摘要:
A method and apparatus for translating a virtual address to a physical address. A virtual address to be translated has a virtual page offset and a virtual page number. The virtual address to be translated addresses a page of memory. The size of this page is unknown. There are L different possible page sizes where L is a positive integer greater than one. Each of the L different page sizes is selected to be a test page size and a test is performed. During the test, a pointer into a translation storage buffer is calculated. The pointer is calculated from the virtual address to be translated by assuming that the virtual address to be translated corresponds to a mapping of the test page size. The pointer points to a candidate translation table entry of the translation storage buffer. The candidate translation table entry has a candidate tag and candidate data. The candidate tag identifies a particular virtual address and the candidate data identifies a particular physical address corresponding to the particular virtual address. A virtual address target tag is extracted from the virtual address to be translated. The virtual address target tag is calculated by assuming that the virtual address to be translated corresponds to a mapping of the test page size. The target tag and the candidate tag are then compared. If the target tag matches the candidate tag, the candidate data is provided as the physical address translation corresponding to the virtual address to be translated.
摘要:
A containment mechanism provides for the grouping and isolation of multiple processes running on a single computer using a single instance of the operating system. A system is divided into one or more side-by-side and/or nested spaces enabling the partitioning and controlled sharing of resources by creating different views of hierarchical name spaces by creating a new branch of an existing global system name space or by linking the sub-root level nodes of a new hierarchy to a subset of nodes in an existing global system name space.
摘要:
An intra-operating system isolation mechanism called a silo provides for the grouping and isolation of processes running on a single computer using a single instance of the operating system. The operating system enables the controlled sharing of resources by providing a view of a system name space to processes executing within an isolated application called a server silo. A server silo is created by performing a separate “mini-boot” of user-level services within the server silo. The single OS image serving the computer employs the mechanism of name space containment to constrain which server silos can use which resource(s). Restricting access to resources is therefore directly based on the process or application placed in the server silo rather than who is running the application because if a process or application is unable to resolve a name used to access a resource, it will be unable to use the resource.
摘要:
An operating system architecture is based on a service model in which active entities (services) are containers for objects having a number of interfaces specified through a contract language that is a subset of the language in which the service is coded. Services may reside in the same address space or may reside in separate address spaces, without changing the programming model or compiled binaries. The location of a service is independent of the location of the service's clients and of services the service calls.
摘要:
An element of a file system is virtually deleted by creating a deletion marker for the element. Two or more separate physical file system directories are presented as one merged (virtual) file system directory to a process running in a silo. The operating system provides the merged view of the file system directories by monitoring file system requests made by processes in silos on a computer or computer system and filtering out those elements associated with deletion markers. Special processing is invoked in response to detecting certain types of file system access requests, including: enumeration, open, create, rename or delete.
摘要:
Each virtualized environment on a computer has its own set of firewall rules. The virtualized environments share a single instance of the operating system image, a filter engine and a single network stack. A virtualized environment may be a compartment or a server silo. A virtualized environment is a network isolation mechanism and may be used to prevent use of a computer to traverse network boundaries by creating a separate virtualized environment for each network, enabling a separate set of rules to be applied to each virtualized environment and the network interfaces within it. Virtualized environments may also be used to assign different trust levels to the same physical network. Firewall rules are applied by virtualized environment identifier (ID), enabling separate filters to be applied to each virtualized environment on a computer. A virtualized environment may include or be associated with one or more network interfaces.
摘要:
A computer system having virtual memory that can be mapped using multiple page sizes onto logically addressable physical memory. An intermediate addressing scheme permits the mapping of several non-contiguous small pages in physical memory onto a bigger sized virtual memory page. Rather than translating a virtual address directly into a physical address, a virtual address is translated into an intermediate address that may or may not be a physical address. If the virtual page is backed by physical memory that is contiguous and aligned on a proper boundary for the page size, then the intermediate address will be the physical address and no second translation is required. If the intermediate address is not a physical address, it is then translated into a physical address. This is the case where a big page in virtual memory is backed by more than one smaller page in physical memory. Thus, non-contiguous small pages in physical memory can be mapped together using an intermediate translation to form a single big page thereby removing the requirement that a big page be mapped using a single contiguous portion of physical memory and further removing the requirement that the big page be big page boundary aligned within physical memory. Furthermore, several small pages can be promoted to a single big page simply by changing the virtual address to intermediate address mappings and also changing the intermediate address to physical address mappings to reflect the promotion thereby eliminating the need to move the contents of the small pages into a single contiguous, big page aligned region of physical memory. Furthermore, a big page sized region of virtual memory that has one or more smaller page sized holes within it can be treated as a single big virtual memory page and be backed in physical memory using only as many smaller pages as are required to back the non-hole regions of the virtual address space.
摘要:
A method and apparatus to share virtual memory translations in a computer is described. The apparatus includes an operating system that runs in conjunction with a central processing unit. The operating system is programmed to include an address identification routine to identify distinct virtual memory translation entries, associated with a plurality of distinct processes running on the computer, that map to one or more common physical memory page addresses. The operating system also includes a mask assignment routine to assign a first mask value to the distinct virtual memory translation entries, and a write routine to write, to a translation-lookaside buffer or a page table, the distinct virtual memory translation entries as a single address associated with the first mask value. A comparison mechanism is used to compare a second mask value of a translation-request virtual memory translation value to the first mask value to determine whether the second mask value corresponds to said first mask value. If the two mask values correspond, then the single address associated with the first mask value is used as a virtual memory translation address.
摘要:
A method and apparatus for providing address translations for a computer system having a virtual memory that is mapped onto physical memory. The apparatus has at least one page frame descriptor (PFD) for describing a contiguous portion of physical memory, at least one translation block (TB) for describing a contiguous portion of virtual memory and a hash list. Each PFD has a base physical address (PA), a PA range beginning at the base PA and a translation entry pointer. Each TB has a base virtual address (VA), a VA range beginning at the base VA, and a page size used to map the VA range of the TB. Each TB also has a header and at least one translation entry. Each header has a TB pointer and each translation entry has a backward pointer. Each translation entry of the TB corresponds to a different equalsized translation range of the VA range of the TB. If the translation range of a translation entry is backed by a physical memory page frame, then the backward pointer of the translation entry points to a describing PFD that describes the corresponding page frame and the translation entry pointer of the describing PFD points to the translation entry. The hash list has a plurality of hash entries. Each hash entry has a translation header pointer and an associated hash index unique to the hash entry.
摘要:
Systems and methods for providing a framework within which device drivers may run at a user-mode level. A platform (e.g., APIC) or bus (PCI bus) generic feature is used to take the CPU out of interrupt mode without having to wait for a user-level driver to clear the device interrupt. This allows writing the complete device driver in user space. The device driver still get notifications on interrupts but not at interrupt priority. The same scheme can be extended to shared interrupts, where multiple devices share a single interrupt line.