、例えば、復元モジュール341が第3OS323の内部に設けられている構成であっても構わない。
(6)実施の形態1において、レジスタ保存領域343がオペレーティングシステムの外部に設けられている構成の場合を例として説明したが、コンテクスト更新モジュール354からアクセスすることができれば、必ずしも、レジスタ保存領域343は、オペレーティングシステムの外部に設けられている必要はなく、例えば、レジスタ保存領域343が第3OS323の内部に設けられている構成であっても構わない。
(7)実施の形態1において、セキュアプログラムは、ROM104に記憶されている暗号キーを用いて行う復号に係る処理を行う機能を有するものである場合を例として説明したが、第3者に対して秘匿すべき処理に係る機能を有するものであれば、必ずしも、ROM104に記憶されている暗号キーを用いて行う復号に係る処理を行う機能に限られる必要はなく、例えば、クレジットカードの暗証番号を管理する処理に係る機能を有するものであっても構わない。
(8)実施の形態1において、仮想計算機システム100がハードディスク装置128を備えている場合の例について説明したが、大容量外部記憶装置を備えていれば、必ずしもハードディスク装置128を備えている必要はなく、例えば、大容量フラッシュメモリを備える構成であっても構わない。
(9)以下、さらに本発明の一実施形態に係る仮想計算機システムの構成及びその変形例と各効果について説明する。
110 マルチプロセッサLSI
101 第1プロセッサ
102 第2プロセッサ
103 割込コントローラ
104 ROM
105 RAM
109 タイマ
210 ハイパバイザ/セキュアモード
220 スーパバイザモード
230 ユーザモード
321 第1OS
322 第2OS
323 第3OS
331 状態退避モジュール
332 割込通知モジュール
333 待機処理モジュール
341 復元モジュール
342 再開ポインタ格納領域
343 レジスタ保存領域
351 ハイパバイザ
352 OS切替モジュール
353 OS管理モジュール
354 コンテクスト更新モジュール
361 第1OSコンテクスト記憶領域
362 第2OSコンテクスト記憶領域
363 第3OSコンテクスト記憶領域
370 セキュアモジュール
Claims (11)
- メモリと当該メモリに接続された第1プロセッサ及び第2プロセッサとを備える仮想計算機システムであって、
前記第1プロセッサと前記第2プロセッサとは、それぞれ、下位特権モードと、当該下位特権モードよりも上位の上位特権モードとを備え、
前記メモリは、
プロセッサの実行状態に関する実行状態情報を保存する実行状態保存領域を有し、
前記仮想計算機システムは、
プロセッサ上で前記下位特権モードで実行されるオペレーティングシステムと、
前記第1プロセッサ上で前記上位特権モードで実行されるハイパバイザであり、前記第1プロセッサに、オペレーティングシステムの切替実行制御処理を、前記実行状態保存領域への実行状態情報の退避及び復元により実行させ、前記実行状態保存領域に退避されている実行状態情報を用いて前記第2プロセッサへ復元通知を行うためのハイパバイザと、
前記第2プロセッサ上で前記下位特権モードで実行される復元プログラムであり、前記復元通知を受けた前記第2プロセッサに、前記実行状態保存領域に格納された実行状態情報を前記第2プロセッサの実行状態情報として復元させるための復元プログラムとを備える
ことを特徴とする仮想計算機システム。 - 前記実行状態保存領域は、
前記第1プロセッサ及び前記第2プロセッサから前記下位特権モードではアクセス不能であり、前記第1プロセッサから前記上位特権モードでアクセス可能である第1実行状態保存領域と、
前記第2プロセッサから前記下位特権モードでアクセス可能である第2実行状態保存領域とを有し、
前記ハイパバイザは、プロセッサに実行させる前記実行状態情報の退避及び復元に前記第1実行状態保存領域を用いて実行させ、実行停止中のオペレーティングシステムを前記第2プロセッサで実行させるためのプロセッサ変更条件が成立する場合に、当該実行停止中のオペレーティングシステムに対して前記第1実行状態保存領域に退避されている実行状態情報を前記第2実行状態保存領域に設定し、
前記復元プログラムは、前記第2実行状態保存領域に格納された実行状態情報を前記第2のプロセッサの実行状態情報として復元させる
ことを特徴とする請求項1記載の仮想計算機システム。 - 前記ハイパバイザは、前記第1プロセッサの実行対象命令群の中に、前記第2プロセッサの前記上位特権モードで実行される必要のある処理を呼び出す部分が含まれている場合に、前記第1プロセッサで実行中のオペレーティングシステムを停止させる実行停止部を含み、
前記プロセッサ変更条件は、前記実行停止部によって、前記第1プロセッサで実行中のオペレーティングシステムが停止させられたことである
ことを特徴とする請求項2記載の仮想計算機システム。 - 前記オペレーティングシステムは複数であって、
前記複数のオペレーティングシステムのそれぞれは、前記第2プロセッサで実行中の自オペレーティングシステムを停止させるためのOS停止条件が成立する場合に、前記第2プロセッサに、前記第2プロセッサの実行状態情報を前記第2実行状態保存領域に退避させた上で待機状態へ移行させるための待機状態設定部を含む
ことを特徴とする請求項3記載の仮想計算機システム。 - 前記仮想計算機システムは、さらに、割込みコントローラを備え、
前記複数のオペレーティングシステムのそれぞれは、前記OS停止条件が成立する場合において、さらに自オペレーティングシステムを前記第1プロセッサで実行させるためのOS再開条件が成立するときに、前記第2プロセッサに、前記割込みコントローラを介して前記第1プロセッサへ複写通知割込みを通知させるための割込み通知部を含み、
前記ハイパバイザは、前記第1プロセッサに前記複写通知割込みが通知された場合に、前記第1プロセッサに、前記第2実行状態保存領域に退避されている実行状態情報を前記第1実行状態保存領域に設定させる設定部を含む
ことを特徴とする請求項4記載の仮想計算機システム。 - 前記第2実行状態保存領域は、前記複数のオペレーティングシステムのそれぞれに対応するOS対応実行状態保存領域をそれぞれ含み、
前記ハイパバイザは、前記プロセッサ変更条件が成立する場合に行う、前記第2実行状態保存領域への実行状態情報の設定を、設定対象となる実行状態情報に対応するオペレーティングシステムに対応するOS対応実行状態保存領域への設定により行い、
前記待機状態設定部は、前記OS停止条件が成立する場合に行う、前記第2実行状態保存領域への実行状態情報の設定を、設定対象となる実行状態情報に対応するオペレーティングシステムに対応するOS対応実行状態保存領域への設定により行い、
前記設定部は、前記複写通知割込みが通知された場合に行う、前記第1実行状態保存領域への実行状態情報の設定を、設定対象となる実行状態情報に対応するオペレーティングシステムに対応するOS対応実行状態保存領域に退避されている実行状態情報への設定により行う
ことを特徴とする請求項5記載の仮想計算機システム。 - 前記第2プロセッサは、待機状態において前記復元通知割込みが通知されると、待機状態を解除して、前記復元プログラムを実行する
ことを特徴とする請求項5記載の仮想計算機システム。 - 前記メモリは、プロセッサから前記下位特権モードでアクセス可能であるアドレス保存領域を有し、
前記ハイパバイザは、前記第1プロセッサに、第1実行状態保存領域に退避されている実行状態情報を前記第2実行状態保存領域に設定させる場合に、前記第1プロセッサに、前記復元プログラムの実行開始アドレスを前記アドレス保存領域に記憶させるためのアドレス設定部を有し、
前記第2プロセッサは、前記復元プログラムの実行を、前記アドレス保存領域に設定されているアドレスを参照して行う
ことを特徴とする請求項5記載の仮想計算機システム。 - 前記復元プログラムは、前記仮想計算機システムによって実行されるオペレーティングシステムの一部として実装され、
前記メモリにおいて前記復元プログラムが格納される領域は、前記オペレーティングシステムが格納される領域に含まれる
ことを特徴とする請求項5記載の仮想計算機システム。 - 前記実行状態領域に保存する実行状態情報はレジスタ値である
ことを特徴とする請求項1記載の仮想計算機システム。 - メモリと当該メモリに接続された第1プロセッサ及び第2プロセッサとを備える仮想計算機システムであって、前記第1プロセッサと前記第2プロセッサとは、それぞれ、下位特権モードと、当該下位特権モードよりも上位の上位特権モードとを備え、前記メモリは、プロセッサの実行状態に関する実行状態情報を保存する実行状態保存領域を備える仮想計算機システムを制御する仮想計算機システム制御方法であって、
前記第1プロセッサ上で前記上位特権モードで、前記第1プロセッサに、オペレーティングシステムの切替実行制御処理を、前記実行状態保存領域への実行状態情報の退避及び復元により実行させ、前記実行状態保存領域に退避されている実行状態情報を用いて前記第2プロセッサへ復元通知を行うハイパバイザステップと、
前記第2プロセッサ上で前記下位特権モードで、前記復元通知を受けた前記第2プロセッサに、前記実行状態保存領域に格納された実行状態情報を前記第2プロセッサの実行状態情報として復元させる復元ステップと
を含むことを特徴とする仮想計算機システム制御方法。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2012549599A JP5758914B2 (ja) | 2010-12-21 | 2011-09-07 | 仮想計算機システム及び仮想計算機システム制御方法 |
CN201180010418.5A CN102770846B (zh) | 2010-12-21 | 2011-09-07 | 虚拟计算机系统控制装置及虚拟计算机系统控制方法 |
US13/577,311 US8898666B2 (en) | 2010-12-21 | 2011-09-07 | Virtual machine system and virtual machine system control method for controlling program execution on a plurality of processors that have a plurality of privileged modes |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2010284490 | 2010-12-21 | ||
JP2010-284490 | 2010-12-21 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2012086106A1 true WO2012086106A1 (ja) | 2012-06-28 |
Family
ID=46313401
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2011/005019 WO2012086106A1 (ja) | 2010-12-21 | 2011-09-07 | 仮想計算機システム及び仮想計算機システム制御方法 |
Country Status (4)
Country | Link |
---|---|
US (1) | US8898666B2 (ja) |
JP (1) | JP5758914B2 (ja) |
CN (1) | CN102770846B (ja) |
WO (1) | WO2012086106A1 (ja) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2022052018A (ja) * | 2020-09-23 | 2022-04-04 | 株式会社東芝 | 情報処理装置 |
Families Citing this family (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8701189B2 (en) | 2008-01-31 | 2014-04-15 | Mcafee, Inc. | Method of and system for computer system denial-of-service protection |
US8694738B2 (en) | 2011-10-11 | 2014-04-08 | Mcafee, Inc. | System and method for critical address space protection in a hypervisor environment |
US9069586B2 (en) | 2011-10-13 | 2015-06-30 | Mcafee, Inc. | System and method for kernel rootkit protection in a hypervisor environment |
US8973144B2 (en) | 2011-10-13 | 2015-03-03 | Mcafee, Inc. | System and method for kernel rootkit protection in a hypervisor environment |
US9904564B2 (en) * | 2011-11-15 | 2018-02-27 | Red Hat Israel, Ltd. | Policy enforcement by hypervisor paravirtualized ring copying |
US9569223B2 (en) * | 2013-02-13 | 2017-02-14 | Red Hat Israel, Ltd. | Mixed shared/non-shared memory transport for virtual machines |
JP6081300B2 (ja) * | 2013-06-18 | 2017-02-15 | 株式会社東芝 | 情報処理装置及びプログラム |
JP6117068B2 (ja) * | 2013-09-20 | 2017-04-19 | 株式会社東芝 | 情報処理装置、およびプログラム |
JP6129702B2 (ja) * | 2013-09-24 | 2017-05-17 | 株式会社東芝 | 情報処理装置、情報処理システム、プログラム |
US10162663B2 (en) * | 2014-02-17 | 2018-12-25 | Hitachi, Ltd. | Computer and hypervisor-based resource scheduling method |
CN104216777B (zh) * | 2014-08-29 | 2017-09-08 | 宇龙计算机通信科技(深圳)有限公司 | 双系统电子装置及终端 |
US9703951B2 (en) | 2014-09-30 | 2017-07-11 | Amazon Technologies, Inc. | Allocation of shared system resources |
US9378363B1 (en) * | 2014-10-08 | 2016-06-28 | Amazon Technologies, Inc. | Noise injected virtual timer |
US9754103B1 (en) | 2014-10-08 | 2017-09-05 | Amazon Technologies, Inc. | Micro-architecturally delayed timer |
US9864636B1 (en) | 2014-12-10 | 2018-01-09 | Amazon Technologies, Inc. | Allocating processor resources based on a service-level agreement |
US9491112B1 (en) | 2014-12-10 | 2016-11-08 | Amazon Technologies, Inc. | Allocating processor resources based on a task identifier |
US9286105B1 (en) | 2015-03-16 | 2016-03-15 | AO Kaspersky Lab | System and method for facilitating joint operation of multiple hypervisors in a computer system |
US10372491B2 (en) * | 2015-03-23 | 2019-08-06 | Intel Corporation | Execution context migration method and apparatus |
US9904580B2 (en) | 2015-05-29 | 2018-02-27 | International Business Machines Corporation | Efficient critical thread scheduling for non-privileged thread requests |
US10243746B2 (en) | 2017-02-27 | 2019-03-26 | Red Hat, Inc. | Systems and methods for providing I/O state protections in a virtualized environment |
US10824725B2 (en) * | 2017-03-21 | 2020-11-03 | Mcafee, Llc | Automatic detection of software that performs unauthorized privilege escalation |
US10209977B2 (en) * | 2017-05-10 | 2019-02-19 | Oath Inc. | Device management system with a restore prevention utility |
EP3435270B1 (de) * | 2017-07-27 | 2020-09-23 | Siemens Aktiengesellschaft | Vorrichtung und verfahren zum kryptographisch geschützten betrieb einer virtuellen maschine |
US11362895B2 (en) * | 2020-02-10 | 2022-06-14 | Nokia Solutions And Networks Oy | Automatic configuration of an extended service appliance for network routers |
WO2024071947A1 (ko) * | 2022-09-27 | 2024-04-04 | 엘지전자 주식회사 | 신호 처리 장치 및 이를 구비하는 차량용 디스플레이 장치 |
WO2024071942A1 (ko) * | 2022-09-27 | 2024-04-04 | 엘지전자 주식회사 | 신호 처리 장치 및 이를 구비하는 차량용 디스플레이 장치 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH04213733A (ja) * | 1990-12-12 | 1992-08-04 | Nec Corp | 仮想プロセッサ方式 |
JP2004234114A (ja) * | 2003-01-28 | 2004-08-19 | Toshiba Corp | 計算機システム、計算機装置、オペレーティングシステムの移送方法及びプログラム |
JP2006099333A (ja) * | 2004-09-29 | 2006-04-13 | Sony Corp | 情報処理装置、プロセス制御方法、並びにコンピュータ・プログラム |
JP2009514104A (ja) * | 2005-10-25 | 2009-04-02 | セキュア64・ソフトウェア・コーポレイション | セキュアな仮想マシンモニタ |
Family Cites Families (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2232010B1 (ja) | 1973-05-31 | 1978-05-05 | Honeywell Inf Systems | |
US6496847B1 (en) * | 1998-05-15 | 2002-12-17 | Vmware, Inc. | System and method for virtualizing computer systems |
JP4072271B2 (ja) * | 1999-02-19 | 2008-04-09 | 株式会社日立製作所 | 複数のオペレーティングシステムを実行する計算機 |
US7073059B2 (en) | 2001-06-08 | 2006-07-04 | Hewlett-Packard Development Company, L.P. | Secure machine platform that interfaces to operating systems and customized control programs |
US7503049B2 (en) * | 2003-05-29 | 2009-03-10 | Panasonic Corporation | Information processing apparatus operable to switch operating systems |
US7788487B2 (en) * | 2003-11-28 | 2010-08-31 | Panasonic Corporation | Data processing apparatus |
JP4345630B2 (ja) * | 2004-09-29 | 2009-10-14 | ソニー株式会社 | 情報処理装置、割り込み処理制御方法、並びにコンピュータ・プログラム |
US7904903B2 (en) * | 2005-06-30 | 2011-03-08 | Intel Corporation | Selective register save and restore upon context switch using trap |
US20070106986A1 (en) | 2005-10-25 | 2007-05-10 | Worley William S Jr | Secure virtual-machine monitor |
US7434003B2 (en) * | 2005-11-15 | 2008-10-07 | Microsoft Corporation | Efficient operating system operation on a hypervisor |
JP3976065B2 (ja) * | 2006-01-16 | 2007-09-12 | セイコーエプソン株式会社 | マルチプロセッサシステム及びマルチプロセッサシステムの割込み制御方法をコンピュータに実行させるためのプログラム |
JP4033215B2 (ja) * | 2006-01-31 | 2008-01-16 | セイコーエプソン株式会社 | マルチプロセッサシステム及びマルチプロセッサシステムの制御方法をコンピュータに実行させるためのプログラム |
US8296775B2 (en) * | 2007-01-31 | 2012-10-23 | Microsoft Corporation | Efficient context switching of virtual processors by managing physical register states in a virtualized environment |
JP4938080B2 (ja) * | 2007-06-12 | 2012-05-23 | パナソニック株式会社 | マルチプロセッサ制御装置、マルチプロセッサ制御方法及びマルチプロセッサ制御回路 |
US7996663B2 (en) * | 2007-12-27 | 2011-08-09 | Intel Corporation | Saving and restoring architectural state for processor cores |
CN101689127B (zh) * | 2008-04-28 | 2013-10-09 | 松下电器产业株式会社 | 虚拟计算机控制装置、虚拟计算机控制方法及虚拟计算机控制程序 |
JP4871948B2 (ja) * | 2008-12-02 | 2012-02-08 | 株式会社日立製作所 | 仮想計算機システム、仮想計算機システムにおけるハイパバイザ、及び仮想計算機システムにおけるスケジューリング方法 |
US8219990B2 (en) * | 2009-05-28 | 2012-07-10 | Novell, Inc. | Techniques for managing virtual machine (VM) states |
US8413146B1 (en) * | 2010-11-05 | 2013-04-02 | Symantec Corporation | Hypervisor assisted single instance data access by multiple virtual machines |
-
2011
- 2011-09-07 US US13/577,311 patent/US8898666B2/en active Active
- 2011-09-07 JP JP2012549599A patent/JP5758914B2/ja active Active
- 2011-09-07 CN CN201180010418.5A patent/CN102770846B/zh active Active
- 2011-09-07 WO PCT/JP2011/005019 patent/WO2012086106A1/ja active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH04213733A (ja) * | 1990-12-12 | 1992-08-04 | Nec Corp | 仮想プロセッサ方式 |
JP2004234114A (ja) * | 2003-01-28 | 2004-08-19 | Toshiba Corp | 計算機システム、計算機装置、オペレーティングシステムの移送方法及びプログラム |
JP2006099333A (ja) * | 2004-09-29 | 2006-04-13 | Sony Corp | 情報処理装置、プロセス制御方法、並びにコンピュータ・プログラム |
JP2009514104A (ja) * | 2005-10-25 | 2009-04-02 | セキュア64・ソフトウェア・コーポレイション | セキュアな仮想マシンモニタ |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2022052018A (ja) * | 2020-09-23 | 2022-04-04 | 株式会社東芝 | 情報処理装置 |
JP7383589B2 (ja) | 2020-09-23 | 2023-11-20 | 株式会社東芝 | 情報処理装置 |
Also Published As
Publication number | Publication date |
---|---|
US8898666B2 (en) | 2014-11-25 |
JP5758914B2 (ja) | 2015-08-05 |
CN102770846B (zh) | 2016-08-31 |
CN102770846A (zh) | 2012-11-07 |
US20120331464A1 (en) | 2012-12-27 |
JPWO2012086106A1 (ja) | 2014-05-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5758914B2 (ja) | 仮想計算機システム及び仮想計算機システム制御方法 | |
EP3706361B1 (en) | Loading and virtualizing cryptographic keys | |
JP4345630B2 (ja) | 情報処理装置、割り込み処理制御方法、並びにコンピュータ・プログラム | |
WO2012147252A1 (ja) | 仮想計算機システム、仮想計算機制御方法、仮想計算機制御プログラム、及び半導体集積回路 | |
US10474494B2 (en) | Information processing apparatus, information processing method, and computer program product | |
CN109684030B (zh) | 虚拟机内存密钥生成装置、以及方法、加密方法和SoC系统 | |
EP3602290B1 (en) | Cooperative virtual processor scheduling | |
JPWO2012102002A1 (ja) | 仮想計算機システム、仮想計算機制御方法、仮想計算機制御プログラム、記録媒体、及び集積回路 | |
CN102428471A (zh) | 从系统管理模式确定信任级别的系统和方法 | |
TWI654561B (zh) | 用於控制時間密集的指令的資訊處理設備及方法 | |
CN109783207B (zh) | 保护双系统共享内存数据安全的方法及系统 | |
US7797473B2 (en) | System for executing system management interrupts and methods thereof | |
US8135960B2 (en) | Multiprocessor electronic circuit including a plurality of processors and electronic data processing system | |
EP2533131A1 (en) | Management of the interaction between security and operating system power management unit | |
US11726811B2 (en) | Parallel context switching for interrupt handling | |
WO2023144939A1 (ja) | コンピュータ、制御方法及び制御プログラム | |
Goel et al. | Android OS CASE STUDY | |
CN114868126A (zh) | 处理器处的管理程序安全事件处置 | |
JPS62276634A (ja) | 仮想計算機システム | |
JP2001014177A (ja) | 非同期データ入出力処理方法およびそのプログラム記録媒体 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201180010418.5 Country of ref document: CN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2012549599 Country of ref document: JP Ref document number: 13577311 Country of ref document: US |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 11851852 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 11851852 Country of ref document: EP Kind code of ref document: A1 |