WO2013189180A1 - Method and device for disabling interruption in virtualization system - Google Patents

Method and device for disabling interruption in virtualization system Download PDF

Info

Publication number
WO2013189180A1
WO2013189180A1 PCT/CN2013/070810 CN2013070810W WO2013189180A1 WO 2013189180 A1 WO2013189180 A1 WO 2013189180A1 CN 2013070810 W CN2013070810 W CN 2013070810W WO 2013189180 A1 WO2013189180 A1 WO 2013189180A1
Authority
WO
WIPO (PCT)
Prior art keywords
guest
interrupt flag
interrupt
interface
flag bit
Prior art date
Application number
PCT/CN2013/070810
Other languages
French (fr)
Chinese (zh)
Inventor
马彬
郑章孝
白云鹏
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2013189180A1 publication Critical patent/WO2013189180A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4812Task transfer initiation or dispatching by interrupt, e.g. masked
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45583Memory management, e.g. access or allocation

Definitions

  • OS operating system
  • the OS can directly shut down physical hardware interrupts.
  • the Hypervisor Once the real-time embedded virtualization component, the Hypervisor, is deployed, the distribution of the interrupt is managed by the Hypervisor, and the OS does not directly shut down the physical hardware interrupt.
  • multiple guest operating systems Guest OSs
  • CPU Central Processing Unit
  • a single Guest OS can not affect other Guest OSs on the same physical CPU when performing shutdown interrupts.
  • the operation which requires the Hypervisor to coordinate the processing of the shutdown interrupt.
  • a method for shutting down the interrupt provided by the prior art is: Hypervisor and Guest OS independently compile, link the image, and load the image into the memory through the bootloader (Hotvisor) and the image of the Guest OS.
  • the BootLoader starts the hypervisor, and the Hypervisor starts each guest OS separately.
  • the Hypervisor needs to provide the communication method of the Hyper Call. That is, the Guest OS sends a request to close the interrupt to the Hypervisor through Hyper Call. After the Hypervisor receives the request to close the interrupt, it sets the prohibition of distributing the interrupt to the relevant Guest OS kernel, that is, the interrupt is closed.
  • Hyper Call-like applications that are invoked across a cross-image interface that does not share a code segment (for example,
  • XEN provides a cross-image interface call) and a scenario called by an interface between different privilege-level modes (for example, a syscall call provided by Linux).
  • Hyper Call exists. Multiple implementations, for example, via message communication, by interrupt communication, or by implementing inter-mode interface calls. Since the implementation of Hyper Call generally involves the application of a general communication mechanism such as memory and queues, if the Guest OS needs to frequently perform the operation of turning on or off the interrupt, the above-mentioned prior art provides a shutdown interrupt method to make the system run. Less efficient.
  • Embodiments of the present invention provide a method and apparatus for shutting down an interrupt in a virtualization system to better support Guest OS on/off interrupts while reducing the impact on system operation efficiency.
  • An embodiment of the present invention provides a method for shutting down an interrupt in a virtualization system, where the method includes: providing an interface to a guest operating system Guest OS to enable the guest OS to invoke the interface to correspond to the guest OS in a shared memory.
  • the interrupt flag bit register sets an interrupt flag, and the shared memory is a physical memory shared by the real-time embedded virtualization component Hypervisor with at least one guest OS and used for recording an interrupt flag, wherein different guest OS in the shared memory is shared with the hypervisor
  • the memory space is isolated from each other; the interrupt flag bit register is checked; if the interrupt flag bit register indicates that the guest OS needs to close the interrupt, then the virtual interrupt is prohibited from being sent to the guest OS.
  • An embodiment of the present invention provides an apparatus for shutting down an interrupt in a virtualization system, where the apparatus includes: an interface providing module, configured to provide an interface to a virtualized operating system Guest OS to enable the guest OS to invoke the interface to share in a memory
  • An interrupt flag register corresponding to the guest OS is configured to set an interrupt flag, where the shared memory is a physical memory shared by the real-time embedded virtualization component Hypervisor and configured by at least one guest OS for recording an interrupt flag, and different guest in the shared memory
  • the memory space shared by the OS and the hypervisor is isolated from each other; a flag check module is configured to check the interrupt flag bit register; and an interrupt cutoff sending module is configured to: if the flag bit check module checks the interrupt flag bit register, indicate If the Guest OS needs to close the interrupt, it is forbidden to send a virtual interrupt to the Guest OS.
  • the real-time embedded virtualization component Hypervisor provides an interface to the virtualized operating system Guest OS, and the guest OS can share the hypervisor with at least one guest OS and use the physical memory that is used to record the interrupt flag, that is, the shared memory.
  • the interrupt flag bit register corresponding to the Guest OS sets an interrupt flag.
  • the method provided by the embodiment of the present invention does not depend on the hypervisor and the guest, compared with the prior art method of turning off the interrupt by providing a communication manner of the interrupt notification.
  • the OS compiles together, and the Hypervisor does not need to share the code segment with the Guest OS. Because the virtualization layer is separated from the Guest OS image, the access to the shared memory is performed through the virtual address. Therefore, the shutdown/open interrupt is fast and the system runs efficiently.
  • FIG. 1 is a schematic flowchart of a method for shutting down an interrupt in a virtualization system according to an embodiment of the present invention
  • FIG. 2 is a schematic diagram of running a plurality of guest OSs and a single entity on a single physical CPU according to an embodiment of the present invention
  • FIG. 3 is a schematic structural diagram of an apparatus for shutting down an interrupt in a virtualization system according to an embodiment of the present invention
  • FIG. 4 is a schematic structural diagram of an apparatus for shutting down an interrupt in a virtualization system according to another embodiment of the present invention
  • FIG. 5 is a schematic structural diagram of an apparatus for shutting down an interrupt in a virtualization system according to another embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of an apparatus for shutting down an interrupt in a virtualization system according to another embodiment of the present invention.
  • 6b is a schematic structural diagram of an apparatus for shutting down an interrupt in a virtualization system according to another embodiment of the present invention.
  • FIG. 7 is a schematic structural diagram of an apparatus for shutting down an interrupt in a virtualization system according to another embodiment of the present invention.
  • FIG. 1 it is a flow chart of a method for shutting down an interrupt in a virtualization system according to an embodiment of the present invention.
  • the schematic diagram mainly includes step S101, step S102, and step S103:
  • the interface is provided to the virtualization operating system Guest OS, so that the guest OS invokes the interface to set an interrupt flag in an interrupt flag register corresponding to the guest OS in the shared memory, where the shared memory is real-time embedded virtualization.
  • the component Hypervisor is shared with at least one Guest OS and is used to record the physical memory of the interrupt flag.
  • the Guest OS is a virtualized operating system, and the operating system is different from the general operating system in that not only one such virtualized operating system or one such virtualization is run on a single physical CPU.
  • the operating system only runs on a single physical CPU, that is, it does not run directly on the hardware layer (Hardware), but a real-time embedded virtualization component Hypervisor running on the hardware layer, as shown in Figure 2, is a single physics.
  • the real-time embedded virtualization component Hypervisor provides a layer of intermediate addresses, which are managed by a shadow page table, in contrast to the prior art in which the interrupt is closed by a communication method of a Hyper Call.
  • the guest OS establishes the mapping between the guest OS and the intermediate address and the mapping of the intermediate address to the physical memory address by the hypervisor.
  • the mapping from the guest OS to the intermediate address is called the first layer address mapping
  • the mapping from the intermediate address to the physical memory address is called a mapping.
  • the second layer knows the physical memory requirements of all Guest OSs on the Hypervisor of the real-time embedded virtualization component and systematically divides the physical memory resources according to the requirements of the Guest OS for physical memory.
  • a real-time embedded virtualization component Hypervisor can be established to share the physical memory of the interrupt flag with at least one Guest OS.
  • the physical memory cartridge that shares the real-time embedded virtualization component Hypervisor with at least one Guest OS and is used to record the interrupt flag is called "shared memory".
  • the shared memory is part of physical memory. .
  • FIG. 3 it is a schematic diagram of establishing shared memory in physical memory in the method provided by the embodiment of the present invention.
  • Shared memory can be accessed by the hypervisor and One guest OS is accessed in common, and the different guest OS in the shared memory is isolated from the memory space shared by the hypervisor, that is, the memory space shared by any Guest OS and the Hypervisor in the shared memory and another Guest OS and Hypervisor.
  • the shared memory space is isolated from each other.
  • Guest OS0 is shared with the Hypervisor and used to record the physical memory of the interrupt flag, that is, the interrupt flag bit space in the shared memory.
  • the shared memory that Guest OS1 shares with the Hypervisor and is used to record the interrupt flag is shared memory.
  • the "VM7 interrupt flag bit space" and the "VM2 interrupt flag bit space" in the shared memory shared by the Guest OS2 and the Hypervisor and used to record the interrupt flag are isolated from each other.
  • an interface is provided to the virtualization operating system Guest OS to enable the guest OS to invoke the interface to set an interrupt flag set interrupt flag corresponding to the guest OS in the shared memory:
  • the virtualization component Hypervisor provides an interface to the guest OS to enable the guest OS to invoke the interface, access the intermediate address through the first layer address mapping according to the intermediate address information provided by the interface, and pass the second layer according to the intermediate address.
  • the address mapping accesses the shared memory, and sets an interrupt flag to an interrupt flag bit register corresponding to the Guest OS. For example, a logic "0" indicates that the interrupt is turned off, and a logic " ⁇ indicates that the interrupt is turned on.
  • the embedded virtualization component Hypervisor establishes the first layer address mapping and the second layer address mapping. Therefore, when the guest OS sets the interrupt flag, it is the interface provided by the aforementioned first layer address mapping and real-time embedded virtualization component Hypervisor. Access the intermediate address, then, through the second layer The address mapping finally accesses the shared memory, but during the running of the system, there is no difference between the guest OS and the direct access shared memory, that is, the guest OS considers that it directly accesses the shared memory, and the interrupt flag corresponding to the guest OS is The register sets the interrupt flag.
  • an exception handling function specified by the exception vector may be executed to check the interrupt flag bit register.
  • the physical interrupt generated by the hardware for example, a general physical interrupt or a fast physical interrupt, is first routed to the physical core through the GIC, the Hypervisor program is run on the physical core, and then the exception vector table of the Hypervisor is entered, and the exception is jumped to the Hypervisor.
  • the vector-specified exception handler checks the contents of the interrupt flag bit register during the interrupt processing of the Hypervisor.
  • the interrupt flag bit register may be periodically polled according to a clock provided by the real-time embedded virtualization component Hypervisor, that is, the interrupt flag bit register may be actively checked, or The interrupt flag bit register is checked under the trigger of a hardware-generated physical interrupt, that is, the interrupt flag bit register is passively checked.
  • the real-time embedded virtualization component Hypervisor provides an interface to the virtualized operating system Guest OS, and the guest OS can share the hypervisor with at least one guest OS.
  • the interrupt flag is set in the physical memory of the interrupt flag, that is, the interrupt flag bit register corresponding to the Guest OS in the shared memory.
  • the method provided by the embodiment of the present invention does not depend on the Hypervisor to compile with the Guest OS, and the Hypervisor does not need to share the code segment with the Guest OS.
  • the virtualization layer and the guest are compared with the prior art. The OS image is separated, and the access to the shared memory is performed by the virtual address. Therefore, the speed is fast when the interrupt is turned off/on, and the system operates efficiently.
  • FIG. 4 it is a schematic structural diagram of an apparatus for shutting down an interrupt in a virtualization system according to an embodiment of the present invention. For the convenience of description, only parts related to the embodiment of the present invention are shown.
  • the apparatus for shutting down an interrupt in the virtualization system of the example of FIG. 4 includes an interface providing module 401, a flag check module 402, and an interrupt cutoff transmitting module 403, where:
  • the interface providing module 401 is configured to provide an interface to the virtualized operating system Guest OS, so that the guest OS invokes the interface to set an interrupt flag of an interrupt flag bit register corresponding to the guest OS in the shared memory, where the shared memory is
  • the real-time embedded virtualization component Hypervisor is shared with at least one Guest OS and used to record the physical memory of the interrupt flag, wherein different Guest OSs in the shared memory are isolated from each other by the memory space shared by the Hypervisor.
  • the flag check module 402 checks the interrupt flag bit register.
  • the interrupt cutoff sending module 403 is configured to disable sending a virtual interrupt to the guest OS if the flag check module 402 checks that the interrupt flag bit register indicates that the guest OS needs to close the interrupt.
  • each functional module is merely an example, and the actual application may be considered according to requirements, such as configuration requirements of the corresponding hardware or convenience of implementation of the software.
  • the above function distribution is completed by different functional modules, that is, the internal structure of the cable modem online device is divided into different functional modules to complete all or part of the functions described above.
  • the corresponding functional modules in this embodiment may be implemented by corresponding hardware, or may be implemented by corresponding hardware to execute corresponding software.
  • the foregoing interface providing module may be configured to perform the foregoing virtual
  • the operating system Guest OS provides an interface for the guest OS to invoke the interface to set the hardware of the interrupt flag register corresponding to the Guest OS in the shared memory, such as an interface provider, or can execute the corresponding computer.
  • the general processor or other hardware device that completes the foregoing functions; and the flag check module as described above may be hardware having the function of performing the foregoing checking of the interrupt flag bit register, such as a flag checker, or may be executable.
  • a general processor or other hardware device that performs the aforementioned functions in the corresponding computer program (the various described embodiments of the present specification may apply the above described principles).
  • the interface providing module 401 of the exemplary embodiment of FIG. 4 may include an interface invoking unit 501 and an interrupt flag setting unit 502. As shown in FIG. 5, a device for shutting down an interrupt in a virtualization system according to another embodiment of the present invention is shown in FIG.
  • An interface calling unit 501 configured to provide an interface to the virtualized operating system Guest OS to enable the guest OS to invoke the interface
  • the interrupt flag setting unit 502 is configured to access the intermediate address through the first layer address mapping according to the intermediate address information provided by the interface, and according to the intermediate address and through the second layer address mapping, corresponding to the guest OS
  • the interrupt flag bit register sets an interrupt flag
  • the first layer address mapping is a mapping of the guest OS to an intermediate address
  • the second layer address mapping is a mapping of the intermediate address to a physical memory address, the physical memory
  • the shared memory is included.
  • the apparatus for shutting down the interrupt in the virtualization system illustrated in FIG. 4 or FIG. 5 may further include mapping establishment.
  • the mapping establishment module 601 is configured to establish a mapping of the guest OS to the intermediate address and the mapping of the intermediate address to the physical memory address.
  • a shared memory establishing module 602 configured to establish the shared memory, where the shared memory is different
  • the memory space shared by the Guest OS and the Hypervisor is isolated from each other.
  • the flag check module 402 of the example of FIG. 4 may periodically poll the interrupt flag bit register according to the clock provided by the real-time embedded virtualization component Hypervisor, or may be checked under the trigger of a hardware-generated physical interrupt. Interrupt flag bit register.
  • the flag check module 402 can include a first execution unit 701, such as the device for shutting down the interrupt in the virtualization system provided by another embodiment of the present invention, as shown in FIG.
  • the execution unit 701 is configured to execute an exception handling function specified by the exception vector to check the interrupt flag bit register.
  • the physical interrupt generated by the hardware for example, a general physical interrupt or a fast physical interrupt, is first routed to the physical core through the GIC, the Hypervisor program is run on the physical core, and then the exception vector table of the Hypervisor is entered, and the exception is jumped to the Hypervisor.
  • the vector-specified exception handling function executes the unit 701 to execute the exception handling function specified by the exception vector in the exception vector table during the interrupt processing of the Hypervisor to check the contents of the interrupt flag bit register.
  • the program may be stored in a computer readable storage medium, and the storage medium may include: Read Only Memory (ROM), Random Access Memory (RAM), disk or optical disk.
  • ROM Read Only Memory
  • RAM Random Access Memory

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Memory System Of A Hierarchy Structure (AREA)

Abstract

Provided are a method and device for disabling an interruption in a virtualization system, which supports the interruption enabling/disabling of a Guest OS much better, and reduces the influence on the system running efficiency. The method includes: providing an interface to a virtualization operating system Guest OS so that the Guest OS calls the interface to set an interruption flag for an interruption flag bit register corresponding to the Guest OS in a shared memory; inspecting the interruption flag bit register; and if the interruption flag bit register shows that the Guest OS needs to disable an interruption, prohibiting the transmission of a virtual interruption to the Guest OS. The method provided in the present invention does not rely on the common compilation of a Hypervisor and a Guest OS, the Hypervisor need not share a code segment with the Guest OS, the access to a shared memory is carried out via a virtual address, the speed is high at the time of disabling/enabling an interruption, and the system running efficiency is high.

Description

虚拟化系统中关闭中断的方法和装置 本申请要求于 2012 年 06 月 21 日提交中国专利局、 申请号为 201210207137.5、 发明名称为 "虚拟化系统中关闭中断的方法和装置" 的中国 专利申请的优先权, 其全部内容通过引用结合在本申请中 技术领域 本发明涉及计算机领域, 尤其涉及虚拟化系统中关闭中断的方法和装置。 背景技术  Method and apparatus for shutting down an interrupt in a virtualized system. The present application claims to be filed on June 21, 2012 by the Chinese Patent Office, Application No. 201210207137.5, entitled "Method and Apparatus for Shutdown Interruption in Virtualization System" The present invention relates to the field of computers, and more particularly to a method and apparatus for shutting down an interrupt in a virtualized system. Background technique
为了防止重要的系统程序代码执行时不被打断或者为了保证数据一致性, 操作系统( Operating System , OS )需要执行关闭中断的操作。  In order to prevent important system program code from being interrupted or to ensure data consistency, the operating system (OS) needs to perform the shutdown operation.
在非虚拟化的环境下, OS可直接关物理硬件中断。 然而, 一旦部署了实 时嵌入式虚拟化构件即 Hypervisor, 中断的分发便由 Hypervisor统一管理, OS 并不能直接去关闭物理硬件中断。 例如, 在虚拟化系统, 多个客户操作系统 ( Guest OS )会运行在单个物理中央处理器( Central Processing Unit, CPU ) 上, 单个 Guest OS执行关闭中断时不能影响同一个物理 CPU上其他 Guest OS的 运行, 这就需要由 Hypervisor统一协调处理关闭中断这一操作。  In a non-virtualized environment, the OS can directly shut down physical hardware interrupts. However, once the real-time embedded virtualization component, the Hypervisor, is deployed, the distribution of the interrupt is managed by the Hypervisor, and the OS does not directly shut down the physical hardware interrupt. For example, in a virtualization system, multiple guest operating systems ( Guest OSs) run on a single Central Processing Unit (CPU). A single Guest OS can not affect other Guest OSs on the same physical CPU when performing shutdown interrupts. The operation, which requires the Hypervisor to coordinate the processing of the shutdown interrupt.
在部署了 Hypervisor的虚拟化系统中, 现有技术提供的一种关闭中断方法 是: Hypervisor和 Guest OS独立编译、 链接映像, 通过引导程序 (BootLoader ) Hypervisor和 Guest OS的映像力口载到内存, BootLoader启动 Hypervisor , Hypervisor再分別启动各个 Guest OS。 由于在虚拟化系统中, 中断是由 Hypervisor统一分发, 因此, 需要 Hypervisor提供中断通知 ( Hyper Call ) 的通 讯方式, 即, Guest OS通过 Hyper Call向 Hypervisor发送关闭中断的请求。 Hypervisor收到关闭中断的请求后,再设置禁止向相关 Guest OS内核分发中断, 即关闭中断。  In the virtualization system in which the hypervisor is deployed, a method for shutting down the interrupt provided by the prior art is: Hypervisor and Guest OS independently compile, link the image, and load the image into the memory through the bootloader (Hotvisor) and the image of the Guest OS. The BootLoader starts the hypervisor, and the Hypervisor starts each guest OS separately. Because in the virtualized system, the interrupt is uniformly distributed by the Hypervisor, the Hypervisor needs to provide the communication method of the Hyper Call. That is, the Guest OS sends a request to close the interrupt to the Hypervisor through Hyper Call. After the Hypervisor receives the request to close the interrupt, it sets the prohibition of distributing the interrupt to the relevant Guest OS kernel, that is, the interrupt is closed.
Hyper Call—般应用在不共享一个代码段的跨映像接口调用的场景(例如, Hyper Call-like applications that are invoked across a cross-image interface that does not share a code segment (for example,
XEN提供的跨映像接口调用)以及不同特权级模式之间的接口调用的场景(例 如, Linux提供的 syscall调用)等, 目前, 在上述应用场景下, Hyper Call存在 多种实现方式, 例如, 通过消息通讯、 通过中断通讯或通过实现跨模式间的接 口调用功能等。 由于 Hyper Call的实现方式一般都涉及对内存和队列等通用通 讯机制的应用,因此,如果 Guest OS需要频繁地执行打开或关闭中断这一操作, 则上述现有技术提供的关闭中断方法使得系统运行效率较低。 XEN provides a cross-image interface call) and a scenario called by an interface between different privilege-level modes (for example, a syscall call provided by Linux). Currently, in the above application scenario, Hyper Call exists. Multiple implementations, for example, via message communication, by interrupt communication, or by implementing inter-mode interface calls. Since the implementation of Hyper Call generally involves the application of a general communication mechanism such as memory and queues, if the Guest OS needs to frequently perform the operation of turning on or off the interrupt, the above-mentioned prior art provides a shutdown interrupt method to make the system run. Less efficient.
发明内容 Summary of the invention
本发明实施例提供虚拟化系统中关闭中断的方法和装置, 以更好地支持 Guest OS开 /关中断, 同时降低对系统运行效率的影响。  Embodiments of the present invention provide a method and apparatus for shutting down an interrupt in a virtualization system to better support Guest OS on/off interrupts while reducing the impact on system operation efficiency.
本发明实施例提供一种虚拟化系统中关闭中断的方法, 所述方法包括: 向 虚拟化操作系统 Guest OS提供接口以使所述 Guest OS调用所述接口将共享内 存中与所述 Guest OS对应的中断标志位寄存器设置中断标志,所述共享内存为 实时嵌入式虚拟化构件 Hypervisor与至少一个 Guest OS共享并用于记录中断标 志的物理内存, 所述共享内存中不同的 Guest OS与所述 Hypervisor共享的内存 空间互相隔离;检查所述中断标志位寄存器; 若所述中断标志位寄存器表明所 述 Guest OS需要关闭中断, 则禁止向所述 Guest OS发送虚拟中断。  An embodiment of the present invention provides a method for shutting down an interrupt in a virtualization system, where the method includes: providing an interface to a guest operating system Guest OS to enable the guest OS to invoke the interface to correspond to the guest OS in a shared memory. The interrupt flag bit register sets an interrupt flag, and the shared memory is a physical memory shared by the real-time embedded virtualization component Hypervisor with at least one guest OS and used for recording an interrupt flag, wherein different guest OS in the shared memory is shared with the hypervisor The memory space is isolated from each other; the interrupt flag bit register is checked; if the interrupt flag bit register indicates that the guest OS needs to close the interrupt, then the virtual interrupt is prohibited from being sent to the guest OS.
本发明实施例提供一种虚拟化系统中关闭中断的装置, 所述装置包括: 接 口提供模块, 用于向虚拟化操作系统 Guest OS提供接口以使所述 Guest OS调用 所述接口将共享内存中与所述 Guest OS对应的中断标志位寄存器设置中断标 志, 所述共享内存为实时嵌入式虚拟化构件 Hypervisor与至少一个 Guest OS共 享并用于记录中断标志的物理内存, 所述共享内存中不同的 Guest OS与所述 Hypervisor共享的内存空间互相隔离; 标志位检查模块, 用于检查所述中断标 志位寄存器; 中断截止发送模块, 用于若所述标志位检查模块检查所述中断标 志位寄存器表明所述 Guest OS需要关闭中断, 则禁止向所述 Guest OS发送虚拟 中断。  An embodiment of the present invention provides an apparatus for shutting down an interrupt in a virtualization system, where the apparatus includes: an interface providing module, configured to provide an interface to a virtualized operating system Guest OS to enable the guest OS to invoke the interface to share in a memory An interrupt flag register corresponding to the guest OS is configured to set an interrupt flag, where the shared memory is a physical memory shared by the real-time embedded virtualization component Hypervisor and configured by at least one guest OS for recording an interrupt flag, and different guest in the shared memory The memory space shared by the OS and the hypervisor is isolated from each other; a flag check module is configured to check the interrupt flag bit register; and an interrupt cutoff sending module is configured to: if the flag bit check module checks the interrupt flag bit register, indicate If the Guest OS needs to close the interrupt, it is forbidden to send a virtual interrupt to the Guest OS.
从上述本发明实施例可知, 由于实时嵌入式虚拟化构件 Hypervisor向虚拟 化操作系统 Guest OS提供接口, 所述 Guest OS可以将 Hypervisor与至少一个 Guest OS共享并用于记录中断标志的物理内存即共享内存中与所述 Guest OS 对应的中断标志位寄存器设置中断标志。与现有技术通过提供中断通知的通讯 方式关闭中断的方法相比,本发明实施例提供的方法不依赖 Hypervisor与 Guest OS共同编译, Hypervisor不需与 Guest OS共享代码段;由于虚拟化层与 Guest OS 映像分离, 对共享内存的访问通过虚拟地址进行, 因此, 在关闭 /打开中断时 速度快, 系统运行效率高。 As can be seen from the foregoing embodiments of the present invention, the real-time embedded virtualization component Hypervisor provides an interface to the virtualized operating system Guest OS, and the guest OS can share the hypervisor with at least one guest OS and use the physical memory that is used to record the interrupt flag, that is, the shared memory. The interrupt flag bit register corresponding to the Guest OS sets an interrupt flag. The method provided by the embodiment of the present invention does not depend on the hypervisor and the guest, compared with the prior art method of turning off the interrupt by providing a communication manner of the interrupt notification. The OS compiles together, and the Hypervisor does not need to share the code segment with the Guest OS. Because the virtualization layer is separated from the Guest OS image, the access to the shared memory is performed through the virtual address. Therefore, the shutdown/open interrupt is fast and the system runs efficiently.
附图说明 DRAWINGS
为了更清楚地说明本发明实施例的技术方案,下面将对现有技术或实施例 描述中所需要使用的附图作筒单地介绍,显而易见地, 下面描述中的附图仅仅 是本发明的一些实施例,对于本领域技术人员来讲,还可以如这些附图获得其 他的附图。  In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the prior art or the embodiments will be briefly described below. Obviously, the drawings in the following description are only the present invention. For some embodiments, other figures may also be obtained as those skilled in the art from these figures.
图 1是本发明实施例提供的虚拟化系统中关闭中断的方法流程示意图; 图 2是本发明实施例提供的单个物理 CPU上运行多个 Guest OS和单个 1 is a schematic flowchart of a method for shutting down an interrupt in a virtualization system according to an embodiment of the present invention; FIG. 2 is a schematic diagram of running a plurality of guest OSs and a single entity on a single physical CPU according to an embodiment of the present invention;
Guest OS运行于多个物理 CPU上的场景示意图; A scenario diagram of a guest OS running on multiple physical CPUs;
图 3是本发明实施例提供的虚拟化系统中关闭中断的装置结构示意图; 图 4是本发明另一实施例提供的虚拟化系统中关闭中断的装置结构示意 图;  3 is a schematic structural diagram of an apparatus for shutting down an interrupt in a virtualization system according to an embodiment of the present invention; FIG. 4 is a schematic structural diagram of an apparatus for shutting down an interrupt in a virtualization system according to another embodiment of the present invention;
图 5是本发明另一实施例提供的虚拟化系统中关闭中断的装置结构示意 图;  FIG. 5 is a schematic structural diagram of an apparatus for shutting down an interrupt in a virtualization system according to another embodiment of the present invention; FIG.
图 6a是本发明另一实施例提供的虚拟化系统中关闭中断的装置结构示意 图;  FIG. 6 is a schematic structural diagram of an apparatus for shutting down an interrupt in a virtualization system according to another embodiment of the present invention; FIG.
图 6b是本发明另一实施例提供的虚拟化系统中关闭中断的装置结构示意 图;  6b is a schematic structural diagram of an apparatus for shutting down an interrupt in a virtualization system according to another embodiment of the present invention;
图 7是本发明另一实施例提供的虚拟化系统中关闭中断的装置结构示意 图。  FIG. 7 is a schematic structural diagram of an apparatus for shutting down an interrupt in a virtualization system according to another embodiment of the present invention.
具体实施方式 detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清 楚、 完整地描述, 显然, 所描述的实施例仅仅是本发明一部分实施例, 而不是 全部的实施例。基于本发明中的实施例, 本领域技术人员所获得的所有其他实 施例, 都属于本发明保护的范围。  BRIEF DESCRIPTION OF THE DRAWINGS The technical solutions in the embodiments of the present invention will be described in detail below with reference to the accompanying drawings. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention are within the scope of the present invention.
请参阅附图 1 , 是本发明实施例提供的虚拟化系统中关闭中断的方法流程 示意图, 主要包括步骤 S101、 步骤 S102和步骤 S103: Referring to FIG. 1 , it is a flow chart of a method for shutting down an interrupt in a virtualization system according to an embodiment of the present invention. The schematic diagram mainly includes step S101, step S102, and step S103:
S101 , 向虚拟化操作系统 Guest OS提供接口以使所述 Guest OS调用所述接 口将共享内存中与所述 Guest OS对应的中断标志位寄存器设置中断标志,所述 共享内存为实时嵌入式虚拟化构件 Hypervisor与至少一个 Guest OS共享并用于 记录中断标志的物理内存。  S101. The interface is provided to the virtualization operating system Guest OS, so that the guest OS invokes the interface to set an interrupt flag in an interrupt flag register corresponding to the guest OS in the shared memory, where the shared memory is real-time embedded virtualization. The component Hypervisor is shared with at least one Guest OS and is used to record the physical memory of the interrupt flag.
在本发明实施例中, Guest OS是一种虚拟化操作系统, 这类操作系统与一 般操作系统不同之处在于,不是单个物理 CPU上只运行一个这样的虚拟化操作 系统或者一个这样的虚拟化操作系统只运行在单个物理 CPU上,即不是直接运 行于硬件层(Hardware )之上, 而是运行于硬件层之上的实时嵌入式虚拟化构 件 Hypervisor,如附图 2所示,是单个物理 CPU上运行多个 Guest OS和单个 Guest OS运行于多个物理 CPU上的场景示意图。 例如, Guest OS0和 Guest OS7通过 Hypervisor运行于物理 CPU0 ( CoreO )上, 而 Guest OS«通过 Hypervisor运行于 物理 CPU7 ( Core7 ), 物理 CPU2 ( Core2 )和物理 CPU« ( Corew )上。  In the embodiment of the present invention, the Guest OS is a virtualized operating system, and the operating system is different from the general operating system in that not only one such virtualized operating system or one such virtualization is run on a single physical CPU. The operating system only runs on a single physical CPU, that is, it does not run directly on the hardware layer (Hardware), but a real-time embedded virtualization component Hypervisor running on the hardware layer, as shown in Figure 2, is a single physics. A scenario diagram of running multiple Guest OSs and a single Guest OS running on multiple physical CPUs on the CPU. For example, Guest OS0 and Guest OS7 run on physical CPU0 (CoreO) via Hypervisor, while Guest OS« runs on physical CPU7 (Core7), physical CPU2 (Core2) and physical CPU« (Corew) via Hypervisor.
与现有技术通过中断通知(Hyper Call ) 的通讯方式关闭中断不同, 在本 发明实施例中, 实时嵌入式虚拟化构件 Hypervisor提供一层中间地址, 这种中 间地址以影子页表来管理; 由 Guest OS建立 Guest OS至中间地址的映射以及 Hypervisor建立中间地址至物理内存地址的映射, 这里将 Guest OS至中间地址 的映射称为第一层地址映射,将中间地址至物理内存地址的映射称为第二层地 知实时嵌入式虚拟化构件 Hypervisor之上所有 Guest OS对物理内存的需求并统 据 Guest OS对物理内存的需求, 有规划性地划分物理内存资源。  In the embodiment of the present invention, the real-time embedded virtualization component Hypervisor provides a layer of intermediate addresses, which are managed by a shadow page table, in contrast to the prior art in which the interrupt is closed by a communication method of a Hyper Call. The guest OS establishes the mapping between the guest OS and the intermediate address and the mapping of the intermediate address to the physical memory address by the hypervisor. Here, the mapping from the guest OS to the intermediate address is called the first layer address mapping, and the mapping from the intermediate address to the physical memory address is called a mapping. The second layer knows the physical memory requirements of all Guest OSs on the Hypervisor of the real-time embedded virtualization component and systematically divides the physical memory resources according to the requirements of the Guest OS for physical memory.
建立了第一层地址映射和第二层地址映射之后,可以建立实时嵌入式虚拟 化构件 Hypervisor与至少一个 Guest OS共享并用于记录中断标志的物理内存。 在以下的说明中, 为了描述的方便, 将实时嵌入式虚拟化构件 Hypervisor与至 少一个 Guest OS共享并用于记录中断标志的物理内存筒称为 "共享内存", 显 然, 共享内存是物理内存的一部分。 如附图 3所示, 是本发明实施例提供的方 法中在物理内存建立了共享内存的示意图。 共享内存可以被 Hypervisor以及至 少一个 Guest OS共同访问, 并且, 所述共享内存中不同的 Guest OS与所述 Hypervisor共享的内存空间互相隔离, 即共享内存中任意一个 Guest OS与 Hypervisor共享的内存空间和另一个 Guest OS与 Hypervisor共享的内存空间是 互相隔离的。 例如, 在附图 3中, Guest OS0与 Hypervisor共享并用于记录中断 标志的物理内存即共享内存中的 中断标志位空间"、 Guest OS1与 Hypervisor共享并用于记录中断标志的物理内存即共享内存中的 "VM7中断标 志位空间"以及 Guest OS2与 Hypervisor共享并用于记录中断标志的物理内存即 共享内存中的 "VM2中断标志位空间" 是互相隔离的。 After the first layer address mapping and the second layer address mapping are established, a real-time embedded virtualization component Hypervisor can be established to share the physical memory of the interrupt flag with at least one Guest OS. In the following description, for the convenience of description, the physical memory cartridge that shares the real-time embedded virtualization component Hypervisor with at least one Guest OS and is used to record the interrupt flag is called "shared memory". Obviously, the shared memory is part of physical memory. . As shown in FIG. 3, it is a schematic diagram of establishing shared memory in physical memory in the method provided by the embodiment of the present invention. Shared memory can be accessed by the hypervisor and One guest OS is accessed in common, and the different guest OS in the shared memory is isolated from the memory space shared by the hypervisor, that is, the memory space shared by any Guest OS and the Hypervisor in the shared memory and another Guest OS and Hypervisor. The shared memory space is isolated from each other. For example, in Figure 3, Guest OS0 is shared with the Hypervisor and used to record the physical memory of the interrupt flag, that is, the interrupt flag bit space in the shared memory. The shared memory that Guest OS1 shares with the Hypervisor and is used to record the interrupt flag is shared memory. The "VM7 interrupt flag bit space" and the "VM2 interrupt flag bit space" in the shared memory shared by the Guest OS2 and the Hypervisor and used to record the interrupt flag are isolated from each other.
作为本发明一个实施例, 向虚拟化操作系统 Guest OS提供接口以使所述 Guest OS调用所述接口将共享内存中与所述 Guest OS对应的中断标志位寄存 器设置中断标志可以是: 实时嵌入式虚拟化构件 Hypervisor向 Guest OS提供接 口以使所述 Guest OS调用所述接口, 根据所述接口提供的中间地址信息, 通过 第一层地址映射访问中间地址,根据所述中间地址并通过第二层地址映射访问 所述共享内存, 将与所述 Guest OS对应的中断标志位寄存器设置中断标志, 例 如, 使用逻辑 "0" 表示关闭中断, 使用逻辑 "Γ 表示打开中断。 需要说明的 是, 由于实时嵌入式虚拟化构件 Hypervisor建立了第一层地址映射和第二层地 址映射, 因此, Guest OS在设置中断标志时, 虽然是通过前述第一层地址映射 和实时嵌入式虚拟化构件 Hypervisor提供的接口访问中间地址, 然后, 通过第 二层地址映射最终访问到共享内存, 但在系统运行过程中, 对 Guest OS而言, 与直接访问共享内存并没有不同, 即 Guest OS认为是直接访问共享内存, 将与 该 Guest OS对应的中断标志位寄存器设置中断标志。  As an embodiment of the present invention, an interface is provided to the virtualization operating system Guest OS to enable the guest OS to invoke the interface to set an interrupt flag set interrupt flag corresponding to the guest OS in the shared memory: The virtualization component Hypervisor provides an interface to the guest OS to enable the guest OS to invoke the interface, access the intermediate address through the first layer address mapping according to the intermediate address information provided by the interface, and pass the second layer according to the intermediate address. The address mapping accesses the shared memory, and sets an interrupt flag to an interrupt flag bit register corresponding to the Guest OS. For example, a logic "0" indicates that the interrupt is turned off, and a logic "Γ indicates that the interrupt is turned on. It should be noted that due to real time The embedded virtualization component Hypervisor establishes the first layer address mapping and the second layer address mapping. Therefore, when the guest OS sets the interrupt flag, it is the interface provided by the aforementioned first layer address mapping and real-time embedded virtualization component Hypervisor. Access the intermediate address, then, through the second layer The address mapping finally accesses the shared memory, but during the running of the system, there is no difference between the guest OS and the direct access shared memory, that is, the guest OS considers that it directly accesses the shared memory, and the interrupt flag corresponding to the guest OS is The register sets the interrupt flag.
S102, 检查所述中断标志位寄存器。  S102. Check the interrupt flag bit register.
作为本发明一个实施例,检查所述中断标志位寄存器时, 可以是执行异常 向量指定的异常处理函数以检查所述中断标志位寄存器。具体地,硬件产生的 物理中断,例如,通用物理中断或快速物理中断等首先通过 GIC路由到物理核, 物理核上运行 Hypervisor程序, 然后进入到 Hypervisor的异常向量表, 并跳转到 Hypervisor的异常向量指定的异常处理函数,在 Hypervisor的中断处理过程中检 查中断标志位寄存器的内容。 在上述检查中断标志位寄存器的实施例中,可以是按照实时嵌入式虚拟化 构件 Hypervisor提供的时钟, 周期性地轮询所述中断标志位寄存器, 即主动检 查所述中断标志位寄存器,也可以是在硬件产生的物理中断的触发下,检查所 述中断标志位寄存器, 即被动检查所述中断标志位寄存器。 As an embodiment of the present invention, when the interrupt flag bit register is checked, an exception handling function specified by the exception vector may be executed to check the interrupt flag bit register. Specifically, the physical interrupt generated by the hardware, for example, a general physical interrupt or a fast physical interrupt, is first routed to the physical core through the GIC, the Hypervisor program is run on the physical core, and then the exception vector table of the Hypervisor is entered, and the exception is jumped to the Hypervisor. The vector-specified exception handler checks the contents of the interrupt flag bit register during the interrupt processing of the Hypervisor. In the above embodiment of the check interrupt flag bit register, the interrupt flag bit register may be periodically polled according to a clock provided by the real-time embedded virtualization component Hypervisor, that is, the interrupt flag bit register may be actively checked, or The interrupt flag bit register is checked under the trigger of a hardware-generated physical interrupt, that is, the interrupt flag bit register is passively checked.
S103 , 若所述中断标志位寄存器表明所述 Guest OS需要关闭中断, 则禁止 向所述 Guest OS发送虚拟中断。  S103. If the interrupt flag bit register indicates that the guest OS needs to close the interrupt, then prohibiting sending a virtual interrupt to the guest OS.
例如, 若使用逻辑 "0" 表示关闭中断, 使用逻辑 "1" 表示打开中断, 则 检查到中断标志位寄存器的内容为逻辑 "0" , 则禁止向所述 Guest OS发送硬件 产生的物理中断。  For example, if the logic "0" is used to turn off the interrupt and the logic "1" is used to indicate that the interrupt is turned on, it is checked that the contents of the interrupt flag bit register are logic "0", and the physical interrupt generated by the hardware is prohibited from being sent to the guest OS.
从上述本发明实施例提供的虚拟化系统中关闭中断的方法可知,由于实时 嵌入式虚拟化构件 Hypervisor向虚拟化操作系统 Guest OS提供接口, 所述 Guest OS可以将 Hypervisor与至少一个 Guest OS共享并用于记录中断标志的物理内 存即共享内存中与所述 Guest OS对应的中断标志位寄存器设置中断标志。与现 有技术通过提供中断通知的通讯方式关闭中断的方法相比,本发明实施例提供 的方法不依赖 Hypervisor与 Guest OS共同编译, Hypervisor不需与 Guest OS共享 代码段; 由于虚拟化层与 Guest OS映像分离, 对共享内存的访问通过虚拟地址 进行, 因此, 在关闭 /打开中断时速度快, 系统运行效率高。  According to the method for shutting down the interrupt in the virtualization system provided by the embodiment of the present invention, the real-time embedded virtualization component Hypervisor provides an interface to the virtualized operating system Guest OS, and the guest OS can share the hypervisor with at least one guest OS. The interrupt flag is set in the physical memory of the interrupt flag, that is, the interrupt flag bit register corresponding to the Guest OS in the shared memory. The method provided by the embodiment of the present invention does not depend on the Hypervisor to compile with the Guest OS, and the Hypervisor does not need to share the code segment with the Guest OS. The virtualization layer and the guest are compared with the prior art. The OS image is separated, and the access to the shared memory is performed by the virtual address. Therefore, the speed is fast when the interrupt is turned off/on, and the system operates efficiently.
请参阅附图 4, 是本发明实施例提供的虚拟化系统中关闭中断的装置结构 示意图。 为了便于说明, 仅仅示出了与本发明实施例相关的部分。 附图 4示例 的虚拟化系统中关闭中断的装置包括接口提供模块 401、 标志位检查模块 402 和中断截止发送模块 403 , 其中:  Referring to FIG. 4, it is a schematic structural diagram of an apparatus for shutting down an interrupt in a virtualization system according to an embodiment of the present invention. For the convenience of description, only parts related to the embodiment of the present invention are shown. The apparatus for shutting down an interrupt in the virtualization system of the example of FIG. 4 includes an interface providing module 401, a flag check module 402, and an interrupt cutoff transmitting module 403, where:
接口提供模块 401 , 用于向虚拟化操作系统 Guest OS提供接口以使所述 Guest OS调用所述接口将共享内存中与所述 Guest OS对应的中断标志位寄存 器设置中断标志, 所述共享内存为实时嵌入式虚拟化构件 Hypervisor与至少一 个 Guest OS共享并用于记录中断标志的物理内存, 其中, 所述共享内存中不同 的 Guest OS与所述 Hypervisor共享的内存空间互相隔离。  The interface providing module 401 is configured to provide an interface to the virtualized operating system Guest OS, so that the guest OS invokes the interface to set an interrupt flag of an interrupt flag bit register corresponding to the guest OS in the shared memory, where the shared memory is The real-time embedded virtualization component Hypervisor is shared with at least one Guest OS and used to record the physical memory of the interrupt flag, wherein different Guest OSs in the shared memory are isolated from each other by the memory space shared by the Hypervisor.
标志位检查模块 402, 用检查所述中断标志位寄存器。 中断截止发送模块 403 ,用于若所述标志位检查模块 402检查所述中断标志 位寄存器表明所述 Guest OS需要关闭中断, 则禁止向所述 Guest OS发送虚拟中 断。 The flag check module 402 checks the interrupt flag bit register. The interrupt cutoff sending module 403 is configured to disable sending a virtual interrupt to the guest OS if the flag check module 402 checks that the interrupt flag bit register indicates that the guest OS needs to close the interrupt.
需要说明的是, 以上虚拟化系统中关闭中断的装置的实施方式中,各功能 模块的划分仅是举例说明, 实际应用中可以根据需要, 例如相应硬件的配置要 求或者软件的实现的便利考虑, 而将上述功能分配由不同的功能模块完成, 即 将所述电缆调制解调器上线装置的内部结构划分成不同的功能模块,以完成以 上描述的全部或者部分功能。 而且, 实际应用中, 本实施例中的相应的功能模 块可以是由相应的硬件实现,也可以由相应的硬件执行相应的软件完成,例如, 前述的接口提供模块,可以是具有执行前述向虚拟化操作系统 Guest OS提供接 口以使所述 Guest OS调用所述接口将共享内存中与所述 Guest OS对应的中断 标志位寄存器设置中断标志的硬件, 例如接口提供器,也可以是能够执行相应 计算机程序从而完成前述功能的一般处理器或者其他硬件设备;再如前述的标 志位检查模块, 可以是具有执行前述检查所述中断标志位寄存器功能的硬件, 例如标志位检查器,也可以是能够执行相应计算机程序从而完成前述功能的一 般处理器或者其他硬件设备(本说明书提供的各个实施例都可应用上述描述原 则)。  It should be noted that, in the implementation of the apparatus for shutting down the interrupt in the above virtualization system, the division of each functional module is merely an example, and the actual application may be considered according to requirements, such as configuration requirements of the corresponding hardware or convenience of implementation of the software. The above function distribution is completed by different functional modules, that is, the internal structure of the cable modem online device is divided into different functional modules to complete all or part of the functions described above. Moreover, in practical applications, the corresponding functional modules in this embodiment may be implemented by corresponding hardware, or may be implemented by corresponding hardware to execute corresponding software. For example, the foregoing interface providing module may be configured to perform the foregoing virtual The operating system Guest OS provides an interface for the guest OS to invoke the interface to set the hardware of the interrupt flag register corresponding to the Guest OS in the shared memory, such as an interface provider, or can execute the corresponding computer. The general processor or other hardware device that completes the foregoing functions; and the flag check module as described above may be hardware having the function of performing the foregoing checking of the interrupt flag bit register, such as a flag checker, or may be executable. A general processor or other hardware device that performs the aforementioned functions in the corresponding computer program (the various described embodiments of the present specification may apply the above described principles).
附图 4示例的接口提供模块 401可以包括接口调用单元 501和中断标志设置 单元 502 , 如附图 5所示本发明另一实施例提供的虚拟化系统中关闭中断的装 置, 其中:  The interface providing module 401 of the exemplary embodiment of FIG. 4 may include an interface invoking unit 501 and an interrupt flag setting unit 502. As shown in FIG. 5, a device for shutting down an interrupt in a virtualization system according to another embodiment of the present invention is shown in FIG.
接口调用单元 501 , 用于向虚拟化操作系统 Guest OS提供接口以使所述 Guest OS调用所述接口;  An interface calling unit 501, configured to provide an interface to the virtualized operating system Guest OS to enable the guest OS to invoke the interface;
中断标志设置单元 502, 用于根据所述接口提供的中间地址信息, 通过第 一层地址映射访问中间地址,才艮据所述中间地址并通过第二层地址映射,将与 所述 Guest OS对应的中断标志位寄存器设置中断标志,所述第一层地址映射为 所述 Guest OS至中间地址的映射,所述第二层地址映射是所述中间地址至物理 内存地址的映射, 所述物理内存包括所述共享内存。  The interrupt flag setting unit 502 is configured to access the intermediate address through the first layer address mapping according to the intermediate address information provided by the interface, and according to the intermediate address and through the second layer address mapping, corresponding to the guest OS The interrupt flag bit register sets an interrupt flag, the first layer address mapping is a mapping of the guest OS to an intermediate address, and the second layer address mapping is a mapping of the intermediate address to a physical memory address, the physical memory The shared memory is included.
附图 4或附图 5示例的虚拟化系统中关闭中断的装置还可以包括映射建立 模块 601和共享内存建立模块 602,如附图 6a或附图 6b所示本发明另一实施例提 供的虚拟化系统中关闭中断的装置, 其中: The apparatus for shutting down the interrupt in the virtualization system illustrated in FIG. 4 or FIG. 5 may further include mapping establishment. The module 601 and the shared memory establishing module 602, as shown in FIG. 6a or FIG. 6b, the device for shutting down the interrupt in the virtualization system according to another embodiment of the present invention, wherein:
映射建立模块 601 , 用于建立 Guest OS至中间地址的映射以及所述中间地 址至物理内存地址的映射。  The mapping establishment module 601 is configured to establish a mapping of the guest OS to the intermediate address and the mapping of the intermediate address to the physical memory address.
共享内存建立模块 602, 用于建立所述共享内存, 所述共享内存中不同的 a shared memory establishing module 602, configured to establish the shared memory, where the shared memory is different
Guest OS与所述 Hypervisor共享的内存空间互相隔离。 The memory space shared by the Guest OS and the Hypervisor is isolated from each other.
附图 4示例的标志位检查模块 402可以按照实时嵌入式虚拟化构件 Hypervisor提供的时钟, 周期性地轮询所述中断标志位寄存器, 也可以在硬件 产生的物理中断的触发下, 检查所述中断标志位寄存器。 标志位检查模块 402 可以包括第一执行单元 701,如附图 7所示本发明另一实施例提供的虚拟化系统 中关闭中断的装置,  The flag check module 402 of the example of FIG. 4 may periodically poll the interrupt flag bit register according to the clock provided by the real-time embedded virtualization component Hypervisor, or may be checked under the trigger of a hardware-generated physical interrupt. Interrupt flag bit register. The flag check module 402 can include a first execution unit 701, such as the device for shutting down the interrupt in the virtualization system provided by another embodiment of the present invention, as shown in FIG.
执行单元 701 , 用于执行异常向量指定的异常处理函数以检查所述中断标 志位寄存器。 具体地, 硬件产生的物理中断, 例如, 通用物理中断或快速物理 中断等首先通过 GIC路由到物理核, 物理核上运行 Hypervisor程序, 然后进入 到 Hypervisor的异常向量表,并跳转到 Hypervisor的异常向量指定的异常处理函 数,在 Hypervisor的中断处理过程中执行单元 701执行异常向量表中异常向量指 定的异常处理函数以检查中断标志位寄存器的内容。  The execution unit 701 is configured to execute an exception handling function specified by the exception vector to check the interrupt flag bit register. Specifically, the physical interrupt generated by the hardware, for example, a general physical interrupt or a fast physical interrupt, is first routed to the physical core through the GIC, the Hypervisor program is run on the physical core, and then the exception vector table of the Hypervisor is entered, and the exception is jumped to the Hypervisor. The vector-specified exception handling function executes the unit 701 to execute the exception handling function specified by the exception vector in the exception vector table during the interrupt processing of the Hypervisor to check the contents of the interrupt flag bit register.
需要说明的是, 上述装置各模块 /单元之间的信息交互、 执行过程等内容, 由于与本发明方法实施例基于同一构思,其带来的技术效果与本发明方法实施 例相同, 具体内容可参见本发明方法实施例中的叙述, 此处不再赘述。  It should be noted that the information interaction, the execution process, and the like between the modules/units of the foregoing device are the same as the embodiment of the method of the present invention. Reference is made to the description in the method embodiment of the present invention, and details are not described herein again.
本领域普通技术人员可以理解上述实施例的各种方法中的全部或部分步 骤是可以通过程序来指令相关的硬件来完成,比如以下各种方法的一种或多种 或全部:  One of ordinary skill in the art will appreciate that all or a portion of the various methods of the above-described embodiments can be performed by a program to instruct the associated hardware, such as one or more or all of the following various methods:
向虚拟化操作系统 Guest OS提供接口以使所述 Guest OS调用所述接口将 共享内存中与所述 Guest OS对应的中断标志位寄存器设置中断标志,所述共享 内存为实时嵌入式虚拟化构件 Hypervisor与至少一个 Guest OS共享并用于记录 中断标志的物理内存;  Providing an interface to the virtualized operating system Guest OS to enable the guest OS to invoke the interface to set an interrupt flag of an interrupt flag bit register corresponding to the guest OS in the shared memory, where the shared memory is a real-time embedded virtualization component Hypervisor Physical memory shared with at least one Guest OS and used to record interrupt flags;
检查所述中断标志位寄存器; 若所述中断标志位寄存器表明所述 Guest OS需要关闭中断,则禁止向所述 Guest OS发送虚拟中断。 Checking the interrupt flag bit register; If the interrupt flag bit register indicates that the guest OS needs to close the interrupt, then the virtual interrupt is prohibited from being sent to the guest OS.
本领域普通技术人员可以理解上述实施例的各种方法中的全部或部分步 骤是可以通过程序来指令相关的硬件来完成,该程序可以存储于一计算机可读 存储介质中, 存储介质可以包括: 只读存储器( ROM, Read Only Memory ) 、 随机存取存储器(RAM, Random Access Memory ) 、 磁盘或光盘等。  A person skilled in the art may understand that all or part of the various steps of the foregoing embodiments may be completed by a program instructing related hardware. The program may be stored in a computer readable storage medium, and the storage medium may include: Read Only Memory (ROM), Random Access Memory (RAM), disk or optical disk.
以上对本发明实施例提供的虚拟化系统中关闭中断的方法和装置进行了 上实施例的说明只是用于帮助理解本发明的方法及其核心思想; 同时,对于本 领域的一般技术人员,依据本发明的思想,在具体实施方式及应用范围上均会 有改变之处, 综上所述, 本说明书内容不应理解为对本发明的限制。  The foregoing description of the method and apparatus for shutting down the interrupt in the virtualization system provided by the embodiment of the present invention is only for assisting in understanding the method and core idea of the present invention. Meanwhile, for those skilled in the art, according to the present invention, The present invention is not limited by the scope of the present invention.

Claims

权 利 要 求 Rights request
1、 一种虚拟化系统中关闭中断的方法, 其特征在于, 所述方法包括: 向虚拟化操作系统 Guest OS提供接口以使所述 Guest OS调用所述接口将 共享内存中与所述 Guest OS对应的中断标志位寄存器设置中断标志,所述共享 内存为实时嵌入式虚拟化构件 Hypervisor与至少一个 Guest OS共享并用于记录 中断标志的物理内存, 且所述共享内存中不同的 Guest OS与所述 Hypervisor共 享的内存空间互相隔离; 1. A method for turning off interrupts in a virtualization system, characterized in that the method includes: providing an interface to the virtualization operating system Guest OS so that the Guest OS calls the interface to transfer the shared memory to the Guest OS The corresponding interrupt flag bit register sets the interrupt flag, the shared memory is a physical memory shared by the real-time embedded virtualization component Hypervisor and at least one Guest OS and used to record the interrupt flag, and different Guest OSs in the shared memory are different from the The memory spaces shared by the Hypervisor are isolated from each other;
检查所述中断标志位寄存器; Check the interrupt flag register;
若所述中断标志位寄存器表明所述 Guest OS需要关闭中断,则禁止向所述 Guest OS发送虚拟中断。 If the interrupt flag bit register indicates that the Guest OS needs to turn off interrupts, it is prohibited to send virtual interrupts to the Guest OS.
2、如权利要求 1所述的方法,其特征在于,所述向虚拟化操作系统 Guest OS 提供接口以使所述 Guest OS调用所述接口将共享内存中与所述 Guest OS对应 的中断标志位寄存器设置中断标志, 包括: 2. The method of claim 1, wherein the interface is provided to the virtualization operating system Guest OS so that the Guest OS calls the interface to set the interrupt flag bit corresponding to the Guest OS in the shared memory. Registers set interrupt flags, including:
向虚拟化操作系统 Guest OS提供接口以使所述 Guest OS调用所述接口; 根据所述接口提供的中间地址信息, 通过第一层地址映射访问中间地址, 根据所述中间地址并通过第二层地址映射访问所述共享内存, 将与所述 Guest OS对应的中断标志位寄存器设置中断标志。 Provide an interface to the virtualized operating system Guest OS so that the Guest OS calls the interface; access the intermediate address through the first layer address mapping according to the intermediate address information provided by the interface, and access the intermediate address according to the intermediate address and through the second layer The address mapping accesses the shared memory and sets the interrupt flag in the interrupt flag bit register corresponding to the Guest OS.
3、如权利要求 2所述的方法,其特征在于,所述向虚拟化操作系统 Guest OS 提供接口以使所述 Guest OS将共享内存中与所述 Guest OS对应的中断标志位 寄存器设置中断标志之前还包括: 建立所述共享内存。 3. The method of claim 2, wherein the interface is provided to the virtualization operating system Guest OS so that the Guest OS sets an interrupt flag in an interrupt flag bit register corresponding to the Guest OS in the shared memory. Also included before: Establishing the shared memory.
4、 如权利要求 1所述的方法, 其特征在于, 所述检查所述中断标志位寄存 器包括: 4. The method of claim 1, wherein the checking of the interrupt flag register includes:
按照所述 Hypervisor提供的时钟, 周期性地轮询所述中断标志位寄存器; 或者 Periodically poll the interrupt flag register according to the clock provided by the hypervisor; or
在硬件产生的物理中断的触发下, 检查所述中断标志位寄存器。 When triggered by a physical interrupt generated by hardware, the interrupt flag register is checked.
5、 如权利要求 4所述的方法, 其特征在于, 所述检查所述中断标志位寄存 器包括: 5. The method of claim 4, wherein: checking the interrupt flag register Devices include:
执行异常向量指定的异常处理函数以检查所述中断标志位寄存器。 Execute the exception handling function specified by the exception vector to check the interrupt flag register.
6、 一种虚拟化系统中关闭中断的装置, 其特征在于, 所述装置包括: 接口提供模块, 用于向虚拟化操作系统 Guest OS提供接口以使所述 Guest OS调用所述接口将共享内存中与所述 Guest OS对应的中断标志位寄存器设置 中断标志,所述共享内存为实时嵌入式虚拟化构件 Hypervisor与至少一个 Guest OS共享并用于记录中断标志的物理内存, 所述共享内存中不同的 Guest OS与 所述 Hypervisor共享的内存空间互相隔离; 6. A device for turning off interrupts in a virtualization system, characterized in that the device includes: an interface providing module, configured to provide an interface to the virtualization operating system Guest OS so that the Guest OS calls the interface to share the memory The interrupt flag bit register corresponding to the Guest OS sets the interrupt flag. The shared memory is a physical memory shared by the real-time embedded virtualization component Hypervisor and at least one Guest OS and used to record the interrupt flag. Different in the shared memory The memory space shared by the Guest OS and the hypervisor is isolated from each other;
标志位检查模块, 用于检查所述中断标志位寄存器; A flag bit check module, used to check the interrupt flag bit register;
中断截止发送模块,用于若所述标志位检查模块检查所述中断标志位寄存 器表明所述 Guest OS需要关闭中断, 则禁止向所述 Guest OS发送虚拟中断。 An interrupt cutoff sending module is configured to prohibit sending virtual interrupts to the Guest OS if the flag bit checking module checks the interrupt flag bit register and indicates that the Guest OS needs to turn off interrupts.
7、 如权利要求 6所述的装置, 其特征在于, 所述接口提供模块包括: 接口调用单元, 用于向虚拟化操作系统 Guest OS提供接口以使所述 Guest OS调用所述接口; 7. The device according to claim 6, wherein the interface providing module includes: an interface calling unit, configured to provide an interface to the virtualized operating system Guest OS so that the Guest OS calls the interface;
中断标志设置单元, 用于根据所述接口提供的中间地址信息,通过第一层 地址映射访问中间地址,才艮据所述中间地址并通过第二层地址映射访问所述共 享内存, 将与所述 Guest OS对应的中断标志位寄存器设置中断标志。 An interrupt flag setting unit, configured to access the intermediate address through the first layer address mapping according to the intermediate address information provided by the interface, and then access the shared memory according to the intermediate address and through the second layer address mapping. The interrupt flag bit register corresponding to the Guest OS sets the interrupt flag.
8、 如权利要求 6或 7所述的装置, 其特征在于, 所述装置还包括: 物理内存地址的映射; 8. The device according to claim 6 or 7, characterized in that the device further includes: mapping of physical memory addresses;
共享内存建立模块, 用于建立所述共享内存。 A shared memory creation module, used to create the shared memory.
9、 如权利要求 6所述的装置, 其特征在于, 所述标志位检查模块按照所述 Hypervisor提供的时钟, 周期性地轮询所述中断标志位寄存器; 或者 9. The device according to claim 6, wherein the flag checking module periodically polls the interrupt flag register according to the clock provided by the hypervisor; or
标志位检查模块在硬件产生的物理中断的触发下,检查所述中断标志位寄 存器。 The flag bit checking module checks the interrupt flag bit register when triggered by a physical interrupt generated by the hardware.
10、 如权利要求 9所述的装置, 其特征在于, 所述标志位检查模块包括: 执行单元,用于执行异常向量指定的异常处理函数以检查所述中断标志位 寄存器。 10. The device according to claim 9, wherein the flag bit checking module includes: an execution unit, configured to execute the exception handling function specified by the exception vector to check the interrupt flag bit register.
PCT/CN2013/070810 2012-06-21 2013-01-22 Method and device for disabling interruption in virtualization system WO2013189180A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210207137.5A CN102799480B (en) 2012-06-21 2012-06-21 Method and device for closing interrupt in virtualization system
CN201210207137.5 2012-06-21

Publications (1)

Publication Number Publication Date
WO2013189180A1 true WO2013189180A1 (en) 2013-12-27

Family

ID=47198595

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/070810 WO2013189180A1 (en) 2012-06-21 2013-01-22 Method and device for disabling interruption in virtualization system

Country Status (2)

Country Link
CN (1) CN102799480B (en)
WO (1) WO2013189180A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102799480B (en) * 2012-06-21 2015-06-17 华为技术有限公司 Method and device for closing interrupt in virtualization system
CN111240898B (en) * 2020-01-09 2023-08-15 中瓴智行(成都)科技有限公司 Method and system for realizing black box based on Hypervisor
CN116382856B (en) * 2023-06-02 2023-09-26 麒麟软件有限公司 Method for enhancing system instantaneity based on virtualized nesting

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101398768A (en) * 2008-10-28 2009-04-01 北京航空航天大学 Construct method of distributed virtual machine monitor system
CN101620547A (en) * 2009-07-03 2010-01-06 中国人民解放军国防科学技术大学 Virtual physical interrupt processing method of X86 computer
CN102279769A (en) * 2011-07-08 2011-12-14 西安交通大学 Embedded-Hypervisor-oriented interruption virtualization operation method
CN102799480A (en) * 2012-06-21 2012-11-28 华为技术有限公司 Method and device for closing interrupt in virtualization system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060005190A1 (en) * 2004-06-30 2006-01-05 Microsoft Corporation Systems and methods for implementing an operating system in a virtual machine environment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101398768A (en) * 2008-10-28 2009-04-01 北京航空航天大学 Construct method of distributed virtual machine monitor system
CN101620547A (en) * 2009-07-03 2010-01-06 中国人民解放军国防科学技术大学 Virtual physical interrupt processing method of X86 computer
CN102279769A (en) * 2011-07-08 2011-12-14 西安交通大学 Embedded-Hypervisor-oriented interruption virtualization operation method
CN102799480A (en) * 2012-06-21 2012-11-28 华为技术有限公司 Method and device for closing interrupt in virtualization system

Also Published As

Publication number Publication date
CN102799480B (en) 2015-06-17
CN102799480A (en) 2012-11-28

Similar Documents

Publication Publication Date Title
US10949247B2 (en) Systems and methods for auditing a virtual machine
US9442868B2 (en) Delivering interrupts directly to a virtual processor
US9633231B2 (en) Hardware-protective data processing systems and methods using an application executing in a secure domain
US10592434B2 (en) Hypervisor-enforced self encrypting memory in computing fabric
JP6063941B2 (en) Virtual high privilege mode for system administration requests
KR101823888B1 (en) Multinode hubs for trusted computing
US9864626B2 (en) Coordinating joint operation of multiple hypervisors in a computer system
JP6017706B2 (en) Mechanisms that support reliability, availability, and maintainability (RAS) flows in peer monitors
US11163597B2 (en) Persistent guest and software-defined storage in computing fabric
US11442770B2 (en) Formally verified trusted computing base with active security and policy enforcement
WO2013189180A1 (en) Method and device for disabling interruption in virtualization system
TW201432461A (en) High throughput low latency user mode drivers implemented in managed code
US20240070260A1 (en) Process Credential Protection
TWI733745B (en) Method and device for processing I/O request under core mode virtual machine (KVM) virtualization

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13807406

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13807406

Country of ref document: EP

Kind code of ref document: A1