WO2019012958A1 - Hypervisor program - Google Patents

Hypervisor program Download PDF

Info

Publication number
WO2019012958A1
WO2019012958A1 PCT/JP2018/023862 JP2018023862W WO2019012958A1 WO 2019012958 A1 WO2019012958 A1 WO 2019012958A1 JP 2018023862 W JP2018023862 W JP 2018023862W WO 2019012958 A1 WO2019012958 A1 WO 2019012958A1
Authority
WO
WIPO (PCT)
Prior art keywords
memory
virtual
transmission
data
hypervisor
Prior art date
Application number
PCT/JP2018/023862
Other languages
French (fr)
Japanese (ja)
Inventor
明紀 吉岡
秀一 加藤
将偉 江川
Original Assignee
株式会社Seltech
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社Seltech filed Critical 株式会社Seltech
Priority to JP2019529028A priority Critical patent/JP7090080B2/en
Publication of WO2019012958A1 publication Critical patent/WO2019012958A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication

Definitions

  • the present invention relates to a hypervisor program that enables data communication between virtual machines.
  • virtualization technology with merits such as cost reduction, power consumption reduction and high agility is widely spread, and cloud such as Infrastructure as a Service (IaaS) and Software as a Service (SaaS) is widely used. It is used as a basic technology.
  • virtualization technology has become the basic technology of Network Function Virtualization (NFV), and with the advancement of the Internet of Things (IoT), control technology fields such as automobiles, factories, home appliances etc. Is also expanding.
  • NFV Network Function Virtualization
  • IoT Internet of Things
  • a hypervisor operating on a physical computer causes a virtual computer equipped with a virtual CPU (Central Processing Unit), virtual memory, virtual storage, and virtual NIC (Network Interface Card) to function, and a guest OS on this virtual computer. (Operating System) runs.
  • the virtual machine can communicate with other virtual machines using the virtual NIC and virtual network functions provided by the hypervisor (Non-Patent Document 1).
  • Non-Patent Document 1 describes a device for reducing the number of copies of data, further speeding up is required.
  • the present invention has been made in view of such a background, and an object of the present invention is to provide a hypervisor program that enables high-speed data communication between virtual machines.
  • the present invention is a hypervisor that operates a plurality of virtual computers on a physical computer and mediates data communication between the virtual computers, and among the virtual computers, a data transmission side
  • the reception side virtual computer which is the reception side of the data among the virtual machines is notified of the reception request by interruption, and the reception memory area is received from the reception side virtual computer.
  • a hypervisor program is provided to implement a hypervisor including a memory copy unit that copies data of the transmission memory area to the reception memory area upon receiving the notification.
  • the physical computer can transmit data from the transmission memory area to the reception memory area with one copy. This makes it possible to transmit data at high speed from the sending virtual computer to the receiving virtual computer.
  • FIG. 18 is a diagram showing a state of mapping between virtual memory of the virtual computer and physical memory of the host computer at the time when the virtual computer secures a received memory page according to the third embodiment.
  • FIG. 17 is a diagram showing a state of mapping between virtual memory of the virtual computer and physical memory of the host computer at the time of changing memory mapping according to the third embodiment.
  • FIG. 1 is a diagram showing an overall configuration of a host computer 10 according to the first embodiment.
  • the host computer (physical computer) 10 is configured including a CPU 31, a memory 32, a storage 33, an input / output unit 34, a hypervisor 20, and virtual computers (60, 70).
  • the CPU 31 executes a program stored in the storage 33 to cause a hypervisor 20 described later or a virtual computer (60, 70) on the hypervisor 20 to function.
  • the memory 32 stores data necessary for processing executed by the CPU 31.
  • the storage 33 stores programs and data of the hypervisor 20 and virtual machines (60, 70).
  • the input / output unit 34 exchanges data with other computers, displays (not shown), and a keyboard (not shown).
  • the hypervisor 20 virtualizes the CPU 31, the memory 32, the storage 33, and the input / output unit 34 to operate a virtual computer.
  • the hypervisor 20 includes a memory copy unit 21 that copies data in the virtual memory of the virtual machine 60 to the virtual memory of the virtual machine 70, and mediates data communication between the virtual machines (60, 70).
  • the virtual computer 60 is a virtual computer on the hypervisor 20, and operates on the virtual CPU 61, virtual memory 62, virtual storage (not shown), virtual input / output unit (not shown), guest OS 65, guest OS 65 (Not shown) is comprised.
  • the virtual CPU 61, virtual memory 62, virtual storage (not shown) and virtual input / output unit (not shown) are virtual CPU, memory, storage and input / output unit provided by the hypervisor 20 and provided in the virtual computer 60. .
  • the guest OS 65 is an OS operating on virtual hardware of the virtual CPU 61, the virtual memory 62, the virtual storage (not shown), and the virtual input / output unit (not shown).
  • the service is called using the HVC (Hypervisor Call).
  • the hypervisor 20 makes a request to the guest OS 65, notification is made using an interrupt.
  • the guest OS 65 accesses the virtual memory 62 as a physical memory of the virtual computer 60, but in practice the CPU 31 and the hypervisor 20 convert the address on the virtual memory 62 into the address on the memory 32 of the host computer 10 To access the memory 32.
  • the virtual computer 70 also has the same configuration as the virtual computer 60, and includes a virtual CPU 71, a virtual memory 72, and a guest OS 75.
  • the virtual machines (60, 70) on the hypervisor 20 may be three or more.
  • the memory copy unit 21 copies data of the memory 32 corresponding to the virtual memory 62 to the memory 32 corresponding to the virtual memory 72.
  • FIG. 2 is a sequence diagram showing a flow of data transmission processing from the virtual computer 60 to the virtual computer 70, which is started by the virtual machine 70 on the receiving side according to the first embodiment.
  • a process in which the memory copy unit 21 of the hypervisor 20 copies data in the virtual memory 62 of the virtual computer 60 to the virtual memory 72 of the virtual computer 70 will be described with reference to FIG.
  • a receiving memory area which is an area for receiving data, is secured by the virtual computer 70 on the receiving side.
  • the virtual computer 70 notifies the hypervisor 20 of the reception memory area using the HVC to request data reception. Specifically, the virtual computer 70 sets the address and size of the reception memory area in a specific register of the virtual CPU 71, and executes HVC for notifying the reception memory area.
  • the hypervisor 20 transfers the HVC to the memory copy unit 21 that executes the memory copy process.
  • step S103 the memory copy unit 21 notifies the transmission-side virtual computer 60 of the transmission request using the interrupt.
  • step S104 the virtual computer 60 in which the transmission request interrupt has occurred secures a transmission memory area for storing transmission data.
  • step S105 the virtual computer 60 sets transmission data in the transmission memory area.
  • step S106 the virtual computer 60 sets the address and size of the transmission memory area in a register, notifies the transmission memory area, and executes HVC for requesting data transmission.
  • step S107 the memory copy unit 21 copies data from the transmission memory area to the reception memory area. Specifically, the memory copy unit 21 copies data on the memory 32 of the host computer 10 corresponding to the transmission memory area of the virtual computer 60 to a location (address) of the memory 32 corresponding to the reception memory area of the virtual computer 70. .
  • step S108 the memory copy unit 21 notifies the virtual computer 60 of the completion of the copy using an interrupt. Note that the type (interrupt vector) differs between the interrupt in step S103 and the interrupt in step S108.
  • step S109 the memory copy unit 21 notifies the virtual computer 70 of the completion of the copy using an interrupt. Thereafter, the virtual computer 70 can access the transmission data.
  • the interrupt in step S108 and the interrupt in step S109 have the same type (interrupt vector).
  • the memory copy is performed only once in step S107, and data can be transmitted from the virtual memory 62 of the virtual computer 60 to the virtual memory 72 of the virtual computer 70 at high speed.
  • the memory copy unit 21 uses an interrupt to notify the virtual computer 60 of copy completion (see step S108). Instead of the interrupt, the memory copy unit 21 may use the reply (return value) of the HVC (see step S106) for notifying the transmission memory area. Specifically, the memory copy unit 21 receives the notification of the transmission memory area by the HVC in step S106, and subsequently executes the copy process of step S107 to notify the virtual computer 60 of copy completion as a response to the HVC in step S106. Do.
  • step S107 of the repeating process the hypervisor 20 copies the present data to a position following the previously copied data in the reception memory area.
  • the transmission-side virtual computer 60 notifies the hypervisor 20 of the end of transmission by setting the size of the transmission memory area to 0 in step S106.
  • the hypervisor 20 that has received the notification of the transmission completion ends the iterative process without performing the process of step S107, and proceeds to step S108.
  • the hypervisor 20 may proceed to step S109 without proceeding to step S108.
  • FIG. 3 is a sequence diagram showing a flow of data transmission processing from the virtual computer 60 to the virtual computer 70 according to the third modification of the first embodiment.
  • the memory copy unit 21 of the hypervisor 20 divides the data in the virtual memory 62 of the virtual machine 60 into multiple times to divide the data of the virtual machine 70. The process of copying to the virtual memory 72 will be described.
  • Steps S121 to S126 are the same as steps S101 to S106, respectively.
  • the memory copy unit 21 copies data from the transmission memory area to the reception memory area to the transmission memory by the size of the reception memory.
  • step S128 the memory copy unit 21 notifies the virtual computer 70 of the shortage of the reception memory area using an interrupt.
  • Step S129 and step S130 are the same as step S101 and step S102, respectively.
  • step S131 the memory copy unit 21 copies data in the transmission memory area from the next position copied in step S127 to the reception memory area.
  • the size to be copied is the size of an area that has not been copied, if the size of the area in the transmission memory area that has not been copied is less than the size of the reception memory area. Otherwise, the size to copy is the size of the receive memory area. In the following, the description will be continued assuming that the size of the transmission memory area that has not been copied is equal to or less than the size of the reception memory area.
  • Steps S132 and S133 are the same as steps S108 and S109, respectively.
  • step S131 if the size of the transmission memory area that has not been copied is larger than the size of the reception memory area, the processing of steps S128 to S131 is repeated.
  • the size of one communication data (communication packet) has an upper limit. If a reception memory area larger than this size is secured, data transmission can be performed at higher speed than data transmission via a network.
  • the memory copy unit 21 uses an interrupt to notify the virtual computer 70 of the copy completion (see step S133). Instead of the interrupt, the memory copy unit 21 may use the response of the HVC (see step S130) for notifying the reception memory area. Specifically, when the memory copy unit 21 receives the notification of the reception memory area by the HVC in step S130 and subsequently the copy processing in step S131 is completed, the copy completion is sent to the virtual computer 70 as a response to the HVC in step S130. Notice.
  • the memory copy unit 21 uses an interrupt to notify the virtual computer 70 of the area shortage (see step S128). Instead of the interrupt, the memory copy unit 21 may use the response of the HVC (see step S130) for notifying the reception memory area. Specifically, when the memory copy unit 21 receives the notification of the reception memory area by the HVC in step S130, and the copy process in step S131 is not completed, the area shortage is sent to the virtual computer 70 as a reply of HVC in step S130. Notice. Thereafter, the virtual computer 70 and the memory copy unit 21 repeat steps S129 to S131.
  • FIG. 4 is a sequence diagram showing a flow of data transmission processing from the virtual computer 60 to the virtual computer 70, which is started by the transmission-side virtual computer 60 according to the second embodiment.
  • a process in which the memory copy unit 21 of the hypervisor 20 copies data in the virtual memory 62 of the virtual computer 60 to the virtual memory 72 of the virtual computer 70 will be described with reference to FIG. 4.
  • Steps S201 to S203 are the same as steps S104 to S106 described in FIG.
  • the memory copy unit 21 notifies the reception-side virtual machine 70 of the reception side using an interrupt.
  • Steps S205 and S206 are the same as steps S101 and S102 shown in FIG. 2, respectively.
  • Steps S207 to S209 are the same as steps S107 to S109 shown in FIG.
  • the memory copy process is performed only once in step S207, and data can be transmitted from the virtual memory 62 of the virtual machine 60 to the virtual memory 72 of the virtual machine 70 at high speed.
  • the memory copy unit 21 uses an interrupt to notify the virtual computer 70 of copy completion (see step S209). Instead of the interrupt, the memory copy unit 21 may use the response of the HVC (see step S206) for notifying the reception memory area. Specifically, the memory copy unit 21 receives the notification of the reception memory area by the HVC in step S206, and subsequently executes the copy process of step S207 to notify the virtual computer 70 of copy completion as a response to the HVC in step S206. Do.
  • the response of the HVC (see step S130) for notifying the reception memory area may be used.
  • the memory copy unit 21 receives the notification of the reception memory area by the HVC in step S130 and subsequently the copy processing in step S131 is completed, the copy completion is sent to the virtual computer 70 as a response to the HVC in step S130. Notice.
  • the hypervisor 20 copies data from the virtual memory 62 of the virtual computer 60 to the virtual memory 72 of the virtual computer 70 and transmits the data. Specifically, the hypervisor 20 copies data from the area of the memory 32 corresponding to the virtual memory 62 to the area of the memory 32 corresponding to the virtual memory 72.
  • the hypervisor 20 changes the correspondence (memory mapping) between the virtual memory (62, 72) and the memory 32, thereby making data transmission unnecessary without data copying.
  • FIG. 5 is a diagram showing an overall configuration of a host computer 10A according to the third embodiment.
  • the hypervisor 20A includes a memory mapping unit 22 instead of the memory copy unit 21.
  • the other configuration is the same as that of the host computer 10.
  • the mapping (correspondence) between the virtual memory (62, 72) and the memory 32 is managed using an extended page table (41, 42, see FIG. 6) described later.
  • the memory mapping unit 22 transmits data (memory page) from the virtual computer 60 to the virtual computer 70 by changing the extension page table (41, 42).
  • FIG. 6 is a diagram for explaining the state of mapping between the virtual memory of the virtual computer and the physical memory of the host computer according to the third embodiment.
  • the extended page table 41 described on the center of FIG. 6 is tabular data indicating the correspondence between the page of the virtual memory 62 of the virtual computer 60 and the page of the memory 32, and is stored on the memory 32.
  • the records (rows) of the extended page table include a GPA (Guest Physical Address) 411 which is a logical address of a page constituting the virtual memory 62 and a PA (Physical Address) 412 which is a physical address of a page constituting the memory 32. Contains attributes (columns).
  • the GPA 411 is a physical address when viewed from the virtual computer 60 but becomes a logical address (virtual physical address shown to the virtual computer 60) when viewed from the hypervisor 20A.
  • the transmission memory page of the virtual memory 62 whose GPA is 300 is mapped to the memory 32 whose PA is 440, and the data of the transmission memory page is a page of the memory 32 starting from 440 (FIG. 6). Indicates that it is stored in the host physical memory page). The same applies to the record 418.
  • the extended page table 42 described in the lower center of FIG. 6 is a tabular data indicating the correspondence between the page of the virtual memory 72 of the virtual machine 70 and the page of the memory 32, and the extended page table 41 of the virtual machine 60 and It is the same composition.
  • a record 429 indicates that the page of the virtual memory 72 whose GPA is 420 is mapped to the page of the memory 32 whose PA is 900.
  • FIG. 7 is a sequence diagram showing a flow of data transmission processing by memory mapping change from the virtual computer 60 to the virtual computer 70 according to the third embodiment.
  • the memory mapping unit 22 of the hypervisor 20A changes the memory mapping between the page on the virtual memory 62 of the virtual machine 60 and the page on the virtual memory 72 of the virtual machine 70, thereby transmitting data. The processing to be realized will be described.
  • step S301 the transmission memory page, which is an area to which the virtual computer 60 on the transmission side transmits data, is secured.
  • FIG. 6 shows the state of memory mapping at this time, where the memory page of virtual memory 62 starting from address 300 of virtual machine 60 is mapped to the memory page of memory 32 starting from address 440 of host computer 10A Show that
  • step S302 the virtual computer 60 sets transmission data in the transmission memory page.
  • the set data is stored in a memory page of memory 32 starting at address 440.
  • step S303 the virtual computer 60 notifies the hypervisor 20 of the transmission memory page using the HVC to request data transmission.
  • the virtual computer 60 sets the address of the transmission memory page in a specific register of the virtual CPU 61, and executes the HVC which notifies the transmission memory page and requests data transmission.
  • the hypervisor 20 transfers the HVC to the memory mapping unit 22 that executes the memory mapping change process.
  • step S304 the memory mapping unit 22 notifies the reception-side virtual machine 70 of the reception side using an interrupt.
  • step S305 the virtual computer 70 that has generated the reception request interrupt secures the received memory page.
  • FIG. 8 is a diagram showing the state of mapping between the virtual memory of the virtual computer and the physical memory of the host computer when the virtual computer 70 secures the received memory page according to the third embodiment.
  • the received memory page starting from the address 120 on the virtual memory 72 is a page starting from the address 700 on the memory 32 (denoted as host physical memory page in FIG. 8) Is mapped to
  • step S306 the virtual computer 70 sets the address of the received memory page in a specific register and executes HVC for notifying the received memory page.
  • step S307 the memory mapping unit 22 changes the memory mapping. Specifically, the memory mapping unit 22 performs the following processing. (1) A memory page is newly secured on the memory 32. (2) The PA 412 of the record 419 corresponding to the transmission memory page of the expansion page table 41 of the virtual computer 60 is changed to the physical address of the memory page secured in (1). (3) The PA 422 of the record 428 corresponding to the received memory page of the expanded page table 42 of the virtual computer 70 is changed to the physical address of the mapping destination of the logical address of the transmitted memory page before the change of (2).
  • FIG. 9 is a diagram showing the state of mapping between the virtual memory of the virtual computer and the physical memory of the host computer at the time of changing the memory mapping according to the third embodiment. Compared to FIG. 8, PA 412 of record 419 is changed from 440 to 340, and PA 422 of record 428 is changed from 700 to 440. The receive memory page has been modified to map to the page starting at address 440 where the transmit memory page was mapped.
  • step S308 the memory mapping unit 22 notifies the virtual computer 60 of the completion of the mapping change using an interrupt.
  • step S309 the memory mapping unit 22 notifies the virtual computer 70 of the completion of the mapping change using an interrupt.
  • the memory mapping unit 22 uses an interrupt to notify the virtual computer 70 that the change of the mapping is completed (see step S309). Instead of the interrupt, the memory mapping unit 22 may use the response of the HVC (see step S306) for notifying the received memory page. Specifically, the memory mapping unit 22 receives the notification of the received memory page by the HVC in step S306, and subsequently executes the memory mapping change process of step S307, and the mapping change completion is virtual as a response of the HVC in step S306. It notifies the computer 70.
  • FIG. 10 is a sequence diagram showing a flow of data transmission processing by changing the mapping of a plurality of memory pages of the virtual computer 60 and the virtual computer 70 according to the second modification of the third embodiment.
  • step S321 the virtual computer 60 on the transmission side secures a plurality of continuous transmission memory pages which is an area to which data is transmitted.
  • step S322 the virtual computer 60 sets transmission data in the transmission memory page.
  • step S323 the virtual computer 60 notifies the hypervisor 20 of the transmission memory page using the HVC to request data transmission. Specifically, the virtual computer 60 sets the address and the page number of the transmission memory page in a specific register of the virtual CPU 61, and executes the HVC for notifying the transmission memory page. The hypervisor 20 transfers the HVC to the memory mapping unit 22 that executes the memory mapping change process.
  • step S324 the memory mapping unit 22 notifies the reception-side virtual machine 70 of the reception side using an interrupt.
  • step S325 the virtual computer 70 that has generated the interrupt secures the received memory page.
  • the virtual machine 70 may reserve a plurality of consecutive receive memory pages.
  • step S326 the virtual computer 70 sets the address and page number of the receiving memory to the specific register, and executes HVC notifying the receiving memory page.
  • the memory mapping unit 22 compares the number of transmission memory pages and the number of reception memory pages. Here, the description will be continued assuming that the number of pages of the transmission memory page and the number of pages of the reception memory page are different. If they are the same, the process proceeds to step S329.
  • the memory mapping unit 22 returns the page number of the transmission memory page as a response of the HVC.
  • the virtual computer 70 secures continuous received memory pages of the number of pages that have been returned by the HVC.
  • step S328 the virtual computer 70 sets the address and page number of the receiving memory to the register, and executes the HVC notifying the receiving memory page.
  • step S329 the memory mapping unit 22 changes the memory mapping. Specifically, as in step S307, the memory mapping unit 22 changes the PA 412 of the record of the transmission memory page of the expansion page table 41 for the virtual computer 60 on the transmission side to a new memory page address, and The PA 422 of the record of the reception memory page of the expanded page table 42 for the virtual computer 70 is changed to the address of the page on the memory 32 to which the transmission memory page has been mapped. The memory mapping unit 22 changes the PA 422 of the plurality of records of the extended page table 42 so that the continuous original transmission memory page is mapped to the continuous reception memory page.
  • step S330 the memory mapping unit 22 notifies the virtual computer 60 of the completion of the mapping change using an interrupt.
  • step S331 the memory mapping unit 22 notifies the virtual computer 70 of the completion of the mapping change using an interrupt.
  • the memory mapping unit 22 uses an interrupt to notify the virtual computer 70 that the change of the mapping is completed (see step S331). Instead of the interrupt, the memory mapping unit 22 may use the response of the HVC (see step S328) notifying the received memory page. Specifically, the memory mapping unit 22 receives the notification of the received memory page by the HVC in step S328, and then executes the memory mapping change process of step S329, and completes mapping change completion as a response of HVC in step S328. It notifies the computer 70.
  • the virtual computer 60 is prohibited by prohibiting data transmission from the virtual computer 70 to the virtual computer 60. It is possible to prevent leakage of highly sensitive information. Also, regardless of the level of sensitivity, if a computer running a dangerous program such as malware is made to receive only and can not transmit data, the malware will not spread to other computers. it can. Hereinafter, data transmission by copying between virtual memories in which the direction of data transmission is limited will be described.
  • FIG. 11 is a view exemplifying the data configuration of the virtual computer database 51 stored on the storage 33 according to the fourth embodiment.
  • the virtual computer database 51 is tabular data, and one record (row) represents one virtual computer (60, 70), and attributes (columns) of virtual computer ID 511, hardware setting 512, and authentication information 513 are stored. Including.
  • the virtual computer ID 511 is identification information (ID, Identifire) of the virtual computer (60, 70).
  • the hardware setting 512 is setting information of hardware of the virtual computer (60, 70), and the number of cores of the virtual CPU (61, 71), the size of the virtual memory (62, 72), virtual NIC (not shown) It includes information indicating an area (sector) of a storage (MAC) address (Media Access Control) address, an area allocated to a virtual storage (not shown) of the virtual machine (60, 70), etc.
  • the authentication information 513 is authentication information of the record and its contents, and is a hash value or digital signature of the virtual computer ID 511 and the hardware setting 512.
  • the authentication information 513 may be a hash value or digital signature of data including a boot loader on a virtual storage, a kernel of a guest OS (65, 75), etc., in addition to the virtual machine ID 511 and the hardware setting 512.
  • the hypervisor (20, 20A) checks the hardware setting, the boot loader, and the kernel of the guest OS against the hash value or digital signature of the authentication information 513, and fails in matching. In this case, the activation of the virtual computer (60, 70) is discontinued.
  • a record 519 indicates that the number of cores of the virtual CPU of the virtual computer whose virtual computer ID 511 is “VM # 60” is 1 and the MAC address of the virtual NIC starts with “3F34”.
  • FIG. 12 is a view exemplifying the data configuration of the information flow control management database 52 stored on the storage 33 according to the fourth embodiment.
  • the information flow control management database 52 is tabular data, and one record (row) indicates the direction of data transmission between the permitted virtual machines, and attributes (columns) of the transmission source 521 and the transmission destination 522 Including.
  • the transmission source 521 is the virtual computer ID 511 of the virtual computer that is the data transmission source of the permitted data transmission direction
  • the transmission destination 522 is the virtual computer ID 511 of the virtual computer that is the data transmission destination of the permitted data transmission direction.
  • a record 529 indicates that data transmission from “VM # 60” to “VM # 70” is possible.
  • the information flow control management database 52 includes only authorized data transmission directions and does not include unauthorized data transmission directions.
  • FIG. 13 is a sequence diagram showing a flow of data transmission processing from the virtual computer 60 to the virtual computer 70 with information flow control according to the fourth embodiment.
  • a process in which the memory copy unit 21 of the hypervisor 20 copies data in the virtual memory 62 of the virtual computer 60 to the virtual memory 72 of the virtual computer 70 will be described with reference to FIG. 13.
  • Steps S401 to S403 are the same as steps S201 to S203 shown in FIG. 4, respectively.
  • step S404 the memory copy unit 21 to which the HVC of step S403 has been transferred from the hypervisor 20 determines whether data transmission to the virtual computer 70 is possible with reference to the information flow control management database 52. Specifically, the memory copy unit 21 searches for a record in which the transmission source 521 is the virtual computer ID of the virtual computer 60 and the transmission destination 522 is the virtual computer ID of the virtual computer 70. Subsequently, the memory copying unit 21 determines that transmission is possible if the record exists, and proceeds to step S406, and determines that transmission is not possible if the record does not exist, and proceeds to step S405.
  • step S405 the memory copy unit 21 notifies the virtual computer 60 that transmission is not possible using an interrupt. An interrupt occurs in the virtual computer 60, and this data transmission process is ended.
  • Steps S406 to S411 are the same as steps S204 to S209 shown in FIG. 4, respectively.
  • the memory copy unit 21 determines in step S404 whether data transmission can be performed. Unlike this, the memory copying unit 21 may determine whether or not data transmission can be performed, for example, after the HVC notifying the reception memory area in step S408 before copying the data.
  • the interrupt is used to notify the virtual computer 60 in step S405.
  • the memory copy unit 21 may use the response of the HVC (see step S403) for notifying the transmission memory area. Specifically, the memory copy unit 21 receives the notification of the transmission memory area by the HVC in step S403, and subsequently, when the transmission is not possible in step S404, the virtual computer 60 is notified of the transmission impossible as a response to the HVC in step S403. Do.
  • FIG. 14 is a sequence diagram showing a flow of data transmission processing by memory mapping change from the virtual computer 60 to the virtual computer 70 with information flow control according to the fifth embodiment.
  • the memory mapping unit 22 of the hypervisor 20A changes the memory mapping between the page on the virtual memory 62 of the virtual machine 60 and the page on the virtual memory 72 of the virtual machine 70, thereby transmitting data. The processing to be realized will be described.
  • Steps S501 to S503 are the same as steps S301 to S303 described in FIG.
  • the memory mapping unit 22 to which the HVC of step S503 has been transferred from the hypervisor 20A determines whether data transmission to the virtual computer 70 is possible with reference to the information flow control management database 52. Specifically, the memory mapping unit 22 searches for a record in which the transmission source 521 is the virtual computer ID of the virtual computer 60 and the transmission destination 522 is the virtual computer ID of the virtual computer 70. Subsequently, the memory mapping unit 22 determines that transmission is possible if the record exists, and proceeds to step S506, and determines that transmission is not possible if the record does not exist, and proceeds to step S505.
  • step S505 the memory mapping unit 22 notifies the virtual computer 60 that transmission is not possible using an interrupt. An interrupt occurs in the virtual computer 60, and this data transmission process is ended. Steps S506 to S511 are the same as steps S304 to S309 described in FIG.
  • the memory mapping unit 22 determines whether or not data transmission is possible in step S504. Unlike this, the memory mapping unit 22 may determine whether or not to transmit data, for example, after the HVC notifying the received memory page in step S508 before changing the memory mapping. In step S504, when the memory mapping unit 22 determines that transmission is not possible, the interrupt is used to notify the virtual computer 60 in step S505. Instead of the interrupt, the memory mapping unit 22 may use the response of the HVC (see step S503) for notifying the transmission memory page.
  • the HVC parameters for the virtual computer (60, 70) to notify the hypervisor (20, 20A) of the transmission memory area, the reception memory area and the like are set in a specific register.
  • the parameters may be stored on a memory, and the address of the memory may be set in a specific register.
  • the hypervisor (20, 20A) stores the result at the time of HVC completion, such as the area shortage, the number of transmission memory page pages (see step S326 in FIG. 10), copy completion, copied memory size in the memory. You may
  • the hypervisor (20, 20A) when the hypervisor (20, 20A) notifies a virtual machine (60, 70) of a transmission request, a reception request, etc., it has notified using a type of interrupt (interrupt vector).
  • the type of interrupt (interrupt vector) is one, and the type of notification such as a transmission request or reception request may be notified as a parameter of the interrupt via a specific register.
  • the type of notification may be stored on a memory, and the address of the memory may be set in a specific register.
  • the virtual machine (60, 70) may use the HVC to obtain the last interrupt type.
  • the virtual machine 70 on the receiving side has received the data transmitted by the virtual machine 60 on the transmitting side as it is.
  • the hypervisor 20 may convert and the virtual computer 70 may receive it. Examples of conversion include, but are not limited to, encryption, decryption, endian (byte order) conversion, data compression, data decompression, encoding, decoding, and combinations thereof.
  • the key necessary for the encryption and decryption may be accessible only to the hypervisor 20, and may be encrypted and decrypted exclusively by the hypervisor 20. If virtual machines (60, 70) are connected to an external network such as the Internet and there is a risk of being attacked from the outside or infected with malware, do not put keys on the virtual machines (60, 70) This will ensure the safety of the data.
  • the hypervisor 20 has notified the virtual machine 70 on the reception side using an interrupt that the reception memory area is insufficient or copy completion (steps S128 and S133). reference). Instead of the interrupt, the hypervisor 20 may notify using a specific part of the reception memory area. For example, the hypervisor 20 may notify the virtual machine 70 that the first 1 byte of the reception memory area is 1, if the reception memory area is insufficient, and 2 if the copy is complete. In this case, data is copied to the second and subsequent bytes. Also in the other embodiment or modification, the hypervisor 20 may notify the virtual computer (60, 70) of a transmission request, reception request, copy completion, etc. via a specific part of the memory area.
  • the transmitting side is fixed to the virtual computer 60
  • the receiving side is fixed to the virtual computer 70.
  • the virtual computer (60, 70) may be able to specify the communication partner.
  • the virtual machine 60 on the transmitting side may be able to specify the virtual machine on the receiving side.
  • a virtual machine on the receiving side may be designated as a parameter of the HVC (step S203) for notifying the transmission memory area.
  • the hypervisor 20 notifies the virtual machine on the receiving side of the virtual machine on the transmitting side via the parameter of the interrupt of the reception request (step S204), the type of the interrupt (interrupt vector), and the specific part of the receiving memory area. You may do it.
  • the virtual machine 70 on the receiving side may be able to specify the communication partner.
  • the virtual machine on the transmission side may be set in a parameter of the HVC (step S102) for notifying the reception memory area of the virtual machine 70 or a specific part of the reception memory area.
  • the virtual machine on the transmission side and the virtual machine on the reception side are each one.
  • one transmission-side virtual computer may transmit data to a plurality of virtual computers.
  • the memory copy unit 21 copies data from the transmission memory area to the reception memory area of each of the plurality of virtual machines on the reception side.
  • the memory mapping unit 22 maps the respective received memory pages of the plurality of receiving virtual machines to the host physical memory page corresponding to the transmission memory page before the change. Do.
  • the guest OS (65, 75) runs on the virtual computer (60, 70), and the application runs on it. Even when there is no guest OS and the application runs directly on the virtual machine (60, 70), the application executes HVC and processes the interrupt to send the data set in the virtual memory (62, 72) can do.
  • the hypervisor 20 realizes data transmission from the virtual computer 60 to the virtual computer 70 by copying data from the transmission memory area on the memory 32 to the reception memory area.
  • the number of data copies is reduced compared to conventional data transmission, and high speed transmission can be performed.
  • the hypervisor 20A of the third embodiment changes the memory mapping and transmits data, the data is not copied and can be transmitted at higher speed.
  • the data transmission direction is limited to one direction, and it is possible to prevent the leak of dangerous data such as highly sensitive information and malware.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Memory System Of A Hierarchy Structure (AREA)

Abstract

In the present invention, in order to enable high-speed communication between virtual computers, a hypervisor (20) of a host computer (10) comprises a memory copy unit (21) that receives notification of a transmission memory area using an HVC (Hypervisor Call) from a virtual computer (60) on a transmission side, receives notification of a reception memory area using an HCV from a virtual computer (70) on a reception side, and copies data in the transmission memory area to the reception memory area.

Description

ハイパーバイザプログラムHypervisor program
 本発明は、仮想計算機間でデータ通信が可能となるハイパーバイザプログラムに関する。 The present invention relates to a hypervisor program that enables data communication between virtual machines.
 情報技術分野では、コスト削減、消費電力削減、高い俊敏性などのメリットがある仮想化技術が広く普及しており、IaaS(Infrastructure as a Service)やSaaS(Software as a Service)のようなクラウドの基盤技術として用いられている。また、通信サービス事業においても、仮想化技術は、NFV(Network Function Virtualization)の基盤技術となっており、さらにIoT(Internet of Things)の進展に伴い、自動車や工場、家電などの制御技術分野にも拡大しつつある。 In the information technology field, virtualization technology with merits such as cost reduction, power consumption reduction and high agility is widely spread, and cloud such as Infrastructure as a Service (IaaS) and Software as a Service (SaaS) is widely used. It is used as a basic technology. In addition, in the communication service business, virtualization technology has become the basic technology of Network Function Virtualization (NFV), and with the advancement of the Internet of Things (IoT), control technology fields such as automobiles, factories, home appliances etc. Is also expanding.
 仮想化技術を用いることで、1つの物理計算機上で複数の仮想計算機を稼働させることができる。詳しくは、物理計算機上で稼働するハイパーバイザが、仮想CPU(Central Processing Unit)や仮想メモリ、仮想ストレージ、仮想NIC(Network Interface Card)を備えた仮想計算機を機能させ、この仮想計算機上でゲストOS(Operating System)が稼働する。仮想計算機は、ハイパーバイザが提供する仮想NICと仮想ネットワークの機能を用いて、他の仮想計算機と通信することができる(非特許文献1)。 By using the virtualization technology, it is possible to operate a plurality of virtual machines on one physical machine. Specifically, a hypervisor operating on a physical computer causes a virtual computer equipped with a virtual CPU (Central Processing Unit), virtual memory, virtual storage, and virtual NIC (Network Interface Card) to function, and a guest OS on this virtual computer. (Operating System) runs. The virtual machine can communicate with other virtual machines using the virtual NIC and virtual network functions provided by the hypervisor (Non-Patent Document 1).
 仮想NICと仮想ネットワークを介した通信では、通信データの送受信を開始する前に、通信路を開設するためのハンドシェイク処理が必要である。また、送信側ゲストOS上のアプリケーションから送信側ゲストOSへ、送信側ゲストOSから送信側仮想NICへ、送信側仮想NICから受信側仮想NICへ、受信側仮想NICから受信側ゲストOSへ、および、受信側ゲストOSから受信側ゲストOS上のアプリケーションへの5回のデータコピーがあるために通信処理に時間を要する。非特許文献1では、データのコピー回数を削減する工夫が記載されているが、さらなる高速化が求められている。 In communication via a virtual NIC and a virtual network, a handshake process for establishing a communication path is required before starting transmission and reception of communication data. Also, the application on the sending guest OS to the sending guest OS, the sending guest OS to the sending virtual NIC, the sending virtual NIC to the receiving virtual NIC, the receiving virtual NIC to the receiving guest OS, and Since there are five data copies from the receiving guest OS to the application on the receiving guest OS, it takes time for communication processing. Although Non-Patent Document 1 describes a device for reducing the number of copies of data, further speeding up is required.
 このような背景を鑑みて本発明がなされたのであり、本発明は、仮想計算機間で高速なデータ通信を可能とするハイパーバイザプログラムを提供することを課題とする。 The present invention has been made in view of such a background, and an object of the present invention is to provide a hypervisor program that enables high-speed data communication between virtual machines.
 前記した課題を解決するため、本発明は、物理計算機上に複数の仮想計算機を稼働させ、前記仮想計算機の間のデータ通信を仲介するハイパーバイザであって、前記仮想計算機のうちデータの送信側である送信側仮想計算機から送信メモリ領域の通知を受けると、前記仮想計算機のうちデータの受信側である受信側仮想計算機に割込で受信要求を通知し、前記受信側仮想計算機から受信メモリ領域の通知を受けると、前記送信メモリ領域のデータを前記受信メモリ領域にコピーするメモリコピー部を備えるハイパーバイザ、を実現させるためのハイパーバイザプログラムとした。 In order to solve the problems described above, the present invention is a hypervisor that operates a plurality of virtual computers on a physical computer and mediates data communication between the virtual computers, and among the virtual computers, a data transmission side When receiving the notification of the transmission memory area from the transmission side virtual computer which is the above, the reception side virtual computer which is the reception side of the data among the virtual machines is notified of the reception request by interruption, and the reception memory area is received from the reception side virtual computer. A hypervisor program is provided to implement a hypervisor including a memory copy unit that copies data of the transmission memory area to the reception memory area upon receiving the notification.
 このようにすることで、物理計算機は、送信メモリ領域から受信メモリ領域に1度のコピーでデータを送信することができる。これにより、送信側仮想計算機から受信側仮想計算機へ高速にデータ送信することが可能となる。 By doing this, the physical computer can transmit data from the transmission memory area to the reception memory area with one copy. This makes it possible to transmit data at high speed from the sending virtual computer to the receiving virtual computer.
 本発明によれば、仮想計算機間で高速なデータ通信を可能とするハイパーバイザプログラムを提供することができる。 According to the present invention, it is possible to provide a hypervisor program that enables high-speed data communication between virtual machines.
第1の実施形態に係るホスト計算機の全体構成を示す図である。It is a figure which shows the whole structure of the host computer which concerns on 1st Embodiment. 第1の実施形態に係る受信側の仮想計算機が開始する、仮想計算機から仮想計算機へのデータ送信処理の流れを示すシーケンス図である。It is a sequence diagram which shows the flow of the data transmission process from a virtual computer to a virtual computer which the virtual computer of the receiving side which concerns on 1st Embodiment starts. 第1の実施形態の変形例3に係る仮想計算機から仮想計算機へのデータ送信処理の流れを示すシーケンス図である。It is a sequence diagram which shows the flow of the data transmission process from the virtual computer which concerns on the modification 3 of 1st Embodiment to a virtual computer. 第2の実施形態に係る送信側の仮想計算機が開始する、仮想計算機から仮想計算機へのデータ送信処理の流れを示すシーケンス図である。It is a sequence diagram which shows the flow of the data transmission process from a virtual computer to a virtual computer which the virtual computer of the transmission side which concerns on 2nd Embodiment starts. 第3の実施形態に係るホスト計算機の全体構成を示す図である。It is a figure which shows the whole structure of the host computer which concerns on 3rd Embodiment. 第3の実施形態に係る仮想計算機の仮想メモリとホスト計算機の物理メモリとのマッピングの状態を説明するための図である。It is a figure for demonstrating the state of mapping with the virtual memory of the virtual machine which concerns on 3rd Embodiment, and the physical memory of a host computer. 第3の実施形態に係る仮想計算機から仮想計算機へのメモリマッピング変更によるデータ送信処理の流れを示すシーケンス図である。It is a sequence diagram which shows the flow of the data transmission process by memory mapping change from the virtual computer which concerns on 3rd Embodiment to a virtual computer. 第3の実施形態に係る、仮想計算機が受信メモリページを確保した時点での、仮想計算機の仮想メモリとホスト計算機の物理メモリとのマッピングの状態を示す図である。FIG. 18 is a diagram showing a state of mapping between virtual memory of the virtual computer and physical memory of the host computer at the time when the virtual computer secures a received memory page according to the third embodiment. 第3の実施形態に係る、メモリマッピングを変更した時点での、仮想計算機の仮想メモリとホスト計算機の物理メモリとのマッピングの状態を示す図である。FIG. 17 is a diagram showing a state of mapping between virtual memory of the virtual computer and physical memory of the host computer at the time of changing memory mapping according to the third embodiment. 第3の実施形態の変形例2に係る仮想計算機と仮想計算機との複数のメモリページのマッピング変更によるデータ送信処理の流れを示すシーケンス図である。It is a sequence diagram which shows the flow of the data transmission process by the mapping change of the several memory page of the virtual machine which concerns on the modification 2 of 3rd Embodiment, and a virtual machine. 第4の実施形態に係るストレージ上に格納される仮想計算機データベースのデータ構成を例示する図である。It is a figure which illustrates the data composition of the virtual machine database stored on the storage concerning a 4th embodiment. 第4の実施形態に係るストレージ上に格納される情報フロー制御管理データベースのデータ構成を例示する図である。It is a figure which illustrates the data composition of the information flow control management database stored on the storage concerning a 4th embodiment. 第4の実施形態に係る、情報フロー制御を伴った仮想計算機から仮想計算機へのデータ送信処理の流れを示すシーケンス図である。It is a sequence diagram which shows the flow of the data transmission process from a virtual computer with an information flow control to a virtual computer based on 4th Embodiment. 第5の実施形態に係る、情報フロー制御を伴った仮想計算機から仮想計算機へのメモリマッピング変更によるデータ送信処理の流れを示すシーケンス図である。It is a sequence diagram which shows the flow of the data transmission process by the memory mapping change from the virtual machine which accompanies information flow control to a virtual machine based on 5th Embodiment.
 以下、図面を参照しながら本発明を実施するための形態(実施形態)を説明する。図1は、第1の実施形態に係るホスト計算機10の全体構成を示す図である。ホスト計算機(物理計算機)10は、CPU31、メモリ32、ストレージ33、入出力部34、ハイパーバイザ20、仮想計算機(60、70)を含めて構成される。 Hereinafter, embodiments (embodiments) for carrying out the present invention will be described with reference to the drawings. FIG. 1 is a diagram showing an overall configuration of a host computer 10 according to the first embodiment. The host computer (physical computer) 10 is configured including a CPU 31, a memory 32, a storage 33, an input / output unit 34, a hypervisor 20, and virtual computers (60, 70).
 CPU31は、ストレージ33に記憶されるプログラムを実行して、後述するハイパーバイザ20やハイパーバイザ20上の仮想計算機(60、70)を機能させる。メモリ32は、CPU31が実行する処理に必要なデータを記憶する。ストレージ33は、ハイパーバイザ20や仮想計算機(60、70)のプログラムやデータを記憶する。入出力部34は、他の計算機やディスプレイ(不図示)、キーボード(不図示)とのデータのやり取りを行う。 The CPU 31 executes a program stored in the storage 33 to cause a hypervisor 20 described later or a virtual computer (60, 70) on the hypervisor 20 to function. The memory 32 stores data necessary for processing executed by the CPU 31. The storage 33 stores programs and data of the hypervisor 20 and virtual machines (60, 70). The input / output unit 34 exchanges data with other computers, displays (not shown), and a keyboard (not shown).
 ハイパーバイザ20は、CPU31、メモリ32、ストレージ33、入出力部34を仮想化して、仮想的な計算機を稼働する。ハイパーバイザ20は、仮想計算機60の仮想メモリ上にあるデータを仮想計算機70の仮想メモリにコピーするメモリコピー部21を含み、仮想計算機(60、70)の間のデータ通信を仲介する。 The hypervisor 20 virtualizes the CPU 31, the memory 32, the storage 33, and the input / output unit 34 to operate a virtual computer. The hypervisor 20 includes a memory copy unit 21 that copies data in the virtual memory of the virtual machine 60 to the virtual memory of the virtual machine 70, and mediates data communication between the virtual machines (60, 70).
 仮想計算機60は、ハイパーバイザ20上の仮想的な計算機であり、仮想CPU61、仮想メモリ62、仮想ストレージ(不図示)、仮想入出力部(不図示)、ゲストOS65、ゲストOS65上で稼働するアプリケーション(不図示)を含んで構成される。仮想CPU61、仮想メモリ62、仮想ストレージ(不図示)および仮想入出力部(不図示)は、ハイパーバイザ20が提供し、仮想計算機60が備える仮想的なCPU、メモリ、ストレージおよび入出力部である。 The virtual computer 60 is a virtual computer on the hypervisor 20, and operates on the virtual CPU 61, virtual memory 62, virtual storage (not shown), virtual input / output unit (not shown), guest OS 65, guest OS 65 (Not shown) is comprised. The virtual CPU 61, virtual memory 62, virtual storage (not shown) and virtual input / output unit (not shown) are virtual CPU, memory, storage and input / output unit provided by the hypervisor 20 and provided in the virtual computer 60. .
 ゲストOS65は、仮想CPU61、仮想メモリ62、仮想ストレージ(不図示)および仮想入出力部(不図示)の仮想的なハードウェア上で稼働するOSである。ゲストOS65が、ハイパーバイザ20に対してサービスを要求するときには、HVC(Hypervisor Call)を用いてサービスを呼び出す。ハイパーバイザ20がゲストOS65に要求がある場合には、割込みを用いて通知する。ゲストOS65は、仮想メモリ62を仮想計算機60の物理メモリとしてアクセスするが、実際には、CPU31とハイパーバイザ20とにより仮想メモリ62上のアドレスがホスト計算機10のメモリ32上のアドレスに変換されてから、メモリ32にアクセスする。 The guest OS 65 is an OS operating on virtual hardware of the virtual CPU 61, the virtual memory 62, the virtual storage (not shown), and the virtual input / output unit (not shown). When the guest OS 65 requests a service from the hypervisor 20, the service is called using the HVC (Hypervisor Call). When the hypervisor 20 makes a request to the guest OS 65, notification is made using an interrupt. The guest OS 65 accesses the virtual memory 62 as a physical memory of the virtual computer 60, but in practice the CPU 31 and the hypervisor 20 convert the address on the virtual memory 62 into the address on the memory 32 of the host computer 10 To access the memory 32.
 仮想計算機70も、仮想計算機60と同様の構成であり、仮想CPU71や仮想メモリ72、ゲストOS75を含んで構成される。ハイパーバイザ20上の仮想計算機(60、70)は、3つ以上であってもよい。メモリコピー部21は、仮想メモリ62に対応するメモリ32のデータを、仮想メモリ72に対応するメモリ32にコピーする。 The virtual computer 70 also has the same configuration as the virtual computer 60, and includes a virtual CPU 71, a virtual memory 72, and a guest OS 75. The virtual machines (60, 70) on the hypervisor 20 may be three or more. The memory copy unit 21 copies data of the memory 32 corresponding to the virtual memory 62 to the memory 32 corresponding to the virtual memory 72.
≪第1の実施形態:受信側仮想計算機が開始する、仮想メモリ間のコピーによるデータ送信≫
 図2は、第1の実施形態に係る受信側の仮想計算機70が開始する、仮想計算機60から仮想計算機70へのデータ送信処理の流れを示すシーケンス図である。図2を参照しながら、ハイパーバイザ20のメモリコピー部21が、仮想計算機60の仮想メモリ62にあるデータを、仮想計算機70の仮想メモリ72にコピーする処理を説明する。 << First embodiment: data transmission by copying between virtual memories, which is started by the receiving-side virtual computer >>
FIG. 2 is a sequence diagram showing a flow of data transmission processing from the virtual computer 60 to the virtual computer 70, which is started by the virtual machine 70 on the receiving side according to the first embodiment. A process in which the memory copy unit 21 of the hypervisor 20 copies data in the virtual memory 62 of the virtual computer 60 to the virtual memory 72 of the virtual computer 70 will be described with reference to FIG.
 ステップS101において、受信側である仮想計算機70がデータを受信する領域である受信メモリ領域を確保する。
 ステップS102において、仮想計算機70が、HVCを用いて受信メモリ領域をハイパーバイザ20に通知してデータ受信を要求する。詳しくは、仮想計算機70は、受信メモリ領域のアドレスやサイズを仮想CPU71の特定のレジスタにセットして、受信メモリ領域を通知するHVCを実行する。ハイパーバイザ20は、メモリコピー処理を実行するメモリコピー部21にHVCを転送する。 In step S101, a receiving memory area, which is an area for receiving data, is secured by the virtual computer 70 on the receiving side.
In step S102, the virtual computer 70 notifies the hypervisor 20 of the reception memory area using the HVC to request data reception. Specifically, the virtual computer 70 sets the address and size of the reception memory area in a specific register of the virtual CPU 71, and executes HVC for notifying the reception memory area. The hypervisor 20 transfers the HVC to the memory copy unit 21 that executes the memory copy process.
 ステップS103において、メモリコピー部21は、送信要求があったことを送信側の仮想計算機60に割込みを用いて通知する。
 ステップS104において、送信要求の割込みが発生した仮想計算機60は、送信データを記憶する送信メモリ領域を確保する。 In step S103, the memory copy unit 21 notifies the transmission-side virtual computer 60 of the transmission request using the interrupt.
In step S104, the virtual computer 60 in which the transmission request interrupt has occurred secures a transmission memory area for storing transmission data.
 ステップS105において、仮想計算機60は、送信メモリ領域に送信データをセットする。
 ステップS106において、仮想計算機60は、送信メモリ領域のアドレスとサイズをレジスタにセットし、送信メモリ領域を通知してデータ送信を要求するHVCを実行する。 In step S105, the virtual computer 60 sets transmission data in the transmission memory area.
In step S106, the virtual computer 60 sets the address and size of the transmission memory area in a register, notifies the transmission memory area, and executes HVC for requesting data transmission.
 ステップS107において、メモリコピー部21が、送信メモリ領域から受信メモリ領域へデータをコピーする。詳しくは、メモリコピー部21は、仮想計算機60の送信メモリ領域に対応するホスト計算機10のメモリ32上のデータを、仮想計算機70の受信メモリ領域に対応するメモリ32の位置(アドレス)へコピーする。
 ステップS108において、メモリコピー部21が、コピーが完了したことを仮想計算機60に割込みを用いて通知する。なお、ステップS103の割込みとステップS108の割込みとは、種別(割込みベクタ)が異なる。 In step S107, the memory copy unit 21 copies data from the transmission memory area to the reception memory area. Specifically, the memory copy unit 21 copies data on the memory 32 of the host computer 10 corresponding to the transmission memory area of the virtual computer 60 to a location (address) of the memory 32 corresponding to the reception memory area of the virtual computer 70. .
In step S108, the memory copy unit 21 notifies the virtual computer 60 of the completion of the copy using an interrupt. Note that the type (interrupt vector) differs between the interrupt in step S103 and the interrupt in step S108.
 ステップS109において、メモリコピー部21が、コピーが完了したことを仮想計算機70に割込みを用いて通知する。以降、仮想計算機70は、送信データにアクセスできる。なお、ステップS108の割込みとステップS109の割込みとは、同じ種別(割込みベクタ)である。
 第1の実施形態において、メモリコピーは、ステップS107の1回だけであり、仮想計算機60の仮想メモリ62から仮想計算機70の仮想メモリ72に高速にデータを送信することができる。 In step S109, the memory copy unit 21 notifies the virtual computer 70 of the completion of the copy using an interrupt. Thereafter, the virtual computer 70 can access the transmission data. Note that the interrupt in step S108 and the interrupt in step S109 have the same type (interrupt vector).
In the first embodiment, the memory copy is performed only once in step S107, and data can be transmitted from the virtual memory 62 of the virtual computer 60 to the virtual memory 72 of the virtual computer 70 at high speed.
≪第1の実施形態の変形例1:HVCの返答を用いたコピー完了通知≫
 上記した第1の実施形態では、メモリコピー部21が、コピー完了を仮想計算機60に通知するのに、割込みを用いている(ステップS108参照)。割込みの替わりに、メモリコピー部21は、送信メモリ領域を通知するHVC(ステップS106参照)の返答(リターン値)を用いてもよい。詳しくは、メモリコピー部21が、ステップS106においてHVCにより送信メモリ領域の通知を受け、続いて、ステップS107のコピー処理を実行して、ステップS106のHVCの返答としてコピー完了を仮想計算機60に通知する。 «Modification 1 of the first embodiment: Copy completion notification using HVC response»
In the first embodiment described above, the memory copy unit 21 uses an interrupt to notify the virtual computer 60 of copy completion (see step S108). Instead of the interrupt, the memory copy unit 21 may use the reply (return value) of the HVC (see step S106) for notifying the transmission memory area. Specifically, the memory copy unit 21 receives the notification of the transmission memory area by the HVC in step S106, and subsequently executes the copy process of step S107 to notify the virtual computer 60 of copy completion as a response to the HVC in step S106. Do.
≪第1の実施形態の変形例2:送信メモリ領域のサイズが小さい場合≫
 第1の実施形態においては、送信メモリ領域から受信メモリ領域へのコピーは1回で完了している。送信側の仮想計算機60の送信メモリ領域が小さく、1回のコピーではデータを送信しきれない場合には、ステップS104~S107を繰り返すことで、送信データを受信メモリ領域にコピーすることができる。 << Modification 2 of the First Embodiment: When the Size of Transmission Memory Area is Small >>
In the first embodiment, copying from the transmission memory area to the reception memory area is completed at one time. If the transmission memory area of the transmission-side virtual computer 60 is small and data can not be transmitted by one copy, the transmission data can be copied to the reception memory area by repeating steps S104 to S107.
 繰り返す処理のステップS107において、ハイパーバイザ20は、受信メモリ領域の中で前回コピーしたデータに続く位置に今回のデータをコピーする。
 送信側の仮想計算機60は、ステップS106において、送信メモリ領域のサイズを0とすることで、送信終了をハイパーバイザ20に通知する。送信完了の通知を受けたハイパーバイザ20は、ステップS107の処理をすることなく、繰り返し処理を終えて、ステップS108に進む。ハイパーバイザ20は、ステップS108に進まず、ステップS109に進んでもよい。 In step S107 of the repeating process, the hypervisor 20 copies the present data to a position following the previously copied data in the reception memory area.
The transmission-side virtual computer 60 notifies the hypervisor 20 of the end of transmission by setting the size of the transmission memory area to 0 in step S106. The hypervisor 20 that has received the notification of the transmission completion ends the iterative process without performing the process of step S107, and proceeds to step S108. The hypervisor 20 may proceed to step S109 without proceeding to step S108.
≪第1の実施形態の変形例3:受信メモリ領域のサイズが小さい場合≫
 受信側の仮想計算機70が送信データのサイズを知らない場合には、送信メモリ領域より受信メモリ領域が小さく、1回のコピーではコピーが完了しない。このような場合には、メモリコピー部21は複数回に分けてコピーする。 << Modification 3 of the First Embodiment: When the Size of the Reception Memory Area is Small >>
When the virtual machine 70 on the receiving side does not know the size of transmission data, the reception memory area is smaller than the transmission memory area, and copying is not completed in one copy. In such a case, the memory copy unit 21 copies in multiple times.
 図3は、第1の実施形態の変形例3に係る仮想計算機60から仮想計算機70へのデータ送信処理の流れを示すシーケンス図である。図3を参照しながら、送信メモリ領域より受信メモリ領域が小さい場合に、ハイパーバイザ20のメモリコピー部21が、仮想計算機60の仮想メモリ62にあるデータを、複数回に分けて仮想計算機70の仮想メモリ72にコピーする処理を説明する。 FIG. 3 is a sequence diagram showing a flow of data transmission processing from the virtual computer 60 to the virtual computer 70 according to the third modification of the first embodiment. Referring to FIG. 3, when the reception memory area is smaller than the transmission memory area, the memory copy unit 21 of the hypervisor 20 divides the data in the virtual memory 62 of the virtual machine 60 into multiple times to divide the data of the virtual machine 70. The process of copying to the virtual memory 72 will be described.
 ステップS121~S126は、ステップS101~S106とそれぞれ同様である。
 ステップS127において、メモリコピー部21が、送信メモリ領域から受信メモリ領域へデータを送信メモリに受信メモリのサイズ分だけコピーする。 Steps S121 to S126 are the same as steps S101 to S106, respectively.
In step S127, the memory copy unit 21 copies data from the transmission memory area to the reception memory area to the transmission memory by the size of the reception memory.
 ステップS128において、メモリコピー部21が、受信メモリ領域が不足していることを仮想計算機70に割込みを用いて通知する。
 ステップS129とステップS130とは、ステップS101とステップS102とそれぞれ同様である。 In step S128, the memory copy unit 21 notifies the virtual computer 70 of the shortage of the reception memory area using an interrupt.
Step S129 and step S130 are the same as step S101 and step S102, respectively.
 ステップS131において、メモリコピー部21が、送信メモリ領域の中で、ステップS127においてコピーした次の位置から受信メモリ領域へデータをコピーする。コピーするサイズは、送信メモリ領域の中でコピーが完了していない領域のサイズが、受信メモリ領域のサイズ以下ならば、コピーが完了していない領域のサイズである。そうでないならば、コピーするサイズは、受信メモリ領域のサイズである。以下では、送信メモリ領域の中でコピーが完了していない領域のサイズが、受信メモリ領域のサイズ以下であったとして説明を続ける。 In step S131, the memory copy unit 21 copies data in the transmission memory area from the next position copied in step S127 to the reception memory area. The size to be copied is the size of an area that has not been copied, if the size of the area in the transmission memory area that has not been copied is less than the size of the reception memory area. Otherwise, the size to copy is the size of the receive memory area. In the following, the description will be continued assuming that the size of the transmission memory area that has not been copied is equal to or less than the size of the reception memory area.
 ステップS132とステップS133は、ステップS108とステップS109と、それぞれ同様である。
 ステップS131において、送信メモリ領域の中でコピーが完了していない領域のサイズが、受信メモリ領域のサイズより大きい場合には、ステップS128~S131の処理を繰り返す。 Steps S132 and S133 are the same as steps S108 and S109, respectively.
In step S131, if the size of the transmission memory area that has not been copied is larger than the size of the reception memory area, the processing of steps S128 to S131 is repeated.
 上記したとおり、受信メモリ領域が送信メモリ領域より小さい場合であっても、仮想計算機60の仮想メモリ62から仮想計算機70の仮想メモリ72にデータを送信することができる。ネットワーク機能を用いてデータを送信する場合には、1つの通信データ(通信パケット)のサイズには上限がある。このサイズより大きな受信メモリ領域を確保すれば、ネットワーク経由のデータ送信よりさらに高速にデータ送信が可能となる。 As described above, even when the reception memory area is smaller than the transmission memory area, data can be transmitted from the virtual memory 62 of the virtual computer 60 to the virtual memory 72 of the virtual computer 70. When transmitting data using a network function, the size of one communication data (communication packet) has an upper limit. If a reception memory area larger than this size is secured, data transmission can be performed at higher speed than data transmission via a network.
 上記した第1の実施形態の変形例3では、メモリコピー部21が、コピー完了を仮想計算機70に通知するのに、割込みを用いている(ステップS133参照)。割込みの替わりに、メモリコピー部21は、受信メモリ領域を通知するHVC(ステップS130参照)の返答を用いてもよい。詳しくは、メモリコピー部21が、ステップS130においてHVCにより受信メモリ領域の通知を受け、続いて、ステップS131のコピー処理が完了したならば、ステップS130のHVCの返答としてコピー完了を仮想計算機70に通知する。 In the third modification of the first embodiment described above, the memory copy unit 21 uses an interrupt to notify the virtual computer 70 of the copy completion (see step S133). Instead of the interrupt, the memory copy unit 21 may use the response of the HVC (see step S130) for notifying the reception memory area. Specifically, when the memory copy unit 21 receives the notification of the reception memory area by the HVC in step S130 and subsequently the copy processing in step S131 is completed, the copy completion is sent to the virtual computer 70 as a response to the HVC in step S130. Notice.
 また、上記した第1の実施形態の変形例3では、メモリコピー部21が、領域不足を仮想計算機70に通知するのに、割込みを用いている(ステップS128参照)。割込みの替わりに、メモリコピー部21は、受信メモリ領域を通知するHVC(ステップS130参照)の返答を用いてもよい。詳しくは、メモリコピー部21が、ステップS130においてHVCにより受信メモリ領域の通知を受け、続いて、ステップS131のコピー処理が未完了ならば、ステップS130のHVCの返答として領域不足を仮想計算機70に通知する。以下、仮想計算機70とメモリコピー部21とは、ステップS129~S131を繰り返す。 Further, in the third modification of the first embodiment described above, the memory copy unit 21 uses an interrupt to notify the virtual computer 70 of the area shortage (see step S128). Instead of the interrupt, the memory copy unit 21 may use the response of the HVC (see step S130) for notifying the reception memory area. Specifically, when the memory copy unit 21 receives the notification of the reception memory area by the HVC in step S130, and the copy process in step S131 is not completed, the area shortage is sent to the virtual computer 70 as a reply of HVC in step S130. Notice. Thereafter, the virtual computer 70 and the memory copy unit 21 repeat steps S129 to S131.
≪第2の実施形態:送信側仮想計算機が開始する、仮想メモリ間のコピーによるデータ送信≫
 図4は、第2の実施形態に係る送信側の仮想計算機60が開始する、仮想計算機60から仮想計算機70へのデータ送信処理の流れを示すシーケンス図である。図4を参照しながら、ハイパーバイザ20のメモリコピー部21が、仮想計算機60の仮想メモリ62にあるデータを、仮想計算機70の仮想メモリ72にコピーする処理を説明する。 Second Embodiment: Data Transmission by Copying Between Virtual Memory Started by the Transmitting Virtual Machine >>
FIG. 4 is a sequence diagram showing a flow of data transmission processing from the virtual computer 60 to the virtual computer 70, which is started by the transmission-side virtual computer 60 according to the second embodiment. A process in which the memory copy unit 21 of the hypervisor 20 copies data in the virtual memory 62 of the virtual computer 60 to the virtual memory 72 of the virtual computer 70 will be described with reference to FIG. 4.
 ステップS201~S203は、図2記載のステップS104~S106と同様である。
 ステップS204において、メモリコピー部21は、受信要求を受信側の仮想計算機70に割込みを用いて通知する。 Steps S201 to S203 are the same as steps S104 to S106 described in FIG.
In step S204, the memory copy unit 21 notifies the reception-side virtual machine 70 of the reception side using an interrupt.
 ステップS205とステップS206とは、図2記載のステップS101とステップS102とそれぞれ同様である。
 ステップS207~S209は、図1記載のステップS107~S109と同様である。 Steps S205 and S206 are the same as steps S101 and S102 shown in FIG. 2, respectively.
Steps S207 to S209 are the same as steps S107 to S109 shown in FIG.
 第2の実施形態において、メモリコピー処理は、ステップS207の1回だけであり、仮想計算機60の仮想メモリ62から仮想計算機70の仮想メモリ72に高速にデータを送信することができる。 In the second embodiment, the memory copy process is performed only once in step S207, and data can be transmitted from the virtual memory 62 of the virtual machine 60 to the virtual memory 72 of the virtual machine 70 at high speed.
≪第2の実施形態の変形例1:HVCの返答を用いたコピー完了通知≫
 上記した第2の実施形態では、メモリコピー部21が、コピー完了を仮想計算機70に通知するのに、割込みを用いている(ステップS209参照)。割込みの替わりに、メモリコピー部21は、受信メモリ領域を通知するHVC(ステップS206参照)の返答を用いてもよい。詳しくは、メモリコピー部21が、ステップS206においてHVCにより受信メモリ領域の通知を受け、続いて、ステップS207のコピー処理を実行して、ステップS206のHVCの返答としてコピー完了を仮想計算機70に通知する。 << Modification example 1 of the second embodiment: Copy completion notification using the response of HVC >>
In the second embodiment described above, the memory copy unit 21 uses an interrupt to notify the virtual computer 70 of copy completion (see step S209). Instead of the interrupt, the memory copy unit 21 may use the response of the HVC (see step S206) for notifying the reception memory area. Specifically, the memory copy unit 21 receives the notification of the reception memory area by the HVC in step S206, and subsequently executes the copy process of step S207 to notify the virtual computer 70 of copy completion as a response to the HVC in step S206. Do.
≪第2の実施形態の変形例2:受信メモリ領域のサイズが小さい場合≫
 上記した第2の実施形態においては、送信メモリ領域から受信メモリ領域へのコピーは1回で完了している。受信側の仮想計算機70の受信メモリ領域が小さく、ステップS207で実行する1回のコピーではデータを送信しきれない場合には、ステップS207に続いて図3に記載したステップS128~S131と同様の処理を繰り返すことで、送信データを受信メモリ領域にコピーすることができる。また、メモリコピー部21は、ステップS128の割込みの替わりに、ステップS130のHVCの返答を用いて、領域不足を仮想計算機70に通知してもよい。 << Modification 2 of Second Embodiment: Case where Size of Reception Memory Area is Small >>
In the second embodiment described above, copying from the transmission memory area to the reception memory area is completed at one time. If the reception memory area of the virtual machine 70 on the reception side is small and data can not be transmitted by one copy executed in step S207, the same as steps S128 to S131 described in FIG. 3 following step S207. By repeating the process, transmission data can be copied to the reception memory area. In addition, the memory copy unit 21 may notify the virtual computer 70 of the area shortage by using the reply of the HVC of step S130 instead of the interrupt of step S128.
 また、ステップS209の割込みを用いたコピー完了の通知の替わりに、受信メモリ領域を通知するHVC(ステップS130参照)の返答を用いてもよい。詳しくは、メモリコピー部21が、ステップS130においてHVCにより受信メモリ領域の通知を受け、続いて、ステップS131のコピー処理が完了したならば、ステップS130のHVCの返答としてコピー完了を仮想計算機70に通知する。 Also, instead of the notification of copy completion using the interrupt in step S209, the response of the HVC (see step S130) for notifying the reception memory area may be used. Specifically, when the memory copy unit 21 receives the notification of the reception memory area by the HVC in step S130 and subsequently the copy processing in step S131 is completed, the copy completion is sent to the virtual computer 70 as a response to the HVC in step S130. Notice.
≪第3の実施形態:メモリマッピング変更によるデータ送信≫
 第1と第2の実施形態においては、ハイパーバイザ20が、仮想計算機60の仮想メモリ62から仮想計算機70の仮想メモリ72へデータをコピーして、データを送信している。詳しくは、ハイパーバイザ20が、仮想メモリ62に対応するメモリ32の領域から、仮想メモリ72に対応するメモリ32の領域にデータをコピーしている。これに対し、第3の実施形態では、ハイパーバイザ20が、仮想メモリ(62、72)とメモリ32との対応(メモリマッピング)を変更することで、データコピーを不要にしてデータ送信する。 << Third Embodiment: Data Transmission by Changing Memory Mapping >>
In the first and second embodiments, the hypervisor 20 copies data from the virtual memory 62 of the virtual computer 60 to the virtual memory 72 of the virtual computer 70 and transmits the data. Specifically, the hypervisor 20 copies data from the area of the memory 32 corresponding to the virtual memory 62 to the area of the memory 32 corresponding to the virtual memory 72. On the other hand, in the third embodiment, the hypervisor 20 changes the correspondence (memory mapping) between the virtual memory (62, 72) and the memory 32, thereby making data transmission unnecessary without data copying.
 図5は、第3の実施形態に係るホスト計算機10Aの全体構成を示す図である。ハイパーバイザ20Aは、メモリコピー部21に替わりメモリマッピング部22を含んで構成される。他の構成は、ホスト計算機10と同様である。仮想メモリ(62、72)とメモリ32とのマッピング(対応関係)は、後述する拡張ページテーブル(41、42、図6参照)を用いて管理されている。メモリマッピング部22は、拡張ページテーブル(41、42)を変更することにより、仮想計算機60から仮想計算機70へデータ(メモリページ)を送信する。 FIG. 5 is a diagram showing an overall configuration of a host computer 10A according to the third embodiment. The hypervisor 20A includes a memory mapping unit 22 instead of the memory copy unit 21. The other configuration is the same as that of the host computer 10. The mapping (correspondence) between the virtual memory (62, 72) and the memory 32 is managed using an extended page table (41, 42, see FIG. 6) described later. The memory mapping unit 22 transmits data (memory page) from the virtual computer 60 to the virtual computer 70 by changing the extension page table (41, 42).
 図6は、第3の実施形態に係る仮想計算機の仮想メモリとホスト計算機の物理メモリとのマッピングの状態を説明するための図である。図6の左上に記載してある仮想計算機60の仮想メモリ62の左側にある100と300は、仮想メモリ62のアドレスである。送信メモリ領域に対応する送信メモリページがアドレス300より始まっていることを示している。 FIG. 6 is a diagram for explaining the state of mapping between the virtual memory of the virtual computer and the physical memory of the host computer according to the third embodiment. The addresses 100 and 300 on the left side of the virtual memory 62 of the virtual computer 60 described at the upper left of FIG. It indicates that the transmission memory page corresponding to the transmission memory area starts from the address 300.
 図6の中央上に記載の拡張ページテーブル41は、仮想計算機60の仮想メモリ62のページと、メモリ32のページとの対応を示す表形式のデータであり、メモリ32上に記憶される。拡張ページテーブルのレコード(行)は、仮想メモリ62を構成するページの論理アドレスであるGPA(Guest Physical Address)411と、メモリ32を構成するページの物理アドレスであるPA(Physical Address)412との属性(列)を含む。GPA411は、仮想計算機60から見ると物理アドレスであるが、ハイパーバイザ20Aから見ると論理アドレス(仮想計算機60に見せる仮想の物理アドレス)となる。レコード419は、GPAが300である仮想メモリ62の送信メモリページが、PAが440であるメモリ32にマッピングされており、送信メモリページのデータは、PAが440から始まるメモリ32のページ(図6ではホスト物理メモリページと記載)に格納されていることを示す。レコード418についても、同様である。 The extended page table 41 described on the center of FIG. 6 is tabular data indicating the correspondence between the page of the virtual memory 62 of the virtual computer 60 and the page of the memory 32, and is stored on the memory 32. The records (rows) of the extended page table include a GPA (Guest Physical Address) 411 which is a logical address of a page constituting the virtual memory 62 and a PA (Physical Address) 412 which is a physical address of a page constituting the memory 32. Contains attributes (columns). The GPA 411 is a physical address when viewed from the virtual computer 60 but becomes a logical address (virtual physical address shown to the virtual computer 60) when viewed from the hypervisor 20A. In the record 419, the transmission memory page of the virtual memory 62 whose GPA is 300 is mapped to the memory 32 whose PA is 440, and the data of the transmission memory page is a page of the memory 32 starting from 440 (FIG. 6). Indicates that it is stored in the host physical memory page). The same applies to the record 418.
 図6の中央下に記載の拡張ページテーブル42は、仮想計算機70の仮想メモリ72のページと、メモリ32のページとの対応を示す表形式のデータであり、仮想計算機60の拡張ページテーブル41と同様の構成である。レコード429は、GPAが420である仮想メモリ72のページが、PAが900であるメモリ32のページにマッピングされていることを示す。 The extended page table 42 described in the lower center of FIG. 6 is a tabular data indicating the correspondence between the page of the virtual memory 72 of the virtual machine 70 and the page of the memory 32, and the extended page table 41 of the virtual machine 60 and It is the same composition. A record 429 indicates that the page of the virtual memory 72 whose GPA is 420 is mapped to the page of the memory 32 whose PA is 900.
 図7は、第3の実施形態に係る仮想計算機60から仮想計算機70へのメモリマッピング変更によるデータ送信処理の流れを示すシーケンス図である。図7を参照しながら、ハイパーバイザ20Aのメモリマッピング部22が、仮想計算機60の仮想メモリ62上のページと、仮想計算機70の仮想メモリ72のページとのメモリマッピングを変更することによってデータ送信を実現する処理を説明する。 FIG. 7 is a sequence diagram showing a flow of data transmission processing by memory mapping change from the virtual computer 60 to the virtual computer 70 according to the third embodiment. Referring to FIG. 7, the memory mapping unit 22 of the hypervisor 20A changes the memory mapping between the page on the virtual memory 62 of the virtual machine 60 and the page on the virtual memory 72 of the virtual machine 70, thereby transmitting data. The processing to be realized will be described.
 ステップS301において、送信側である仮想計算機60がデータを送信する領域である送信メモリページを確保する。図6は、この時点でのメモリマッピングの状態を示しており、仮想計算機60のアドレス300から始まる仮想メモリ62のメモリページが、ホスト計算機10Aのアドレス440から始まるメモリ32のメモリページにマッピングされていることを示す。 In step S301, the transmission memory page, which is an area to which the virtual computer 60 on the transmission side transmits data, is secured. FIG. 6 shows the state of memory mapping at this time, where the memory page of virtual memory 62 starting from address 300 of virtual machine 60 is mapped to the memory page of memory 32 starting from address 440 of host computer 10A Show that
 ステップS302において、仮想計算機60は、送信メモリページに送信データをセットする。セットされたデータは、アドレス440から始まるメモリ32のメモリページに格納される。
 ステップS303において、仮想計算機60が、HVCを用いて送信メモリページをハイパーバイザ20に通知してデータ送信を要求する。詳しくは、仮想計算機60は、送信メモリページのアドレスを仮想CPU61の特定のレジスタにセットして、送信メモリページを通知してデータ送信を要求するHVCを実行する。ハイパーバイザ20は、メモリマッピングの変更処理を実行するメモリマッピング部22にHVCを転送する。 In step S302, the virtual computer 60 sets transmission data in the transmission memory page. The set data is stored in a memory page of memory 32 starting at address 440.
In step S303, the virtual computer 60 notifies the hypervisor 20 of the transmission memory page using the HVC to request data transmission. Specifically, the virtual computer 60 sets the address of the transmission memory page in a specific register of the virtual CPU 61, and executes the HVC which notifies the transmission memory page and requests data transmission. The hypervisor 20 transfers the HVC to the memory mapping unit 22 that executes the memory mapping change process.
 ステップS304において、メモリマッピング部22は、受信要求を受信側の仮想計算機70に割込みを用いて通知する。 In step S304, the memory mapping unit 22 notifies the reception-side virtual machine 70 of the reception side using an interrupt.
 ステップS305において、受信要求の割込みが発生した仮想計算機70は、受信メモリページを確保する。図8は、第3の実施形態に係る、仮想計算機70が受信メモリページを確保した時点での、仮想計算機の仮想メモリとホスト計算機の物理メモリとのマッピングの状態を示す図である。仮想計算機70の拡張ページテーブル42のレコード428が示すように、仮想メモリ72上のアドレス120から始まる受信メモリページは、メモリ32上のアドレス700から始まるページ(図8ではホスト物理メモリページと記載)にマッピングされている。 In step S305, the virtual computer 70 that has generated the reception request interrupt secures the received memory page. FIG. 8 is a diagram showing the state of mapping between the virtual memory of the virtual computer and the physical memory of the host computer when the virtual computer 70 secures the received memory page according to the third embodiment. As shown by the record 428 of the expanded page table 42 of the virtual computer 70, the received memory page starting from the address 120 on the virtual memory 72 is a page starting from the address 700 on the memory 32 (denoted as host physical memory page in FIG. 8) Is mapped to
 ステップS306において、仮想計算機70は、受信メモリページのアドレスを特定のレジスタにセットして、受信メモリページを通知するHVCを実行する。 In step S306, the virtual computer 70 sets the address of the received memory page in a specific register and executes HVC for notifying the received memory page.
 ステップS307において、メモリマッピング部22が、メモリマッピングを変更する。詳しくは、メモリマッピング部22が、以下の処理を行う。(1)メモリ32上に新たにメモリページを確保する。(2)仮想計算機60の拡張ページテーブル41の送信メモリページに対応するレコード419のPA412を(1)で確保したメモリページの物理アドレスに変更する。(3)仮想計算機70の拡張ページテーブル42の受信メモリページに対応するレコード428のPA422を(2)の変更前の送信メモリページの論理アドレスのマッピング先の物理アドレスに変更する。図9は、第3の実施形態に係る、メモリマッピングを変更した時点での、仮想計算機の仮想メモリとホスト計算機の物理メモリとのマッピングの状態を示す図である。図8と比較すると、レコード419のPA412が440から340に、レコード428のPA422が700から440に変更されている。受信メモリページが、送信メモリページがマッピングされていたアドレス440から始まるページへマッピングされるように変更されている。 In step S307, the memory mapping unit 22 changes the memory mapping. Specifically, the memory mapping unit 22 performs the following processing. (1) A memory page is newly secured on the memory 32. (2) The PA 412 of the record 419 corresponding to the transmission memory page of the expansion page table 41 of the virtual computer 60 is changed to the physical address of the memory page secured in (1). (3) The PA 422 of the record 428 corresponding to the received memory page of the expanded page table 42 of the virtual computer 70 is changed to the physical address of the mapping destination of the logical address of the transmitted memory page before the change of (2). FIG. 9 is a diagram showing the state of mapping between the virtual memory of the virtual computer and the physical memory of the host computer at the time of changing the memory mapping according to the third embodiment. Compared to FIG. 8, PA 412 of record 419 is changed from 440 to 340, and PA 422 of record 428 is changed from 700 to 440. The receive memory page has been modified to map to the page starting at address 440 where the transmit memory page was mapped.
 ステップS308において、メモリマッピング部22が、マッピングの変更が完了したことを仮想計算機60に割込みを用いて通知する。
 ステップS309において、メモリマッピング部22が、マッピングの変更が完了したことを仮想計算機70に割込みを用いて通知する。 In step S308, the memory mapping unit 22 notifies the virtual computer 60 of the completion of the mapping change using an interrupt.
In step S309, the memory mapping unit 22 notifies the virtual computer 70 of the completion of the mapping change using an interrupt.
 第3の実施形態において、仮想計算機60がアクセスしていたホスト計算機10Aのメモリ32のページが、仮想計算機70がアクセスするページに切り替わることにより、仮想計算機60から仮想計算機70にデータが送信される。メモリのコピーがなく、高速にデータ送信が可能である。さらに、メモリを共有しているわけではなく、受信側の仮想計算機70のデータが、送信側の仮想計算機60からアクセスされることはない。 In the third embodiment, when the page of the memory 32 of the host computer 10A accessed by the virtual computer 60 is switched to the page accessed by the virtual computer 70, data is transmitted from the virtual computer 60 to the virtual computer 70. . There is no copy of memory and data can be transmitted at high speed. Furthermore, the memory is not shared, and the data of the virtual machine 70 on the receiving side is not accessed from the virtual machine 60 on the transmitting side.
≪第3の実施形態の変形例1:HVCの返答を用いたコピー完了通知≫
 上記した第3の実施形態では、メモリマッピング部22が、マッピングの変更が完了したことを仮想計算機70に通知するのに、割込みを用いている(ステップS309参照)。割込みの替わりに、メモリマッピング部22は、受信メモリページを通知するHVC(ステップS306参照)の返答を用いてもよい。詳しくは、メモリマッピング部22が、ステップS306においてHVCにより受信メモリページの通知を受け、続いて、ステップS307のメモリマッピングの変更処理を実行して、ステップS306のHVCの返答としてマッピング変更完了を仮想計算機70に通知する。 << Modification example 1 of the third embodiment: Copy completion notification using the response of HVC >>
In the third embodiment described above, the memory mapping unit 22 uses an interrupt to notify the virtual computer 70 that the change of the mapping is completed (see step S309). Instead of the interrupt, the memory mapping unit 22 may use the response of the HVC (see step S306) for notifying the received memory page. Specifically, the memory mapping unit 22 receives the notification of the received memory page by the HVC in step S306, and subsequently executes the memory mapping change process of step S307, and the mapping change completion is virtual as a response of the HVC in step S306. It notifies the computer 70.
≪第3の実施形態の変形例2:複数ページを用いたメモリマッピング変更によるデータ送信≫
 上記の第3の実施形態では、送信対象となるページは1つであったが、複数ページであってもよい。図10は、第3の実施形態の変形例2に係る仮想計算機60と仮想計算機70との複数のメモリページのマッピング変更によるデータ送信処理の流れを示すシーケンス図である。 << Modification 2 of the third embodiment: Data transmission by memory mapping change using a plurality of pages >>
In the third embodiment described above, the number of pages to be transmitted is one, but a plurality of pages may be transmitted. FIG. 10 is a sequence diagram showing a flow of data transmission processing by changing the mapping of a plurality of memory pages of the virtual computer 60 and the virtual computer 70 according to the second modification of the third embodiment.
 ステップS321において、送信側である仮想計算機60がデータを送信する領域である連続する複数の送信メモリページを確保する。
 ステップS322において、仮想計算機60は、送信メモリページに送信データをセットする。 In step S321, the virtual computer 60 on the transmission side secures a plurality of continuous transmission memory pages which is an area to which data is transmitted.
In step S322, the virtual computer 60 sets transmission data in the transmission memory page.
 ステップS323において、仮想計算機60が、HVCを用いて送信メモリページをハイパーバイザ20に通知してデータ送信を要求する。詳しくは、仮想計算機60は、送信メモリページのアドレスとページ数を仮想CPU61の特定のレジスタにセットして、送信メモリページを通知するHVCを実行する。ハイパーバイザ20は、メモリマッピングの変更処理を実行するメモリマッピング部22にHVCを転送する。 In step S323, the virtual computer 60 notifies the hypervisor 20 of the transmission memory page using the HVC to request data transmission. Specifically, the virtual computer 60 sets the address and the page number of the transmission memory page in a specific register of the virtual CPU 61, and executes the HVC for notifying the transmission memory page. The hypervisor 20 transfers the HVC to the memory mapping unit 22 that executes the memory mapping change process.
 ステップS324において、メモリマッピング部22は、受信要求を受信側の仮想計算機70に割込みを用いて通知する。
 ステップS325において、割込みが発生した仮想計算機70は、受信メモリページを確保する。仮想計算機70は、連続する複数の受信メモリページを確保してもよい。 In step S324, the memory mapping unit 22 notifies the reception-side virtual machine 70 of the reception side using an interrupt.
In step S325, the virtual computer 70 that has generated the interrupt secures the received memory page. The virtual machine 70 may reserve a plurality of consecutive receive memory pages.
 ステップS326において、仮想計算機70は、受信メモリメモリのアドレスとページ数とを特定のレジスタにセットして、受信メモリページを通知するHVCを実行する。メモリマッピング部22は、送信メモリページのページ数と受信メモリページのページ数を比較する。ここでは、送信メモリページのページ数と受信メモリページのページ数が異なるとして説明を続ける。同じであるならば、ステップS329に進む。 In step S326, the virtual computer 70 sets the address and page number of the receiving memory to the specific register, and executes HVC notifying the receiving memory page. The memory mapping unit 22 compares the number of transmission memory pages and the number of reception memory pages. Here, the description will be continued assuming that the number of pages of the transmission memory page and the number of pages of the reception memory page are different. If they are the same, the process proceeds to step S329.
 メモリマッピング部22は、HVCの返答として、送信メモリページのページ数を返す。
 ステップS327において、仮想計算機70は、HVCの返答にあったページ数の連続する受信メモリページを確保する。 The memory mapping unit 22 returns the page number of the transmission memory page as a response of the HVC.
In step S327, the virtual computer 70 secures continuous received memory pages of the number of pages that have been returned by the HVC.
 ステップS328において、仮想計算機70は、受信メモリメモリのアドレスとページ数とをレジスタにセットして、受信メモリページを通知するHVCを実行する。
 ステップS329において、メモリマッピング部22が、メモリマッピングを変更する。詳しくは、メモリマッピング部22は、ステップS307と同様に、送信側の仮想計算機60用の拡張ページテーブル41の送信メモリページのレコードのPA412を、新たなメモリページのアドレスに変更し、受信側の仮想計算機70用の拡張ページテーブル42の受信メモリページのレコードのPA422を、送信メモリページがマッピングされていたメモリ32上のページのアドレスに変更する。メモリマッピング部22は、連続する元の送信メモリページが、連続する受信メモリページにマッピングされるように、拡張ページテーブル42の複数のレコードのPA422を変更する。 In step S328, the virtual computer 70 sets the address and page number of the receiving memory to the register, and executes the HVC notifying the receiving memory page.
In step S329, the memory mapping unit 22 changes the memory mapping. Specifically, as in step S307, the memory mapping unit 22 changes the PA 412 of the record of the transmission memory page of the expansion page table 41 for the virtual computer 60 on the transmission side to a new memory page address, and The PA 422 of the record of the reception memory page of the expanded page table 42 for the virtual computer 70 is changed to the address of the page on the memory 32 to which the transmission memory page has been mapped. The memory mapping unit 22 changes the PA 422 of the plurality of records of the extended page table 42 so that the continuous original transmission memory page is mapped to the continuous reception memory page.
 ステップS330において、メモリマッピング部22が、マッピングの変更が完了したことを仮想計算機60に割込みを用いて通知する。
 ステップS331において、メモリマッピング部22が、マッピングの変更が完了したことを仮想計算機70に割込みを用いて通知する。 In step S330, the memory mapping unit 22 notifies the virtual computer 60 of the completion of the mapping change using an interrupt.
In step S331, the memory mapping unit 22 notifies the virtual computer 70 of the completion of the mapping change using an interrupt.
 上記した第3の実施形態の変形例2では、メモリマッピング部22が、マッピングの変更が完了したことを仮想計算機70に通知するのに、割込みを用いている(ステップS331参照)。割込みの替わりに、メモリマッピング部22は、受信メモリページを通知するHVC(ステップS328参照)の返答を用いてもよい。詳しくは、メモリマッピング部22が、ステップS328においてHVCにより受信メモリページの通知を受け、続いて、ステップS329のメモリマッピングの変更処理を実行して、ステップS328のHVCの返答としてマッピング変更完了を仮想計算機70に通知する。 In the second modification of the third embodiment described above, the memory mapping unit 22 uses an interrupt to notify the virtual computer 70 that the change of the mapping is completed (see step S331). Instead of the interrupt, the memory mapping unit 22 may use the response of the HVC (see step S328) notifying the received memory page. Specifically, the memory mapping unit 22 receives the notification of the received memory page by the HVC in step S328, and then executes the memory mapping change process of step S329, and completes mapping change completion as a response of HVC in step S328. It notifies the computer 70.
≪第4の実施形態:情報フロー制御を伴った仮想メモリ間のコピーによるデータ送信≫
 第1~第3の実施形態では、仮想計算機60から仮想計算機70へデータを送信していた。逆に、仮想計算機70から仮想計算機60へ送信することも可能であり、両方向の通信が可能である。しかしながら、仮想計算機(60、70)が保持する情報の機密度や仮想計算機(60、70)の用途によっては、片方向の通信のみに制限したい場合もある。 << Fourth embodiment: Data transmission by copying between virtual memories with information flow control >>
In the first to third embodiments, data is transmitted from the virtual computer 60 to the virtual computer 70. Conversely, transmission from the virtual computer 70 to the virtual computer 60 is also possible, and communication in both directions is possible. However, depending on the secrecy of information held by the virtual computer (60, 70) and the application of the virtual computer (60, 70), it may be desired to limit communication to only one direction.
 例えば、仮想計算機70が機密度の高い情報を処理し、仮想計算機60が一般レベルの情報を処理する場合には、仮想計算機70から仮想計算機60へのデータ送信を禁止することにより、仮想計算機60へ機密度の高い情報が漏洩することを防止できる。また、機密度の高さに関係なく、マルウェアのような危険なプログラムが動作する計算機は、受信専用にし、データ送信できないようにしておけば、他の計算機にマルウェアが拡散することが無いようにできる。以下に、データ送信の方向を制限した仮想メモリ間のコピーによるデータ送信を説明する。 For example, in the case where the virtual computer 70 processes information with high secrecy and the virtual computer 60 processes general level information, the virtual computer 60 is prohibited by prohibiting data transmission from the virtual computer 70 to the virtual computer 60. It is possible to prevent leakage of highly sensitive information. Also, regardless of the level of sensitivity, if a computer running a dangerous program such as malware is made to receive only and can not transmit data, the malware will not spread to other computers. it can. Hereinafter, data transmission by copying between virtual memories in which the direction of data transmission is limited will be described.
 図11は、第4の実施形態に係るストレージ33上に格納される仮想計算機データベース51のデータ構成を例示する図である。仮想計算機データベース51は表形式のデータであって、1つのレコード(行)は1つの仮想計算機(60、70)を表し、仮想計算機ID511、ハードウェア設定512、認証情報513の属性(列)を含む。 FIG. 11 is a view exemplifying the data configuration of the virtual computer database 51 stored on the storage 33 according to the fourth embodiment. The virtual computer database 51 is tabular data, and one record (row) represents one virtual computer (60, 70), and attributes (columns) of virtual computer ID 511, hardware setting 512, and authentication information 513 are stored. Including.
 仮想計算機ID511は、仮想計算機(60、70)の識別情報(ID、Identifire)である。
 ハードウェア設定512は、仮想計算機(60、70)のハードウェアの設定情報であり、仮想CPU(61、71)のコア数や仮想メモリ(62、72)のサイズ、仮想NIC(不図示)のMAC(Media Access Control)アドレス、ストレージ33の領域(セクタ)の中で仮想計算機(60、70)の仮想ストレージ(不図示)に割り当てられる領域を示す情報などが含まれる。 The virtual computer ID 511 is identification information (ID, Identifire) of the virtual computer (60, 70).
The hardware setting 512 is setting information of hardware of the virtual computer (60, 70), and the number of cores of the virtual CPU (61, 71), the size of the virtual memory (62, 72), virtual NIC (not shown) It includes information indicating an area (sector) of a storage (MAC) address (Media Access Control) address, an area allocated to a virtual storage (not shown) of the virtual machine (60, 70), etc.
 認証情報513は、当該レコードとその内容の認証情報であり、仮想計算機ID511とハードウェア設定512とのハッシュ値またはデジタル署名である。認証情報513は、仮想計算機ID511とハードウェア設定512の他に、仮想ストレージ上のブートローダやゲストOS(65、75)のカーネルなどを含んだデータのハッシュ値またはデジタル署名であってもよい。 The authentication information 513 is authentication information of the record and its contents, and is a hash value or digital signature of the virtual computer ID 511 and the hardware setting 512. The authentication information 513 may be a hash value or digital signature of data including a boot loader on a virtual storage, a kernel of a guest OS (65, 75), etc., in addition to the virtual machine ID 511 and the hardware setting 512.
 仮想計算機(60、70)が起動する前に、ハイパーバイザ(20、20A)は、ハードウェア設定やブートローダ、ゲストOSのカーネルを認証情報513のハッシュ値またはデジタル署名と照合し、照合に失敗した場合には、仮想計算機(60、70)の起動を中止する。 Before the virtual machine (60, 70) starts up, the hypervisor (20, 20A) checks the hardware setting, the boot loader, and the kernel of the guest OS against the hash value or digital signature of the authentication information 513, and fails in matching. In this case, the activation of the virtual computer (60, 70) is discontinued.
 レコード519は、仮想計算機ID511が「VM#60」である仮想計算機の仮想CPUのコア数は1であり、仮想NICのMACアドレスは「3F34」で始まることを示している。 A record 519 indicates that the number of cores of the virtual CPU of the virtual computer whose virtual computer ID 511 is “VM # 60” is 1 and the MAC address of the virtual NIC starts with “3F34”.
 図12は、第4の実施形態に係るストレージ33上に格納される情報フロー制御管理データベース52のデータ構成を例示する図である。情報フロー制御管理データベース52は、表形式のデータであって、1つのレコード(行)は許可された仮想計算機間のデータ送信の方向を示し、送信元521と送信先522の属性(列)を含む。送信元521は許可されたデータ送信方向のデータ送信元である仮想計算機の仮想計算機ID511であり、送信先522は許可されたデータ送信方向のデータ送信先である仮想計算機の仮想計算機ID511である。 FIG. 12 is a view exemplifying the data configuration of the information flow control management database 52 stored on the storage 33 according to the fourth embodiment. The information flow control management database 52 is tabular data, and one record (row) indicates the direction of data transmission between the permitted virtual machines, and attributes (columns) of the transmission source 521 and the transmission destination 522 Including. The transmission source 521 is the virtual computer ID 511 of the virtual computer that is the data transmission source of the permitted data transmission direction, and the transmission destination 522 is the virtual computer ID 511 of the virtual computer that is the data transmission destination of the permitted data transmission direction.
 レコード529は、「VM#60」から「VM#70」へのデータ送信が可能であることを示す。情報フロー制御管理データベース52には、許可されたデータ送信方向のみが含まれ、許されないデータ送信の方向は含まれない。 A record 529 indicates that data transmission from “VM # 60” to “VM # 70” is possible. The information flow control management database 52 includes only authorized data transmission directions and does not include unauthorized data transmission directions.
 図13は、第4の実施形態に係る、情報フロー制御を伴った仮想計算機60から仮想計算機70へのデータ送信処理の流れを示すシーケンス図である。図13を参照しながら、ハイパーバイザ20のメモリコピー部21が、仮想計算機60の仮想メモリ62にあるデータを、仮想計算機70の仮想メモリ72にコピーする処理を説明する。 FIG. 13 is a sequence diagram showing a flow of data transmission processing from the virtual computer 60 to the virtual computer 70 with information flow control according to the fourth embodiment. A process in which the memory copy unit 21 of the hypervisor 20 copies data in the virtual memory 62 of the virtual computer 60 to the virtual memory 72 of the virtual computer 70 will be described with reference to FIG. 13.
 ステップS401~S403は、図4記載のステップS201~S203とそれぞれ同様である。
 ステップS404において、ハイパーバイザ20からステップS403のHVCを転送されたメモリコピー部21は、仮想計算機70へのデータ送信が可能か、情報フロー制御管理データベース52を参照して判断する。詳しくは、メモリコピー部21は、送信元521が仮想計算機60の仮想計算機IDであり、送信先522が仮想計算機70の仮想計算機IDであるレコードを検索する。続いて、メモリコピー部21は、当該レコードが存在すれば送信可能と判断してステップS406に進み、当該レコードが存在しなければ送信不可と判断してステップS405に進む。 Steps S401 to S403 are the same as steps S201 to S203 shown in FIG. 4, respectively.
In step S404, the memory copy unit 21 to which the HVC of step S403 has been transferred from the hypervisor 20 determines whether data transmission to the virtual computer 70 is possible with reference to the information flow control management database 52. Specifically, the memory copy unit 21 searches for a record in which the transmission source 521 is the virtual computer ID of the virtual computer 60 and the transmission destination 522 is the virtual computer ID of the virtual computer 70. Subsequently, the memory copying unit 21 determines that transmission is possible if the record exists, and proceeds to step S406, and determines that transmission is not possible if the record does not exist, and proceeds to step S405.
 ステップS405において、メモリコピー部21は、送信不可であることを仮想計算機60に割込みを用いて通知する。仮想計算機60で割込みが発生して、本データ送信処理を終える。
 ステップS406~S411は、図4記載のステップS204~S209とそれぞれ同様である。 In step S405, the memory copy unit 21 notifies the virtual computer 60 that transmission is not possible using an interrupt. An interrupt occurs in the virtual computer 60, and this data transmission process is ended.
Steps S406 to S411 are the same as steps S204 to S209 shown in FIG. 4, respectively.
 このようにすることで、情報フロー制御管理データベース52にレコードが存在し、許可された送信元521の仮想計算機から送信先522の仮想計算機のみのデータ送信が可能となる。情報フロー制御管理データベース52にレコードが存在しない、送信元521の仮想計算機から送信先522の仮想計算機へのデータ送信は禁止される。 By doing this, a record exists in the information flow control management database 52, and it becomes possible to transmit data of only the virtual computer of the transmission destination 522 from the virtual computer of the permitted transmission source 521. Data transmission from the virtual computer of the transmission source 521 to the virtual computer of the transmission destination 522 whose records do not exist in the information flow control management database 52 is prohibited.
 第4の実施形態において、メモリコピー部21は、ステップS404においてデータ送信の可否を判断していた。これとは異なり、メモリコピー部21は、データをコピーする前に、例えば、ステップS408の受信メモリ領域を通知するHVCの後に、データ送信の可否を判断してもよい。 In the fourth embodiment, the memory copy unit 21 determines in step S404 whether data transmission can be performed. Unlike this, the memory copying unit 21 may determine whether or not data transmission can be performed, for example, after the HVC notifying the reception memory area in step S408 before copying the data.
 ステップS404において、メモリコピー部21が送信不可と判断した場合には、ステップS405において、割込みを用いて仮想計算機60に通知している。割込みの替わりに、メモリコピー部21は、送信メモリ領域を通知するHVC(ステップS403参照)の返答を用いてもよい。詳しくは、メモリコピー部21が、ステップS403においてHVCにより送信メモリ領域の通知を受け、続いて、ステップS404において送信不可の場合には、ステップS403のHVCの返答として送信不可を仮想計算機60に通知する。 If the memory copy unit 21 determines in step S404 that transmission is not possible, the interrupt is used to notify the virtual computer 60 in step S405. Instead of the interrupt, the memory copy unit 21 may use the response of the HVC (see step S403) for notifying the transmission memory area. Specifically, the memory copy unit 21 receives the notification of the transmission memory area by the HVC in step S403, and subsequently, when the transmission is not possible in step S404, the virtual computer 60 is notified of the transmission impossible as a response to the HVC in step S403. Do.
≪第5の実施形態:情報フロー制御を伴ったメモリマッピング変更によるデータ送信≫
 メモリマッピング変更によるデータ送信においても、第4の実施形態と同様にデータの送信方向を制限することができる。第4の実施形態と同様に、ストレージ33上に仮想計算機データベース51(図11参照)と情報フロー制御管理データベース52(図12参照)とが格納される。 «Fifth embodiment: Data transmission by memory mapping change with information flow control»
Also in data transmission by memory mapping change, the transmission direction of data can be limited as in the fourth embodiment. Similar to the fourth embodiment, the virtual computer database 51 (see FIG. 11) and the information flow control management database 52 (see FIG. 12) are stored on the storage 33.
 図14は、第5の実施形態に係る、情報フロー制御を伴った仮想計算機60から仮想計算機70へのメモリマッピング変更によるデータ送信処理の流れを示すシーケンス図である。図14を参照しながら、ハイパーバイザ20Aのメモリマッピング部22が、仮想計算機60の仮想メモリ62上のページと、仮想計算機70の仮想メモリ72のページとのメモリマッピングを変更することによってデータ送信を実現する処理を説明する。 FIG. 14 is a sequence diagram showing a flow of data transmission processing by memory mapping change from the virtual computer 60 to the virtual computer 70 with information flow control according to the fifth embodiment. Referring to FIG. 14, the memory mapping unit 22 of the hypervisor 20A changes the memory mapping between the page on the virtual memory 62 of the virtual machine 60 and the page on the virtual memory 72 of the virtual machine 70, thereby transmitting data. The processing to be realized will be described.
 ステップS501~S503は、図7記載のステップS301~S303と同様である。
 ステップS504において、ハイパーバイザ20AからステップS503のHVCを転送されたメモリマッピング部22は、仮想計算機70へのデータ送信が可能か、情報フロー制御管理データベース52を参照して判断する。詳しくは、メモリマッピング部22は、送信元521が仮想計算機60の仮想計算機IDであり、送信先522が仮想計算機70の仮想計算機IDであるレコードを検索する。続いて、メモリマッピング部22は、当該レコードが存在すれば送信可能と判断してステップS506に進み、当該レコードが存在しなければ送信不可と判断してステップS505に進む。 Steps S501 to S503 are the same as steps S301 to S303 described in FIG.
In step S504, the memory mapping unit 22 to which the HVC of step S503 has been transferred from the hypervisor 20A determines whether data transmission to the virtual computer 70 is possible with reference to the information flow control management database 52. Specifically, the memory mapping unit 22 searches for a record in which the transmission source 521 is the virtual computer ID of the virtual computer 60 and the transmission destination 522 is the virtual computer ID of the virtual computer 70. Subsequently, the memory mapping unit 22 determines that transmission is possible if the record exists, and proceeds to step S506, and determines that transmission is not possible if the record does not exist, and proceeds to step S505.
 ステップS505において、メモリマッピング部22は、送信不可であることを仮想計算機60に割込みを用いて通知する。仮想計算機60で割込みが発生して、本データ送信処理を終える。
 ステップS506~S511は、図7に記載のステップS304~S309と同様である。 In step S505, the memory mapping unit 22 notifies the virtual computer 60 that transmission is not possible using an interrupt. An interrupt occurs in the virtual computer 60, and this data transmission process is ended.
Steps S506 to S511 are the same as steps S304 to S309 described in FIG.
 このようにすることで、情報フロー制御管理データベース52にレコードが存在し、許可された送信元521の仮想計算機から送信先522の仮想計算機のみのデータ送信が可能となる。情報フロー制御管理データベース52にレコードが存在しない、送信元521の仮想計算機から送信先522の仮想計算機へのデータ送信は禁止される。 By doing this, a record exists in the information flow control management database 52, and it becomes possible to transmit data of only the virtual computer of the transmission destination 522 from the virtual computer of the permitted transmission source 521. Data transmission from the virtual computer of the transmission source 521 to the virtual computer of the transmission destination 522 whose records do not exist in the information flow control management database 52 is prohibited.
 第5の実施形態において、メモリマッピング部22は、ステップS504においてデータ送信の可否を判断している。これとは異なり、メモリマッピング部22は、メモリマッピングを変更する前に、例えば、ステップS508の受信メモリページを通知するHVCの後に、データ送信の可否を判断してもよい。
 ステップS504において、メモリマッピング部22が送信不可と判断した場合には、ステップS505において、割込みを用いて仮想計算機60に通知している。割込みの替わりに、メモリマッピング部22は、送信メモリページを通知するHVC(ステップS503参照)の返答を用いてもよい。 In the fifth embodiment, the memory mapping unit 22 determines whether or not data transmission is possible in step S504. Unlike this, the memory mapping unit 22 may determine whether or not to transmit data, for example, after the HVC notifying the received memory page in step S508 before changing the memory mapping.
In step S504, when the memory mapping unit 22 determines that transmission is not possible, the interrupt is used to notify the virtual computer 60 in step S505. Instead of the interrupt, the memory mapping unit 22 may use the response of the HVC (see step S503) for notifying the transmission memory page.
≪変形例≫
 上記した実施形態において、仮想計算機(60、70)が送信メモリ領域や受信メモリ領域などをハイパーバイザ(20、20A)に通知するHVCのパラメータは、特定のレジスタにセットしていた。パラメータをメモリ上に格納して、当該メモリのアドレスを特定のレジスタにセットするようにしてもよい。また、ハイパーバイザ(20、20A)は、当該メモリに領域不足、送信メモリページのページ数(図10のステップS326参照)、コピー完了、コピーしたメモリサイズなどのHVC完了時の結果を格納するようにしてもよい。 «Modification»
In the embodiment described above, the HVC parameters for the virtual computer (60, 70) to notify the hypervisor (20, 20A) of the transmission memory area, the reception memory area and the like are set in a specific register. The parameters may be stored on a memory, and the address of the memory may be set in a specific register. In addition, the hypervisor (20, 20A) stores the result at the time of HVC completion, such as the area shortage, the number of transmission memory page pages (see step S326 in FIG. 10), copy completion, copied memory size in the memory. You may
 また、ハイパーバイザ(20、20A)が送信要求や受信要求などを仮想計算機(60、70)に通知する場合、それぞれの種別の割込み(割込みベクタ)を用いて通知していた。割込みの種別(割込みベクタ)は1つであり、送信要求や受信要求などの通知の種別は、割込みのパラメータとして特定のレジスタを介して通知してもよい。または、通知の種別をメモリ上に格納して、当該メモリのアドレスを特定のレジスタにセットするようにしてもよい。また、仮想計算機(60、70)がHVCを用いて、直前の割込み種別を取得してもよい。 In addition, when the hypervisor (20, 20A) notifies a virtual machine (60, 70) of a transmission request, a reception request, etc., it has notified using a type of interrupt (interrupt vector). The type of interrupt (interrupt vector) is one, and the type of notification such as a transmission request or reception request may be notified as a parameter of the interrupt via a specific register. Alternatively, the type of notification may be stored on a memory, and the address of the memory may be set in a specific register. Also, the virtual machine (60, 70) may use the HVC to obtain the last interrupt type.
 上記した実施形態において、送信側の仮想計算機60が送信したデータを受信側の仮想計算機70は、そのまま受信していた。データをそのまま送受信するのではなく、ハイパーバイザ20が変換して、仮想計算機70が受信するようにしてもよい。変換の例としては、暗号化、復号、エンディアン(バイトオーダ)変換、データ圧縮、データ伸長、エンコード、デコードおよびこれらの組み合せなどがあるが、これらに限定するものではない。暗号化や復号に必要な鍵は、ハイパーバイザ20のみがアクセスできるようにしておき、専らハイパーバイザ20が暗号化や復号するようにしてもよい。仮想計算機(60、70)が、インターネットなどの外部ネットワークに接続されていて、外部から攻撃されたりマルウェアに感染したりする恐れがある場合には、仮想計算機(60、70)に鍵を置かないことで、データの安全性が確保できるようになる。 In the embodiment described above, the virtual machine 70 on the receiving side has received the data transmitted by the virtual machine 60 on the transmitting side as it is. Instead of transmitting and receiving data as it is, the hypervisor 20 may convert and the virtual computer 70 may receive it. Examples of conversion include, but are not limited to, encryption, decryption, endian (byte order) conversion, data compression, data decompression, encoding, decoding, and combinations thereof. The key necessary for the encryption and decryption may be accessible only to the hypervisor 20, and may be encrypted and decrypted exclusively by the hypervisor 20. If virtual machines (60, 70) are connected to an external network such as the Internet and there is a risk of being attacked from the outside or infected with malware, do not put keys on the virtual machines (60, 70) This will ensure the safety of the data.
 図3に示した第1の実施形態の変形例3において、受信メモリ領域の不足やコピー完了をハイパーバイザ20は割込みを用いて受信側の仮想計算機70に通知していた(ステップS128とステップS133参照)。割込みの替わりに、ハイパーバイザ20は、受信メモリ領域の特定の部分を用いて通知するようにしてもよい。例えば、受信メモリ領域の先頭の1バイトが、1であれば受信メモリ領域の不足、2であればコピー完了として、ハイパーバイザ20が仮想計算機70に通知してもよい。この場合、データは2バイト目以降にコピーされる。他の実施例や変形例においても、メモリ領域の特定部分を介して、ハイパーバイザ20から仮想計算機(60、70)に、送信要求、受信要求、コピー完了などを通知してもよい。 In the third modification of the first embodiment shown in FIG. 3, the hypervisor 20 has notified the virtual machine 70 on the reception side using an interrupt that the reception memory area is insufficient or copy completion (steps S128 and S133). reference). Instead of the interrupt, the hypervisor 20 may notify using a specific part of the reception memory area. For example, the hypervisor 20 may notify the virtual machine 70 that the first 1 byte of the reception memory area is 1, if the reception memory area is insufficient, and 2 if the copy is complete. In this case, data is copied to the second and subsequent bytes. Also in the other embodiment or modification, the hypervisor 20 may notify the virtual computer (60, 70) of a transmission request, reception request, copy completion, etc. via a specific part of the memory area.
 上記した実施形態では、送信側は仮想計算機60、受信側は仮想計算機70と固定されていた。仮想計算機(60、70)が通信相手を指定できるようにしてもよい。例えば、図4に示した第2の実施形態において、送信側の仮想計算機60が受信側の仮想計算機を指定できるようにしてもよい。指定の方法としては、送信メモリ領域を通知するHVC(ステップS203)のパラメータとして受信側の仮想計算機を指定するようにしてもよい。この場合、ハイパーバイザ20は、受信側の仮想計算機に、受信要求の割込み(ステップS204)のパラメータや割込みの種別(割込みベクタ)、受信メモリ領域の特定部分を介して送信側の仮想計算機を通知するようにしてもよい。 In the embodiment described above, the transmitting side is fixed to the virtual computer 60, and the receiving side is fixed to the virtual computer 70. The virtual computer (60, 70) may be able to specify the communication partner. For example, in the second embodiment shown in FIG. 4, the virtual machine 60 on the transmitting side may be able to specify the virtual machine on the receiving side. As a designation method, a virtual machine on the receiving side may be designated as a parameter of the HVC (step S203) for notifying the transmission memory area. In this case, the hypervisor 20 notifies the virtual machine on the receiving side of the virtual machine on the transmitting side via the parameter of the interrupt of the reception request (step S204), the type of the interrupt (interrupt vector), and the specific part of the receiving memory area. You may do it.
 また、受信側の仮想計算機70が、通信相手を指定できるようにしてもよい。図2に示した第1の実施形態において、仮想計算機70が受信メモリ領域を通知するHVC(ステップS102)のパラメータないしは受信メモリ領域の特定部分に送信側の仮想計算機をセットしてもよい。 Also, the virtual machine 70 on the receiving side may be able to specify the communication partner. In the first embodiment shown in FIG. 2, the virtual machine on the transmission side may be set in a parameter of the HVC (step S102) for notifying the reception memory area of the virtual machine 70 or a specific part of the reception memory area.
 上記した実施形態やその変形例では、送信側の仮想計算機と受信側の仮想計算機とは、それぞれ1つだった。これに対して、1つの送信側の仮想計算機が、複数の仮想計算機にデータ送信できるようにしてもよい。第2の実施形態におけるメモリコピーによるデータ送信では、メモリコピー部21が、送信メモリ領域から複数の受信側の仮想計算機のそれぞれの受信メモリ領域にデータをコピーする。また、第3の実施形態におけるメモリマッピング変更によるデータ送信では、メモリマッピング部22が、複数の受信側仮想計算機のそれぞれの受信メモリページを変更前の送信メモリページに対応するホスト物理メモリページにマッピングする。 In the above-described embodiment and its modification, the virtual machine on the transmission side and the virtual machine on the reception side are each one. On the other hand, one transmission-side virtual computer may transmit data to a plurality of virtual computers. In data transmission by memory copy in the second embodiment, the memory copy unit 21 copies data from the transmission memory area to the reception memory area of each of the plurality of virtual machines on the reception side. Further, in data transmission by memory mapping change in the third embodiment, the memory mapping unit 22 maps the respective received memory pages of the plurality of receiving virtual machines to the host physical memory page corresponding to the transmission memory page before the change. Do.
 上記した実施形態やその変形例では、仮想計算機(60、70)上ではゲストOS(65、75)が稼働し、その上でアプリケーションが稼働している。ゲストOSがなく、仮想計算機(60、70)上で直接アプリケーションが稼働する場合でも、アプリケーションがHVCを実行して、割込みを処理することで、仮想メモリ(62、72)にセットしたデータを送信することができる。 In the above embodiment and its modification, the guest OS (65, 75) runs on the virtual computer (60, 70), and the application runs on it. Even when there is no guest OS and the application runs directly on the virtual machine (60, 70), the application executes HVC and processes the interrupt to send the data set in the virtual memory (62, 72) can do.
≪効果≫
 第1および第2の実施形態のハイパーバイザ20が、メモリ32上の送信メモリ領域から受信メモリ領域へデータをコピーすることで、仮想計算機60から仮想計算機70へのデータ送信を実現している。従来のデータ送信よりデータのコピー回数を削減しており、高速に送信できる。第3の実施形態のハイパーバイザ20Aが、メモリマッピングを変更してデータ送信した場合には、コピーしておらず、さらに高速に送信できる。 «Effect»
The hypervisor 20 according to the first and second embodiments realizes data transmission from the virtual computer 60 to the virtual computer 70 by copying data from the transmission memory area on the memory 32 to the reception memory area. The number of data copies is reduced compared to conventional data transmission, and high speed transmission can be performed. When the hypervisor 20A of the third embodiment changes the memory mapping and transmits data, the data is not copied and can be transmitted at higher speed.
 第4および第5の実施形態では、データの送信方向は一方向に限定されており、機密度の高い情報やマルウェアのような危険なデータの流出を未然に防ぐことができる。 In the fourth and fifth embodiments, the data transmission direction is limited to one direction, and it is possible to prevent the leak of dangerous data such as highly sensitive information and malware.
10,10A ホスト計算機
20  ハイパーバイザ
21  メモリコピー部
22  メモリマッピング部
31  CPU
32  メモリ
41,42 拡張ページテーブル
51  仮想計算機データベース
52  情報フロー制御管理データベース
60  (送信側)仮想計算機
61,71 仮想CPU
62,72 仮想メモリ
70  (受信側)仮想計算機 10, 10A Host computer 20 Hypervisor 21 Memory copy unit 22 Memory mapping unit 31 CPU
32 memory 41, 42 extended page table 51 virtual computer database 52 information flow control management database 60 (sender side) virtual computer 61, 71 virtual CPU
62, 72 Virtual Memory 70 (Receiver) Virtual Computer

Claims (5)

  1.  物理計算機上に複数の仮想計算機を稼働させ、前記仮想計算機の間のデータ通信を仲介するハイパーバイザであって、
     前記仮想計算機のうちデータの送信側である送信側仮想計算機から送信メモリ領域の通知を受けると、前記仮想計算機のうちデータの受信側である受信側仮想計算機に割込で受信要求を通知し、
     前記受信側仮想計算機から受信メモリ領域の通知を受けると、前記送信メモリ領域のデータを前記受信メモリ領域にコピーするメモリコピー部を備えるハイパーバイザ、
     を機能させるためのハイパーバイザプログラム。     A hypervisor which operates a plurality of virtual computers on a physical computer and mediates data communication between the virtual computers,
    When receiving a notification of the transmission memory area from the virtual machine on the transmitting side, which is the transmitting side of data, of the virtual machines, a reception request is notified to the receiving side virtual machine on the receiving side of data of the virtual machines by interruption.
    A hypervisor including a memory copy unit that copies data of the transmission memory area to the reception memory area when notified of the reception memory area from the reception-side virtual computer;
    Hypervisor program to make it work.
  2.  物理計算機上に複数の仮想計算機を稼働させ、前記仮想計算機の間のデータ通信を仲介するハイパーバイザであって、
     前記仮想計算機のうちデータの受信側である受信側仮想計算機から受信メモリ領域の通知を受けると、前記仮想計算機のうちデータの送信側である送信側仮想計算機に割込で送信要求を通知し、
     前記送信側仮想計算機から送信メモリ領域の通知を受けると、前記送信メモリ領域のデータを前記受信メモリ領域にコピーするメモリコピー部を備えるハイパーバイザ、
     を機能させるためのハイパーバイザプログラム。     A hypervisor which operates a plurality of virtual computers on a physical computer and mediates data communication between the virtual computers,
    When receiving a notification of the receiving memory area from the virtual computer on the receiving side of the receiving side of the data, the transmitting virtual machine on the transmitting side of the data of the virtual computer is notified of a transmission request by interruption.
    A hypervisor including a memory copy unit that copies data of the transmission memory area to the reception memory area when notified of the transmission memory area from the transmission-side virtual computer;
    Hypervisor program to make it work.
  3.  前記メモリコピー部は、
     前記送信メモリ領域のデータに対して、暗号化、復号、エンディアン変換、データ圧縮、データ伸長、エンコードおよびデコードのいずれか1つないしは複数の組み合わせの変換処理を実行し、この変換処理後のデータを前記受信メモリ領域にコピーする、
     ことを特徴とする請求項1または2に記載のハイパーバイザプログラム。     The memory copy unit is
    Data of the transmission memory area is subjected to conversion processing of one or more combinations of encryption, decryption, endian conversion, data compression, data decompression, encoding and decoding, and data after this conversion processing Copy to the reception memory area,
    The hypervisor program according to claim 1 or 2, characterized in that:
  4.  物理計算機上に複数の仮想計算機を稼働させ、前記仮想計算機の間のデータ通信を仲介するハイパーバイザであって、
     前記仮想計算機は、前記ハイパーバイザが管理し、物理アドレスにマッピングされる論理アドレス上で動作しており、
     前記ハイパーバイザは、
     前記仮想計算機のうちデータの送信側である送信側仮想計算機から送信メモリページの通知を受け、前記仮想計算機のうちデータの受信側である受信側仮想計算機から受信メモリページの通知を受けると、前記受信メモリページの論理アドレスのマッピング先の物理アドレスを、前記送信メモリページの論理アドレスのマッピング先の物理アドレスに変更し、前記送信メモリページの論理アドレスのマッピング先の物理アドレスを別の物理アドレスに変更するメモリマッピング部を備えるハイパーバイザ、
     を機能させるためのハイパーバイザプログラム。     A hypervisor which operates a plurality of virtual computers on a physical computer and mediates data communication between the virtual computers,
    The virtual machine is operating on a logical address managed by the hypervisor and mapped to a physical address,
    The hypervisor is
    The notification of the transmission memory page is received from the transmission side virtual computer on the transmission side of the data among the virtual computers, and the reception memory page is received from the reception side virtual computer on the reception side of the data of the virtual computers. Change the physical address to which the logical address of the receive memory page is mapped to the physical address to which the logical address of the transmit memory page is mapped, and change the physical address to which the logical address of the transmit memory page is mapped to another physical address Hypervisor with memory mapping unit to change,
    Hypervisor program to make it work.
  5.  前記ハイパーバイザは、
     前記送信側仮想計算機と前記受信側仮想計算機とに割込で送受信の完了を通知する、
     ことを特徴とする請求項1ないし4のうちいずれか1項に記載のハイパーバイザプログラム。     The hypervisor is
    Interrupting transmission / reception completion to the sending virtual computer and the receiving virtual computer
    The hypervisor program according to any one of claims 1 to 4, characterized in that:
PCT/JP2018/023862 2017-07-11 2018-06-22 Hypervisor program WO2019012958A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2019529028A JP7090080B2 (en) 2017-07-11 2018-06-22 Hypervisor program

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2017-135753 2017-07-11
JP2017135753 2017-07-11

Publications (1)

Publication Number Publication Date
WO2019012958A1 true WO2019012958A1 (en) 2019-01-17

Family

ID=65001304

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2018/023862 WO2019012958A1 (en) 2017-07-11 2018-06-22 Hypervisor program

Country Status (2)

Country Link
JP (1) JP7090080B2 (en)
WO (1) WO2019012958A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012063334A1 (en) * 2010-11-10 2012-05-18 株式会社日立製作所 Memory control device and i/o switch for assisting live migration of virtual machine
JP2016115253A (en) * 2014-12-17 2016-06-23 富士通株式会社 Information processing device, memory management method and memory management program
WO2017034008A1 (en) * 2015-08-25 2017-03-02 株式会社Seltech System with hypervisor

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012063334A1 (en) * 2010-11-10 2012-05-18 株式会社日立製作所 Memory control device and i/o switch for assisting live migration of virtual machine
JP2016115253A (en) * 2014-12-17 2016-06-23 富士通株式会社 Information processing device, memory management method and memory management program
WO2017034008A1 (en) * 2015-08-25 2017-03-02 株式会社Seltech System with hypervisor

Also Published As

Publication number Publication date
JPWO2019012958A1 (en) 2020-05-07
JP7090080B2 (en) 2022-06-23

Similar Documents

Publication Publication Date Title
CN112422615B (en) Communication method and device
US10785216B2 (en) Method for accessing network by internet of things device, apparatus, and system
CN107534579B (en) System and method for resource management
TW202226782A (en) Cryptographic computing including enhanced cryptographic addresses
CN113688072B (en) Data processing method and device
WO2021098244A1 (en) Method and device for first operating system to access resources of second operating system
CN113614722A (en) Process-to-process secure data movement in a network function virtualization infrastructure
CN117171073A (en) Method and computer device for processing remote direct memory access request
US20150370582A1 (en) At least one user space resident interface between at least one user space resident virtual appliance and at least one virtual data plane
CN110659101A (en) Techniques to provide function level isolation with capability-based security
WO2005066804A2 (en) Virtual to physical address translation
CN113449346B (en) Microprocessor, data processing method, electronic device, and storage medium
US9158690B2 (en) Performing zero-copy sends in a networked file system with cryptographic signing
US9049265B1 (en) Serving remote access to storage resources
CN113449347B (en) Microprocessor, data processing method, electronic device, and storage medium
US20230342087A1 (en) Data Access Method and Related Device
JP7090080B2 (en) Hypervisor program
CN116070239A (en) File encryption and decryption methods, devices, equipment and storage medium
US20230273995A1 (en) Hybrid data scan pipeline reducing response latency and increasing attack scanning accuracy
EP3913488B1 (en) Data processing method and device
CN116346382A (en) Method and device for blocking malicious TCP connection and electronic equipment
US10439960B1 (en) Memory page request for optimizing memory page latency associated with network nodes
TWI791995B (en) Software protection method and system thereof
CN113449331B (en) Microprocessor, data processing method, electronic device, and storage medium
WO2023040330A1 (en) Data processing method, device, and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18831396

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2019529028

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18831396

Country of ref document: EP

Kind code of ref document: A1