摘要:
Several embodiments of the present invention provide a means for improving data access security in computer systems to support high-security applications, and certain of these embodiments are specifically directed to providing sector-level encryption of a virtual hard disk in a virtual machine environment. More specifically, certain embodiments are directed to providing sector-level encryption by using plug-ins in a virtual machine environment, thereby providing improved data access security in a computer system that supports high-security applications. Certain embodiments also use encryption plug-ins associated with standard encryption software for exchanging data between a virtual machine (VM) and its associated virtual hard drive(s) (VHDs). Moreover, several embodiments of the present invention are directed to the use of plug-in encryption services that interface with, and provide services for, a VM via a VM Encryption API (or its equivalent).
摘要:
A method of virtualizing memory through shadow page tables that cache translations from multiple guest address spaces in a virtual machine includes a software version of a hardware tagged translation look-aside buffer. Edits to guest page tables are detected by intercepting the creation of guest-writable mappings to guest page tables with translations cached in shadow page tables. The affected cached translations are marked as stale and purged upon an address space switch or an indiscriminate flush of translations by the guest. Thereby, non-stale translations remain cached but stale translations are discarded. The method includes tracking the guest-writable mappings to guest page tables, deferring discovery of such mappings to a guest page table for the first time until a purge of all cached translations when the number of untracked guest page tables exceeds a threshold, and sharing shadow page tables between shadow address spaces and between virtual processors.
摘要:
The present invention provides a virtualized computing systems and methods for transitioning in real time between LONG SUPER-MODE and LEGACY SUPER-MODE in the x86-64 architecture. In doing so, a virtual machine, which relies on the traditional 32-bit modes, i.e., REAL MODE and PROTECTED MODE (V86 SUB-MODE, RING-0 SUB-MODE, and RING-3 SUB-MODE), is able to run alongside other applications on x86-64 computer hardware (i.e., 64-bit). The method of performing a temporary processor mode context switch includes the steps of the virtual machine monitor's setting up a “virtual=real” page, placing the transition code for performing the processor mode context switch on this page, jumping to this page, disabling the memory management unit (MMU) of the x86-64 computer hardware, modifying the mode control register to set either the LONG SUPER-MODE bit or LEGACY SUPER-MODE bit, loading a new page table, and reactivating the MMU of the x86-64 computer hardware.
摘要:
The present invention is a system for and method of providing instruction sequence compounding by (1) the virtual machine monitor's (VMM) looking ahead when an initial trap (exception) event occurs and recognizing traps within successive nearby instructions, combining and virtually executing the effects of multiple instructions while remaining inside the VMM's trap handler, and thereby minimizing the number of individual traps that would otherwise occur at each instruction and/or (2) the VMM's looking ahead when an initial context switch event occurs and recognizing context switches within successive nearby instructions, virtually combining the effects of multiple instructions and handing off this combined instruction to the host operating system, and thereby minimizing the number of individual context switches that would otherwise occur at each instruction. As a result, the number of processor cycles is reduced for exception handling and context switching in a virtual machine environment.
摘要:
Various operations are disclosed for improving the operational efficiency of interrupt handling in a virtualized environment. A virtualized interrupt controller may obviate the need for an explicit end-of-interrupt command by providing an automatic EOI capability even when a physical interrupt controller offers no such mechanism. The use of a message pending bit for inter-partition communications facilitates avoiding an EOI command of inter-processor interrupts used in inter-partition communications whenever no further messages are cued for a particular message slot. A virtualized interrupt controller facilitates the selective EOI of an interrupt even when it is not the highest priority in-service interrupt irrespective of whether a physical interrupt controller provides such functionality.
摘要:
Efficient power management of a system with virtual machines is disclosed. In particular, such efficient power management may enable coordination of system-wide power changes with virtual machines. Additionally, such efficient power management may enable coherent power changes in a system with a virtual machine monitor. Furthermore, such efficient power management may enable dynamic control and communication of power state changes.
摘要:
The present invention discloses dynamically adding virtual devices to a virtual computing environment. The system described in the invention includes a virtualized computing system with a manifest, which further includes device lists and an external device directory, which provides users of the virtualized computing system with a directory for adding software plug-ins that contain specifications needed to add virtual devices to the virtual computing environment. Certain embodiments are specifically directed to providing a method of adding and configuring virtual devices. Certain embodiments are specifically directed to providing a method of operating a virtualized computing system wherein the host operating system and the virtual devices progress through a series of states, such as: initializing, powering up, loading a stored state, operating in normal state, saving state for future restoration, powering down, and tearing down and turning off.
摘要:
Various operations are disclosed for improving the operational efficiency of interrupt handling in a virtualized environment. A virtualized interrupt controller may obviate the need for an explicit end-of-interrupt command by providing an automatic EOI capability even when a physical interrupt controller offers no such mechanism. The use of a message pending bit for inter-partition communications facilitates avoiding an EOI command of inter-processor interrupts used in inter-partition communications whenever no further messages are cued for a particular message slot. A virtualized interrupt controller facilitates the selective EOI of an interrupt even when it is not the highest priority in-service interrupt irrespective of whether a physical interrupt controller provides such functionality.
摘要:
An operating system is described that is capable of ascertaining whether it is executing in a virtual machine environment and is further capable of modifying its behavior to operate more efficiently and provide optimal behavior in a virtual machine environment. An operating system is enlightened so that it is aware of VMMs or hypervisors, taking on behavior that is optimal to that environment. The VMM or hypervisor informs the operating system of the optimal behavior, and vice versa.
摘要:
The present invention is directed to making a guest operating system aware of the topology of the subset of host resources currently assigned to it. At virtual machine boot time a Static Resource Affinity Table (SRAT) will be used by the virtualizer to group guest physical memory and guest virtual processors into virtual nodes. Thereafter, in one embodiment, the host physical memory behind a virtual node can be changed by the virtualizer as necessary, and the virtualizer will provide physical processors appropriate for the virtual processors in that node.