Virtualization system for computers having multiple protection mechanisms
    1.
    发明授权
    Virtualization system for computers having multiple protection mechanisms 有权
    具有多重保护机制的计算机的虚拟化系统

    公开(公告)号:US07278030B1

    公开(公告)日:2007-10-02

    申请号:US10378126

    申请日:2003-03-03

    IPC分类号: G06F11/30 G06F12/14

    CPC分类号: G06F12/1466 G06F9/45537

    摘要: In a virtual computer system, the invention virtualizes a primary protection mechanism, which restricts memory accesses based on the type of access attempted and a current hardware privilege level, using a secondary protection mechanism, which is independent of the hardware privilege level. The invention may be used to virtualize the protection mechanisms of the Intel IA-64 architecture. In this embodiment, virtual access rights settings in a virtual TLB are translated into shadow access rights settings in a hardware TLB, while virtual protection key settings in a virtual PKR cache are translated into shadow protection key settings in a hardware PKR cache, based in part on the virtual access rights settings. The shadow protection key settings are dependent on the guest privilege level, but the shadow access rights settings are not.

    摘要翻译: 在虚拟计算机系统中,本发明使用独立于硬件特权级别的次级保护机制来虚拟化主保护机制,其基于尝试的访问类型和当前硬件特权级别来限制存储器访问。 本发明可以用于虚拟化Intel IA-64架构的保护机制。 在该实施例中,虚拟TLB中的虚拟访问权限设置被转换为硬件TLB中的影子访问权限设置,而虚拟PKR高速缓存中的虚拟保护密钥设置被部分地转换为硬件PKR高速缓存中的影子保护密钥设置 对虚拟访问权限设置。 影子保护键设置取决于访客权限级别,但影子访问权限设置不是。

    Virtualization system for computers having multiple protection mechanisms
    2.
    发明授权
    Virtualization system for computers having multiple protection mechanisms 有权
    具有多重保护机制的计算机的虚拟化系统

    公开(公告)号:US07908646B1

    公开(公告)日:2011-03-15

    申请号:US11865670

    申请日:2007-10-01

    IPC分类号: G06F7/04

    CPC分类号: G06F12/1466 G06F9/45537

    摘要: In a virtual computer system, the invention virtualizes a primary protection mechanism, which restricts memory accesses based on the type of access attempted and a current hardware privilege level, using a secondary protection mechanism, which is independent of the hardware privilege level. The invention may be used to virtualize the protection mechanisms of the Intel IA-64 architecture. In this embodiment, virtual access rights settings in a virtual TLB are translated into shadow access rights settings in a hardware TLB, while virtual protection key settings in a virtual PKR cache are translated into shadow protection key settings in a hardware PKR cache, based in part on the virtual access rights settings. The shadow protection key settings are dependent on the guest privilege level, but the shadow access rights settings are not.

    摘要翻译: 在虚拟计算机系统中,本发明使用独立于硬件特权级别的次级保护机制来虚拟化主保护机制,其基于尝试的访问类型和当前硬件特权级别来限制存储器访问。 本发明可以用于虚拟化Intel IA-64架构的保护机制。 在该实施例中,虚拟TLB中的虚拟访问权限设置被转换为硬件TLB中的影子访问权限设置,而虚拟PKR高速缓存中的虚拟保护密钥设置被部分地转换为硬件PKR高速缓存中的影子保护密钥设置 对虚拟访问权限设置。 影子保护键设置取决于访客权限级别,但影子访问权限设置不是。

    Switching between multiple software entities using different operating modes of a processor
    3.
    发明授权
    Switching between multiple software entities using different operating modes of a processor 有权
    使用处理器的不同操作模式切换多个软件实体

    公开(公告)号:US08266628B2

    公开(公告)日:2012-09-11

    申请号:US12339778

    申请日:2008-12-19

    IPC分类号: G06F9/455 G06F9/46

    CPC分类号: G06F9/45554

    摘要: The computer program includes a virtualization software that is executable on the new processor in the legacy mode. The new processor includes a legacy instruction set for a legacy operating mode and a new instruction set for a new operation mode. The switching includes switching from the new instruction set to the legacy instruction set and switching paging tables. Each of the new operating mode and the legacy operating mode has separate paging tables. The switch routine is incorporated in a switch page that is locked in physical memory. The switch page has a first section to store a part of switching instructions conforming to the new instruction set and a second section to store another part of the switching instructions conforming to the legacy instruction set.

    摘要翻译: 该计算机程序包括在传统模式下可在新处理器上执行的虚拟化软件。 新处理器包括用于传统操作模式的遗留指令集和用于新操作模式的新指令集。 切换包括从新指令集切换到传统指令集和切换寻呼表。 每个新的操作模式和传统操作模式都有独立的分页表。 开关程序被并入被锁定在物理存储器中的开关页面中。 开关页面具有存储符合新指令集的切换指令的一部分的第一部分和存储符合传统指令集的切换指令的另一部分的第二部分。

    Virtualization system for computers that use address space indentifiers
    4.
    发明授权
    Virtualization system for computers that use address space indentifiers 有权
    使用地址空间标识符的计算机的虚拟化系统

    公开(公告)号:US07409487B1

    公开(公告)日:2008-08-05

    申请号:US10609877

    申请日:2003-06-30

    IPC分类号: G06F12/00 G06F9/26 G06F21/00

    摘要: A virtual computer system including multiple virtual machines (VMs) is implemented in a physical computer system that uses address space identifiers (ASIDs). Each VM includes a virtual translation look-aside buffer (TLB), in which guest software, executing on the VM, may insert address translations, with each translation including an ASID. For each ASID used by guest software, a virtual machine monitor (VMM), or other software unit, assigns a unique shadow ASID for use in corresponding address translations in a hardware TLB. If a unique shadow ASID is not available for a newly used guest ASID, the VMM reassigns a shadow ASID from a prior guest ASID to the new guest ASID, purging any entries in the hardware TLB corresponding to the prior guest ASID. Assigning unique shadow ASIDs limits the need for TLB purges upon switching between the multiple VMs, reducing the number of TLB miss faults, and consequently improving overall processing efficiency.

    摘要翻译: 在使用地址空间标识符(ASID)的物理计算机系统中实现包括多个虚拟机(VM)的虚拟计算机系统。 每个虚拟机包括虚拟翻译后备缓冲器(TLB),其中在VM上执行的客户机软件可以插入地址转换,每个转换包括ASID。 对于访客软件使用的每个ASID,虚拟机监视器(VMM)或其他软件单元分配一个唯一的影子ASID,用于硬件TLB中相应的地址转换。 如果唯一的影子ASID不适用于新使用的客户机ASID,则VMM将从先前客户机ASID的影子ASID重新分配给新的客户机ASID,清除与先前客户机ASID相对应的硬件TLB中的任何条目。 分配唯一的影子ASID限制了在多个VM之间切换时对TLB清除的需求,减少了TLB未命中故障的数量,从而提高了整体处理效率。

    Methods for accessing multiple page tables in a computer system
    5.
    发明授权
    Methods for accessing multiple page tables in a computer system 有权
    访问计算机系统中多个页表的方法

    公开(公告)号:US07490216B1

    公开(公告)日:2009-02-10

    申请号:US11521632

    申请日:2006-09-14

    IPC分类号: G06F12/08 G06F12/10

    CPC分类号: G06F12/1036 G06F12/109

    摘要: A virtual memory system implementing the invention provides concurrent access to translations for virtual addresses from multiple address spaces. One embodiment of the invention is implemented in a virtual computer system, in which a virtual machine monitor supports a virtual machine. In this embodiment, the invention provides concurrent access to translations for virtual addresses from the respective address spaces of both the virtual machine monitor and the virtual machine. Multiple page tables contain the translations for the multiple address spaces. Information about an operating state of the computer system, as well as an address space identifier, are used to determine whether, and under what circumstances, an attempted memory access is permissible. If the attempted memory access is permissible, the address space identifier is also used to determine which of the multiple page tables contains the translation for the attempted memory access.

    摘要翻译: 实现本发明的虚拟存储器系统提供对来自多个地址空间的虚拟地址的翻译的并发访问。 本发明的一个实施例在虚拟计算机系统中实现,其中虚拟机监视器支持虚拟机。 在本实施例中,本发明提供了从虚拟机监视器和虚拟机的相应地址空间对虚拟地址的翻译的并发访问。 多页表包含多个地址空间的翻译。 关于计算机系统的操作状态的信息以及地址空间标识符被用于确定在什么情况下是否允许尝试的存储器访问。 如果尝试的内存访问是允许的,那么地址空间标识符也用于确定哪个多个页表包含尝试的内存访问的转换。

    TLB miss fault handler and method for accessing multiple page tables
    6.
    发明授权
    TLB miss fault handler and method for accessing multiple page tables 有权
    TLB错误处理程序和访问多个页表的方法

    公开(公告)号:US07111145B1

    公开(公告)日:2006-09-19

    申请号:US10397030

    申请日:2003-03-25

    IPC分类号: G06F12/00 G06F12/08 G06F12/10

    CPC分类号: G06F12/1036 G06F12/109

    摘要: A virtual memory system implementing the invention provides concurrent access to translations for virtual addresses from multiple address spaces. One embodiment of the invention is implemented in a virtual computer system, in which a virtual machine monitor supports a virtual machine. In this embodiment, the invention provides concurrent access to translations for virtual addresses from the respective address spaces of both the virtual machine monitor and the virtual machine. Multiple page tables contain the translations for the multiple address spaces. Information about an operating state of the computer system, as well as an address space identifier, are used to determine whether, and under what circumstances, an attempted memory access is permissible. If the attempted memory access is permissible, the address space identifier is also used to determine which of the multiple page tables contains the translation for the attempted memory access.

    摘要翻译: 实现本发明的虚拟存储器系统提供对来自多个地址空间的虚拟地址的翻译的并发访问。 本发明的一个实施例在虚拟计算机系统中实现,其中虚拟机监视器支持虚拟机。 在本实施例中,本发明提供了从虚拟机监视器和虚拟机的相应地址空间对虚拟地址的翻译的并发访问。 多页表包含多个地址空间的翻译。 关于计算机系统的操作状态的信息以及地址空间标识符被用于确定在什么情况下是否允许尝试的存储器访问。 如果尝试的内存访问是允许的,那么地址空间标识符也用于确定哪个多个页表包含尝试的内存访问的转换。

    Accessing multiple page tables in a computer system
    7.
    发明授权
    Accessing multiple page tables in a computer system 有权
    在计算机系统中访问多个页表

    公开(公告)号:US08225071B2

    公开(公告)日:2012-07-17

    申请号:US13023356

    申请日:2011-02-08

    IPC分类号: G06F12/08 G06F12/10

    CPC分类号: G06F12/1036 G06F12/109

    摘要: A virtual memory system implementing the invention provides concurrent access to translations for virtual addresses from multiple address spaces. One embodiment of the invention is implemented in a virtual computer system, in which a virtual machine monitor supports a virtual machine. In this embodiment, the invention provides concurrent access to translations for virtual addresses from the respective address spaces of both the virtual machine monitor and the virtual machine. Multiple page tables contain the translations for the multiple address spaces. Information about an operating state of the computer system, as well as an address space identifier, are used to determine whether, and under what circumstances, an attempted memory access is permissible. If the attempted memory access is permissible, the address space identifier is also used to determine which of the multiple page tables contains the translation for the attempted memory access.

    摘要翻译: 实现本发明的虚拟存储器系统提供对来自多个地址空间的虚拟地址的翻译的并发访问。 本发明的一个实施例在虚拟计算机系统中实现,其中虚拟机监视器支持虚拟机。 在本实施例中,本发明提供了从虚拟机监视器和虚拟机的相应地址空间对虚拟地址的翻译的并发访问。 多页表包含多个地址空间的翻译。 关于计算机系统的操作状态的信息以及地址空间标识符被用于确定在什么情况下是否允许尝试的存储器访问。 如果尝试的内存访问是允许的,那么地址空间标识符也用于确定哪个多个页表包含尝试的内存访问的转换。

    Methods for accessing multiple page tables in a computer system
    8.
    发明授权
    Methods for accessing multiple page tables in a computer system 有权
    访问计算机系统中多个页表的方法

    公开(公告)号:US07886127B2

    公开(公告)日:2011-02-08

    申请号:US12345866

    申请日:2008-12-30

    IPC分类号: G06F12/08 G06F12/10

    CPC分类号: G06F12/1036 G06F12/109

    摘要: A virtual memory system implementing the invention provides concurrent access to translations for virtual addresses from multiple address spaces. One embodiment of the invention is implemented in a virtual computer system, in which a virtual machine monitor supports a virtual machine. In this embodiment, the invention provides concurrent access to translations for virtual addresses from the respective address spaces of both the virtual machine monitor and the virtual machine. Multiple page tables contain the translations for the multiple address spaces. Information about an operating state of the computer system, as well as an address space identifier, are used to determine whether, and under what circumstances, an attempted memory access is permissible. If the attempted memory access is permissible, the address space identifier is also used to determine which of the multiple page tables contains the translation for the attempted memory access.

    摘要翻译: 实现本发明的虚拟存储器系统提供对来自多个地址空间的虚拟地址的翻译的并发访问。 本发明的一个实施例在虚拟计算机系统中实现,其中虚拟机监视器支持虚拟机。 在本实施例中,本发明提供了从虚拟机监视器和虚拟机的相应地址空间对虚拟地址的翻译的并发访问。 多页表包含多个地址空间的翻译。 关于计算机系统的操作状态的信息以及地址空间标识符被用于确定在什么情况下是否允许尝试的存储器访问。 如果尝试的内存访问是允许的,那么地址空间标识符也用于确定哪个多个页表包含尝试的内存访问的转换。

    SWITCHING BETWEEN MULTIPLE SOFTWARE ENTITIES USING DIFFERENT OPERATING MODES OF A PROCESSOR
    9.
    发明申请
    SWITCHING BETWEEN MULTIPLE SOFTWARE ENTITIES USING DIFFERENT OPERATING MODES OF A PROCESSOR 有权
    使用不同操作模式的处理器之间切换多个软件实体

    公开(公告)号:US20090100250A1

    公开(公告)日:2009-04-16

    申请号:US12339778

    申请日:2008-12-19

    IPC分类号: G06F9/455 G06F9/318

    CPC分类号: G06F9/45554

    摘要: The computer program includes a virtualization software that is executable on the new processor in the legacy mode. The new processor includes a legacy instruction set for a legacy operating mode and a new instruction set for a new operation mode. The switching includes switching from the new instruction set to the legacy instruction set and switching paging tables. Each of the new operating mode and the legacy operating mode has separate paging tables. The switch routine is incorporated in a switch page that is locked in physical memory. The switch page has a first section to store a part of switching instructions conforming to the new instruction set and a second section to store another part of the switching instructions conforming to the legacy instruction set.

    摘要翻译: 该计算机程序包括在传统模式下可在新处理器上执行的虚拟化软件。 新处理器包括用于传统操作模式的传统指令集和用于新操作模式的新指令集。 切换包括从新指令集切换到传统指令集和切换寻呼表。 每个新的操作模式和传统操作模式都有独立的分页表。 开关程序被并入被锁定在物理存储器中的开关页面中。 开关页面具有存储符合新指令集的切换指令的一部分的第一部分和存储符合传统指令集的切换指令的另一部分的第二部分。

    METHODS FOR ACCESSING MULTIPLE PAGE TABLES IN A COMPUTER SYSTEM
    10.
    发明申请
    METHODS FOR ACCESSING MULTIPLE PAGE TABLES IN A COMPUTER SYSTEM 有权
    在计算机系统中访问多个页表的方法

    公开(公告)号:US20090106524A1

    公开(公告)日:2009-04-23

    申请号:US12345866

    申请日:2008-12-30

    IPC分类号: G06F12/06

    CPC分类号: G06F12/1036 G06F12/109

    摘要: A virtual memory system implementing the invention provides concurrent access to translations for virtual addresses from multiple address spaces. One embodiment of the invention is implemented in a virtual computer system, in which a virtual machine monitor supports a virtual machine. In this embodiment, the invention provides concurrent access to translations for virtual addresses from the respective address spaces of both the virtual machine monitor and the virtual machine. Multiple page tables contain the translations for the multiple address spaces. Information about an operating state of the computer system, as well as an address space identifier, are used to determine whether, and under what circumstances, an attempted memory access is permissible. If the attempted memory access is permissible, the address space identifier is also used to determine which of the multiple page tables contains the translation for the attempted memory access.

    摘要翻译: 实现本发明的虚拟存储器系统提供对来自多个地址空间的虚拟地址的翻译的并发访问。 本发明的一个实施例在虚拟计算机系统中实现,其中虚拟机监视器支持虚拟机。 在本实施例中,本发明提供了从虚拟机监视器和虚拟机的相应地址空间对虚拟地址的翻译的并发访问。 多页表包含多个地址空间的翻译。 关于计算机系统的操作状态的信息以及地址空间标识符被用于确定在什么情况下是否允许尝试的存储器访问。 如果尝试的内存访问是允许的,那么地址空间标识符也用于确定哪个多个页表包含尝试的内存访问的转换。