CN107085535A - A kind of information processing method and electronic equipment - Google Patents
A kind of information processing method and electronic equipment Download PDFInfo
- Publication number
- CN107085535A CN107085535A CN201710203551.1A CN201710203551A CN107085535A CN 107085535 A CN107085535 A CN 107085535A CN 201710203551 A CN201710203551 A CN 201710203551A CN 107085535 A CN107085535 A CN 107085535A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- task
- identification information
- memory
- page table
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45583—Memory management, e.g. access or allocation
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Memory System Of A Hierarchy Structure (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of information processing method and electronic equipment, wherein, method includes:The memory access request for the first task of the first virtual machine at least one virtual machine is got, wherein, memory virtual address is included in the memory access request;At least obtain the identification information of first virtual machine;Memory access request based on the first task determines corresponding page table entry, and the identification information of the corresponding target virtual machine in the memory virtual address is at least obtained from the page table entry;Judge whether the identification information of the target virtual machine is identical with the identification information of first virtual machine and obtain judged result, determine whether that the first task carries out internal storage access according to the judged result.
Description
Technical field
The present invention relates to Virtual Machine Manager technology, and in particular to it is a kind of be applied to electronic equipment in information processing method and
A kind of electronic equipment.
Background technology
At present, container virtualization technology is more and more used, but some containers have been run very in container virtual machine
Important task, this container will possess high authority, and we term it high right container virtual machine.If this container is virtual
Application program in machine knows the physical address (PA) used of other virtual machines, it is possible to by the page table for changing own process
Way access to other virtual machines address space;Similarly, if the application program in this container virtual machine knows HOST
The physical address (PA) that main frame is used, it is possible to by change own process page table way access to the address of HOST main frames
Space, causes unsafe access so that HOST main frames are fallen into enemy hands.Same reason, if this kind of container virtual machine knows other
Address after the mapping of container virtual machine facility, it is possible to access the equipment content of other container virtual machines, such as read other virtual
Transmitting-receiving message of machine network interface card etc..
The content of the invention
It is a primary object of the present invention to propose a kind of information processing method and electronic equipment, it is intended to solve in the prior art
The above mentioned problem of presence.
To achieve the above object, the present invention provides a kind of information processing method, applied to electronic equipment, including:
The memory access request for the first task of the first virtual machine at least one virtual machine is got, wherein, institute
State and include memory virtual address in memory access request;
At least obtain the identification information of first virtual machine;
Memory access request based on the first task determines corresponding page table entry, is at least obtained from the page table entry
The identification information of the corresponding target virtual machine in the memory virtual address;
Judge whether the identification information of the target virtual machine is identical with the identification information of first virtual machine to be sentenced
Disconnected result, determines whether that the first task carries out internal storage access according to the judged result.
The present invention provides a kind of electronic equipment, and the electronic equipment includes:
Acquisition request unit, the internal memory of the first task of the first virtual machine at least one virtual machine is directed to for getting
Access request, wherein, memory virtual address is included in the memory access request;
Information extraction unit, the identification information at least obtaining first virtual machine;Based on the first task
Memory access request determines corresponding page table entry, and the corresponding target in the memory virtual address is at least obtained from the page table entry
The identification information of virtual machine;
Identifying unit, for judging that the identification information of identification information and first virtual machine of the target virtual machine is
It is no it is identical obtain judged result, determine whether that the first task carries out internal storage access according to the judged result.
Information processing method and electronic equipment that the present embodiment is provided, can be based on the first task for the first virtual machine
Access request get the identification information of its target virtual machine to be accessed, then the mark of the target virtual machine is believed again
The identification information ceased with the first virtual machine is contrasted, so as to determine whether that the access request obtains internal memory.In this way, with regard to energy
Enough pass through increased virtual machine identification information domain so that even if even if high right container virtual machine knows specific physical address,
Can not transboundary it be accessed by way of mapping page table, so as to improve the security of virtual machine.
Brief description of the drawings
Fig. 1 is the implementation process schematic diagram 1 of information processing method in the embodiment of the present invention;
Fig. 2 is the implementation process schematic diagram 2 of information processing method in the embodiment of the present invention;
Fig. 3 is the implementation process schematic diagram 3 of information processing method in the embodiment of the present invention;
Fig. 4 is the implementation process schematic diagram 4 of information processing method in the embodiment of the present invention;
Fig. 5 is the processing block schematic illustration of information processing method in the embodiment of the present invention;
Fig. 6 is the processing schematic diagram of information processing method in the embodiment of the present invention;
Fig. 7 is electronic equipment composition structural representation in the embodiment of the present invention.
Embodiment
The present invention is described in further detail with specific embodiment below in conjunction with the accompanying drawings.
Embodiment one,
The embodiment of the present invention provides a kind of information processing method, as shown in figure 1, including:
Step 101:The memory access request for the first task of the first virtual machine at least one virtual machine is got,
Wherein, memory virtual address is included in the memory access request;
Step 102:At least obtain the identification information of first virtual machine;
Step 103:Memory access request based on the first task determines corresponding page table entry, from the page table entry
At least obtain the identification information of the corresponding target virtual machine in the memory virtual address;
Step 104:Judge the identification information of the target virtual machine and first virtual machine identification information whether phase
With judged result is obtained, determine whether that the first task carries out internal storage access according to the judged result.
The present embodiment applies the electronic equipment with least one virtual machine can be supported to run.
, it is necessary to which to preserve each virtual machine by extended register corresponding before each step of the embodiment of the present invention is performed
Identification information;The corresponding identification information of the virtual machine can be Namespace ID (NID).
In addition, when the record of physical address of different task is carried out, equally adding the word on identification information
Section, the field is used for the identification information for recording the virtual machine corresponding to being preserved in physical memory for task.
The above-mentioned memory access request for being directed to the first task of the first virtual machine at least one virtual machine, can be by container
Virtual machine is initiated;Wherein, the memory virtual address included in memory access request can be sent to MMU first, that is, manage
Unit, by MMU based on the corresponding list item of memory virtual address search in memory access request.
In addition, the mode of the identification information of the above-mentioned virtual machine of acquisition first can be, searched from NIDR extended registers
The corresponding identification information of first virtual machine;The mode of lookup can be based on being looked into the content in the foregoing register prestored
Look for.
Further, the identification information at least obtaining first virtual machine, in addition to:
Obtain the corresponding page table base address of first task of first virtual machine;
Accordingly, the memory access request based on the first task determines corresponding page table entry, including:
According to the corresponding page table base address of the first task of first virtual machine, and in the memory access request
Memory virtual address, determines the corresponding page table entry of memory access request of the first task.Based in the first task
Deposit access request and determine that the mode of corresponding page table entry can be, based on the memory virtual address in the memory access request,
MMU finds the corresponding PTE in the memory virtual address by Page table index;The physical base address that is expanded is searched from PTE, so
Afterwards based on the identification information that the targeted target virtual machine of memory access request is extracted in extension physical base address.
Wherein, page table base address is that every task is different, and a virtual machine can correspond to multiple tasks, and each task has
A set of page table, often covers the different page table base address of page table correspondence;But, the page of the corresponding page table of all tasks in same virtual machine
In list item, all there is the identification information of identical target virtual machine, it is category to be identified by the target virtual machine to distinguish task
In which virtual machine.
Whether the identification information for judging the target virtual machine is identical with the identification information of first virtual machine to obtain
To judged result, including:
Judge whether the identification information of the target virtual machine is identical with the identification information of first virtual machine;
If the identification information of the target virtual machine is identical with the identification information of first virtual machine, obtains first and sentence
Disconnected result;Otherwise, the second judged result is obtained.
Accordingly, it is described to determine whether that the first task carries out internal storage access according to the judged result, including:
When judged result is the first judged result, the corresponding page table entry of memory access request based on the first task
Target physical address is determined, the target physical address is sent to address bus, to be conducted interviews to physical memory;Work as judgement
When being as a result the second judged result, refuse the first task and carry out internal storage access.
That is, when the mark letter of the virtual machine according to corresponding to memory access request determines its internal memory to be accessed
Breath, the identification information of the virtual machine with being preserved in extended register is contrasted, if identical obtain the first judged result, if different
Obtain the second judged result.First judged result, then access the specific physics corresponding to first task based on memory access request
Address;Otherwise, denied access.
Finally, the memory access request based on the first task determines corresponding page table entry, in addition to:
Memory virtual address in memory access request based on the first task judges whether to find corresponding page
List item;If not finding corresponding page table entry, processing of skipping leaf is carried out for the memory virtual address.
Wherein, the mode of the processing of skipping leaf can have, demand paging, distribute physical memory.
It can be seen that, by using such scheme, it becomes possible to which the access request based on the first task for the first virtual machine is obtained
The identification information of its target virtual machine to be accessed is got, it is then again that the identification information of the target virtual machine and first is virtual
The identification information of machine is contrasted, so as to determine whether that the access request obtains internal memory.So, it becomes possible to by increased
Virtual machine identification information domain so that even if even if high right container virtual machine knows specific physical address, can not be by reflecting
The mode for penetrating page table is transboundary accessed;Also, only it can just be sentenced by one layer of identification information when carrying out memory address
Not, thus handle it is more efficient.
Embodiment two,
The embodiment of the present invention provides a kind of information processing method, as shown in figure 1, including:
Step 101:The memory access request for the first task of the first virtual machine at least one virtual machine is got,
Wherein, memory virtual address is included in the memory access request;
Step 102:At least obtain the identification information of first virtual machine;
Step 103:Memory access request based on the first task determines corresponding page table entry, from the page table entry
At least obtain the identification information of the corresponding target virtual machine in the memory virtual address;
Step 104:Judge the identification information of the target virtual machine and first virtual machine identification information whether phase
With judged result is obtained, determine whether that the first task carries out internal storage access according to the judged result.
The present embodiment applies the electronic equipment with least one virtual machine can be supported to run.
, it is necessary to which to preserve each virtual machine by extended register corresponding before each step of the embodiment of the present invention is performed
Identification information;The corresponding identification information of the virtual machine can be NID.
In addition, when the record of physical address of different task is carried out, equally adding the word on identification information
Section, the field is used for the identification information for recording the virtual machine corresponding to being preserved in physical memory for task.
It may also be noted that extended register preserves the corresponding identification information of each virtual machine, can with as shown in Fig. 2
Including:
The NID of predecessor's business is read from NIDR, and is stored in task stack bottom;
Original task switching flow, preserves former task stack, then switches new task stack;
NID is read from the bottom of stack of new task, that is, corresponding list item is read from the bottom of stack of new task, from it
Middle acquisition NID, the NID is loaded into NIDR;
Load the CR3 registers of new task;
The EIP (buffer status) of new task is loaded, then bring into operation new task.
In addition, in the present embodiment PTE establishment, i.e., comprising by NID insert extension physical base address NID domains in;Specifically
Referring to Fig. 3, including:
Distribute real physics page frame, such as page fault processing (delayed allocation physical memory);
Real physics page frame is obtained by slab systems or buddy system systems (buddy system) distribution, and obtained
The physical address PA of physics page frame;
Mapping page table is set up for PA and VA (virtual address);
From NIDR, the NID of current task is taken out;
NIDR content and physics page frame PA are together inserted as extension physical base address in PTE, wherein NIDR's is interior
Appearance is inserted in NID domains.
The above-mentioned memory access request for being directed to the first task of the first virtual machine at least one virtual machine, can be by container
Virtual machine is initiated;Wherein, the memory virtual address included in memory access request can be sent to MMU first, that is, manage
Unit, by MMU based on the corresponding list item of memory virtual address search in memory access request.
In addition, the mode of the identification information of the above-mentioned virtual machine of acquisition first can be, searched from NIDR extended registers
The corresponding identification information of first virtual machine;The mode of lookup can be based on being looked into the content in the foregoing register prestored
Look for.
Further, the identification information at least obtaining first virtual machine, in addition to:
Obtain the corresponding page table base address of first task of first virtual machine;
Accordingly, the memory access request based on the first task determines corresponding page table entry, including:
According to the corresponding page table base address of the first task of first virtual machine, and in the memory access request
Memory virtual address, determines the corresponding page table entry of memory access request of the first task.Based in the first task
Deposit access request and determine that the mode of corresponding page table entry can be, based on the memory virtual address in the memory access request,
MMU finds the corresponding PTE in the memory virtual address by Page table index;The physical base address that is expanded is searched from PTE, so
Afterwards based on the identification information that the targeted target virtual machine of memory access request is extracted in extension physical base address.
Wherein, page table base address is that every task is different, and a virtual machine can correspond to multiple tasks, and each task has
A set of page table, often covers the different page table base address of page table correspondence;But, the page of the corresponding page table of all tasks in same virtual machine
In list item, all there is the identification information of identical target virtual machine, it is category to be identified by the target virtual machine to distinguish task
In which virtual machine.
Whether the identification information for judging the target virtual machine is identical with the identification information of first virtual machine to obtain
To judged result, including:
Judge whether the identification information of the target virtual machine is identical with the identification information of first virtual machine;
If the identification information of the target virtual machine is identical with the identification information of first virtual machine, obtains first and sentence
Disconnected result;Otherwise, the second judged result is obtained.
Accordingly, it is described to determine whether that the first task carries out internal storage access according to the judged result, including:
When judged result is the first judged result, the corresponding page table entry of memory access request based on the first task
Target physical address is determined, the target physical address is sent to address bus, to be conducted interviews to physical memory;
When judged result is the second judged result, refuses the first task and carry out internal storage access.
Specifically, Fig. 4 is may refer to, including:
User space task carry out internal storage access (namely for the first virtual machine first task content access request),
Virtual address VA in the task address space is provided;Then MMU obtains process page table by CR3 content, travels through page table, leads to
Cross VA and inquire about the corresponding PTE of the task;
Judge whether that PTE can be obtained from VA;If the corresponding PTE of VA can not can be inquired from page table, enter
Page fault processing, now if it is determined that being then user feedback miscue information illegally to skip leaf;
If VA corresponding PTE, MMU can be inquired from page table obtains NID domains in extension physical base address from PTE
Content, and be compared with the content in NDIR registers;
Judge whether NID and NIDR content is identical, if it is different, then determining that internal storage access is rejected, be then back to power
Limit the prompt message of mistake;
If comparative result is identical, MMU automatically strips the content in NID domains in extension physical address, and plus offset (partially
Shifting value) obtain physical address PA;
PA is sent to access of the address bus completion to physical memory.
Finally, the memory access request based on the first task determines corresponding page table entry, in addition to:
Memory virtual address in memory access request based on the first task judges whether to find corresponding page
List item;If not finding corresponding page table entry, processing of skipping leaf is carried out for the memory virtual address.
Wherein, the mode of the processing of skipping leaf can have, demand paging, distribute physical memory.
The method that the present embodiment is provided, overall process framework, referring to Fig. 5, is added in chip (such as, can be CPU)
One extended register NIDR, and addition NID domains are extended to the physical base address recorded in PTE.When container virtual machine
When task carries out internal storage access, MMU is indexed lookup in page table using VA and obtains corresponding PTE.Obtain what is recorded in PTE
The extension physical address included in PA physical address;The content that NID domains are obtained from PA (wherein, includes the task to be visited
The identification information for the target virtual machine asked).MMU extracts the identification information of the first virtual machine from NIDR, by first in NIDR
The identification information of the identification information of virtual machine and the target virtual machine in NID domains is compared, and comparative result difference is with regard to denied access;
MMU just automatically strips extension physical address NID domains if comparative result is identical, and is added using this positive physical base address
Offset obtains final physical address, and physical address is sent to data/address bus and has access to physical memory.
Further, the effect diagram that the present embodiment is handled is illustrated with reference to Fig. 6, when initiation is directed to the first virtual machine
(VM1) during the memory access request of task 1, it is only possible to have access to the region of memory of VM1 (the first virtual machine), the present embodiment is carried
The method of confession is the identification information based on the target virtual machine included in the memory access request initiated for task 1, with VM1
Identification information contrasted to confirm whether access request correct, when both are identical, it is allowed to access VM1 task 1 it is interior
Deposit region;Otherwise, if the access request of the task 1 has pointed to the internal memory of other virtual machines, such as, shown in Fig. 6, point to
VM2 internal memory, then the access request will be refused.
It can be seen that, by using such scheme, it becomes possible to which the access request based on the first task for the first virtual machine is obtained
The identification information of its target virtual machine to be accessed is got, it is then again that the identification information of the target virtual machine and first is virtual
The identification information of machine is contrasted, so as to determine whether that the access request obtains internal memory.So, it becomes possible to by increased
Virtual machine identification information domain so that even if even if high right container virtual machine knows specific physical address, can not be by reflecting
The mode for penetrating page table is transboundary accessed;Also, only it can just be sentenced by one layer of identification information when carrying out memory address
Not, thus handle it is more efficient.
Embodiment three,
The embodiment of the present invention provides a kind of electronic equipment, as shown in fig. 7, comprises:
Acquisition request unit 71, is directed at least one virtual machine in the first task of the first virtual machine for getting
Access request is deposited, wherein, memory virtual address is included in the memory access request;
Information extraction unit 72, the identification information at least obtaining first virtual machine;Based on the first task
Memory access request determine corresponding page table entry, the corresponding mesh in the memory virtual address is at least obtained from the page table entry
Mark the identification information of virtual machine;
Identifying unit 73, for judging the identification information of the target virtual machine and the identification information of first virtual machine
Whether it is identical obtain judged result, determine whether that the first task carries out internal storage access according to the judged result.
The present embodiment applies the electronic equipment with least one virtual machine can be supported to run.
, it is necessary to which to preserve each virtual machine by extended register corresponding before each step of the embodiment of the present invention is performed
Identification information;The corresponding identification information of the virtual machine can be NID.
In addition, when the record of physical address of different task is carried out, equally adding the word on identification information
Section, the field is used for the identification information for recording the virtual machine corresponding to being preserved in physical memory for task.
It may also be noted that extended register preserves the corresponding identification information of each virtual machine, can with as shown in Fig. 2
Including:
The NID of predecessor's business is read from NIDR, and is stored in task stack bottom;
Original task switching flow, preserves former task stack, then switches new task stack;
NID is read from the bottom of stack of new task, that is, corresponding list item is read from the bottom of stack of new task, from it
Middle acquisition NID, the NID is loaded into NIDR;
Load the CR3 registers of new task;
The EIP (buffer status) of new task is loaded, then bring into operation new task.
In addition, in the present embodiment PTE establishment, i.e., comprising by NID insert extension physical base address NID domains in;Specifically
Referring to Fig. 3, including:
Distribute real physics page frame, such as page fault processing (delayed allocation physical memory);
Real physics page frame is obtained by slab systems or buddy system systems (buddy system) distribution, and obtained
The physical address PA of physics page frame;
Mapping page table is set up for PA and VA (virtual address);
From NIDR, the NID of current task is taken out;
NIDR content and physics page frame PA are together inserted as extension physical base address in PTE, wherein NIDR's is interior
Appearance is inserted in NID domains.
The above-mentioned memory access request for being directed to the first task of the first virtual machine at least one virtual machine, can be by container
Virtual machine is initiated;Wherein, the memory virtual address included in memory access request can be sent to MMU first, that is, manage
Unit, by MMU based on the corresponding list item of memory virtual address search in memory access request.
In addition, above-mentioned acquisition request unit 71, the mode of the identification information for obtaining the first virtual machine can be, from
The corresponding identification information of the first virtual machine is searched in NIDR extended registers;The mode of lookup can be based on it is foregoing prestore post
Searched in content in storage.
Further, the identification information at least obtaining first virtual machine, in addition to:
Obtain the corresponding page table base address of first task of first virtual machine;
Accordingly, the memory access request based on the first task determines corresponding page table entry, including:
According to the corresponding page table base address of the first task of first virtual machine, and in the memory access request
Memory virtual address, determines the corresponding page table entry of memory access request of the first task.Based in the first task
Deposit access request and determine that the mode of corresponding page table entry can be, based on the memory virtual address in the memory access request,
MMU finds the corresponding PTE in the memory virtual address by Page table index;The physical base address that is expanded is searched from PTE, so
Afterwards based on the identification information that the targeted target virtual machine of memory access request is extracted in extension physical base address.
Wherein, page table base address is that every task is different, and a virtual machine can correspond to multiple tasks, and each task has
A set of page table, often covers the different page table base address of page table correspondence;But, the page of the corresponding page table of all tasks in same virtual machine
In list item, all there is the identification information of identical target virtual machine, it is category to be identified by the target virtual machine to distinguish task
In which virtual machine.
The identifying unit, for judging that the identification information of the target virtual machine is believed with the mark of first virtual machine
Whether breath is identical;
If the identification information of the target virtual machine is identical with the identification information of first virtual machine, obtains first and sentence
Disconnected result;Otherwise, the second judged result is obtained.
When judged result is the first judged result, the corresponding page table entry of memory access request based on the first task
Target physical address is determined, the target physical address is sent to address bus, to be conducted interviews to physical memory;
When judged result is the second judged result, refuses the first task and carry out internal storage access.
Specifically, Fig. 4 is may refer to, including:
User space task carry out internal storage access (namely for the first virtual machine first task content access request),
Virtual address VA in the task address space is provided;Then MMU obtains process page table by CR3 content, travels through page table, leads to
Cross VA and inquire about the corresponding PTE of the task;
Judge whether that PTE can be obtained from VA;If the corresponding PTE of VA can not can be inquired from page table, enter
Page fault processing, now if it is determined that being then user feedback miscue information illegally to skip leaf;
If VA corresponding PTE, MMU can be inquired from page table obtains NID domains in extension physical base address from PTE
Content, and be compared with the content in NDIR registers;
Judge whether NID and NIDR content is identical, if it is different, then determining that internal storage access is rejected, be then back to power
Limit the prompt message of mistake;
If comparative result is identical, MMU automatically strips the content in NID domains in extension physical address, and plus offset (partially
Shifting value) obtain physical address PA;
PA is sent to access of the address bus completion to physical memory.
Finally, described information extraction unit, for the memory virtual in the memory access request based on the first task
Address judges whether to find corresponding page table entry;If not finding corresponding page table entry, for the memory virtual address
Progress is skipped leaf processing.
Wherein, the mode of the processing of skipping leaf can have, demand paging, distribute physical memory.
The method that the present embodiment is provided, overall process framework, referring to Fig. 5, is added in chip (such as, can be CPU)
One extended register NIDR, and addition NID domains are extended to the physical base address recorded in PTE.When container virtual machine
When task carries out internal storage access, MMU is indexed lookup in page table using VA and obtains corresponding PTE.Obtain what is recorded in PTE
The extension physical address included in PA physical address;The content that NID domains are obtained from PA (wherein, includes the task to be visited
The identification information for the target virtual machine asked).MMU extracts the identification information of the first virtual machine from NIDR, by first in NIDR
The identification information of the identification information of virtual machine and the target virtual machine in NID domains is compared, and comparative result difference is with regard to denied access;
MMU just automatically strips extension physical address NID domains if comparative result is identical, and is added using this positive physical base address
Offset obtains final physical address, and physical address is sent to data/address bus and has access to physical memory.
Further, the effect diagram that the present embodiment is handled is illustrated with reference to Fig. 6, when initiation is directed to the first virtual machine
(VM1) during the memory access request of task 1, it is only possible to have access to the region of memory of VM1 (the first virtual machine), the present embodiment is carried
The method of confession is the identification information based on the target virtual machine included in the memory access request initiated for task 1, with VM1
Identification information contrasted to confirm whether access request correct, when both are identical, it is allowed to access VM1 task 1 it is interior
Deposit region;Otherwise, if the access request of the task 1 has pointed to the internal memory of other virtual machines, such as, shown in Fig. 6, point to
VM2 internal memory, then the access request will be refused.
It can be seen that, by using such scheme, it becomes possible to which the access request based on the first task for the first virtual machine is obtained
The identification information of its target virtual machine to be accessed is got, it is then again that the identification information of the target virtual machine and first is virtual
The identification information of machine is contrasted, so as to determine whether that the access request obtains internal memory.So, it becomes possible to by increased
Virtual machine identification information domain so that even if even if high right container virtual machine knows specific physical address, can not be by reflecting
The mode for penetrating page table is transboundary accessed;Also, only it can just be sentenced by one layer of identification information when carrying out memory address
Not, thus handle it is more efficient.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above method embodiment can pass through
Programmed instruction related hardware is completed, and foregoing program can be stored in a computer read/write memory medium, the program
Upon execution, the step of including above method embodiment is performed;And foregoing storage medium includes:It is movable storage device, read-only
Memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or
Person's CD etc. is various can be with the medium of store program codes.
Or, if the above-mentioned integrated unit of the present invention is realized using in the form of software function module and is used as independent product
Sale in use, can also be stored in a computer read/write memory medium.Understood based on such, the present invention is implemented
The part that the technical scheme of example substantially contributes to prior art in other words can be embodied in the form of software product,
The computer software product is stored in a storage medium, including some instructions are to cause a computer equipment (can be with
It is personal computer, server or network equipment etc.) perform all or part of each of the invention embodiment methods described.
And foregoing storage medium includes:Movable storage device, ROM, RAM, magnetic disc or CD etc. are various can be with store program codes
Medium.
The foregoing is only a specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any
Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained
Cover within protection scope of the present invention.Therefore, protection scope of the present invention should be based on the protection scope of the described claims.
Claims (12)
1. a kind of information processing method, methods described includes:
The memory access request for the first task of the first virtual machine at least one virtual machine is got, wherein, it is described interior
Deposit and include memory virtual address in access request;
At least obtain the identification information of first virtual machine;
Memory access request based on the first task determines corresponding page table entry, at least obtains described from the page table entry
The identification information of the corresponding target virtual machine in memory virtual address;
Judge whether the identification information of the target virtual machine is identical with the identification information of first virtual machine to obtain judging knot
Really, determine whether that the first task carries out internal storage access according to the judged result.
2. according to the method described in claim 1, it is characterised in that the mark letter at least obtaining first virtual machine
Breath, in addition to:
Obtain the corresponding page table base address of first task of first virtual machine;
Accordingly, the memory access request based on the first task determines corresponding page table entry, including:
According to the corresponding page table base address of the first task of first virtual machine, and the internal memory in the memory access request
Virtual address, determines the corresponding page table entry of memory access request of the first task.
3. according to the method described in claim 1, it is characterised in that the identification information for judging the target virtual machine and institute
State the first virtual machine identification information it is whether identical obtain judged result, including:
Judge whether the identification information of the target virtual machine is identical with the identification information of first virtual machine;
If the identification information of the target virtual machine is identical with the identification information of first virtual machine, the first judgement knot is obtained
Really;Otherwise, the second judged result is obtained.
4. method according to claim 3, it is characterised in that described according to being determined whether the judged result
First task carries out internal storage access, including:
When judged result is the first judged result, the corresponding page table entry of memory access request based on the first task is determined
Target physical address, address bus is sent to by the target physical address, to be conducted interviews to physical memory;
When judged result is the second judged result, refuses the first task and carry out internal storage access.
5. method according to claim 4, it is characterised in that the memory access request pair based on the first task
The page table entry answered determines target physical address, including:
Extracted from the corresponding page table entry of the memory access request of the first task and obtain physical base address, based on the physics
Base address determines target physical address.
6. according to the method described in claim 1, it is characterised in that the memory access request based on the first task is true
Fixed corresponding page table entry, in addition to:
Memory virtual address in memory access request based on the first task judges whether to find corresponding page table entry;
If not finding corresponding page table entry, processing of skipping leaf is carried out for the memory virtual address.
7. a kind of electronic equipment, it is characterised in that the electronic equipment includes:
Acquisition request unit, the internal storage access of the first task of the first virtual machine at least one virtual machine is directed to for getting
Request, wherein, memory virtual address is included in the memory access request;
Information extraction unit, the identification information at least obtaining first virtual machine;Internal memory based on the first task
Access request determines corresponding page table entry, and the corresponding destination virtual in the memory virtual address is at least obtained from the page table entry
The identification information of machine;
Identifying unit, for judge the identification information of the target virtual machine and first virtual machine identification information whether phase
With judged result is obtained, determine whether that the first task carries out internal storage access according to the judged result.
8. electronic equipment according to claim 7, it is characterised in that described information extraction unit, for obtaining described
The corresponding page table base address of first task of one virtual machine;According to the corresponding page table base of the first task of first virtual machine
Memory virtual address in location, and the memory access request, determines that the memory access request of the first task is corresponding
Page table entry.
9. electronic equipment according to claim 7, it is characterised in that the identifying unit, for judging that the target is empty
Whether the identification information of plan machine is identical with the identification information of first virtual machine;If the identification information of the target virtual machine with
The identification information of first virtual machine is identical, then obtains the first judged result;Otherwise, the second judged result is obtained.
10. electronic equipment according to claim 9, it is characterised in that the identifying unit, for being the when judged result
During one judged result, the corresponding page table entry of memory access request based on the first task determines target physical address, by institute
State target physical address and be sent to address bus, to be conducted interviews to physical memory;When judged result is the second judged result,
Refuse the first task and carry out internal storage access.
11. electronic equipment according to claim 10, it is characterised in that the identifying unit, for from described first
Extracted in the corresponding page table entry of memory access request of business and obtain physical base address, object is determined based on the physical base address
Manage address.
12. electronic equipment according to claim 7, it is characterised in that described information extraction unit, for based on described
Memory virtual address in the memory access request of one task judges whether to find corresponding page table entry;If not finding correspondence
Page table entry, then carry out skipping leaf processing for the memory virtual address.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710203551.1A CN107085535B (en) | 2017-03-30 | 2017-03-30 | Information processing method and electronic equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710203551.1A CN107085535B (en) | 2017-03-30 | 2017-03-30 | Information processing method and electronic equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107085535A true CN107085535A (en) | 2017-08-22 |
CN107085535B CN107085535B (en) | 2020-10-27 |
Family
ID=59615121
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710203551.1A Active CN107085535B (en) | 2017-03-30 | 2017-03-30 | Information processing method and electronic equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107085535B (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108491249A (en) * | 2018-03-16 | 2018-09-04 | 中国人民解放军战略支援部队信息工程大学 | A kind of kernel module partition method and system based on module powers and functions |
CN109766165A (en) * | 2018-11-22 | 2019-05-17 | 海光信息技术有限公司 | A kind of memory access control method, device, Memory Controller Hub and computer system |
CN110008692A (en) * | 2019-03-22 | 2019-07-12 | 联想(北京)有限公司 | A kind of information processing method, device and storage medium |
CN110442425A (en) * | 2019-07-19 | 2019-11-12 | 南京芯驰半导体科技有限公司 | A kind of virtualization address space shielding system and method |
CN110928646A (en) * | 2019-11-22 | 2020-03-27 | 海光信息技术有限公司 | Method, device, processor and computer system for accessing shared memory |
CN111400096A (en) * | 2020-03-16 | 2020-07-10 | 杭州涂鸦信息技术有限公司 | Memory mirroring method based on linux page missing mechanism and system and device thereof |
CN112817756A (en) * | 2021-01-25 | 2021-05-18 | 上海壁仞智能科技有限公司 | Computer readable storage medium, and virtualization method and device of memory management unit |
CN113391881A (en) * | 2021-06-28 | 2021-09-14 | 元心信息科技集团有限公司 | Interrupt management method and device, electronic equipment and computer storage medium |
WO2022193768A1 (en) * | 2021-03-16 | 2022-09-22 | 华为技术有限公司 | Method for executing memory read-write instruction, and computing device |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102571698A (en) * | 2010-12-17 | 2012-07-11 | ***通信集团公司 | Access authority control method, system and device for virtual machine |
US20130067135A1 (en) * | 2008-06-11 | 2013-03-14 | Vmware, Inc. | System and method for improving memory locality of virtual machines |
CN103530167A (en) * | 2013-09-30 | 2014-01-22 | 华为技术有限公司 | Virtual machine memory data migration method and relevant device and cluster system |
CN104978283A (en) * | 2014-04-10 | 2015-10-14 | 华为技术有限公司 | Memory access control method and device |
CN106445628A (en) * | 2015-08-11 | 2017-02-22 | 华为技术有限公司 | Virtualization method, apparatus and system |
CN107783913A (en) * | 2016-08-31 | 2018-03-09 | 华为技术有限公司 | A kind of resource access method and computer applied to computer |
-
2017
- 2017-03-30 CN CN201710203551.1A patent/CN107085535B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130067135A1 (en) * | 2008-06-11 | 2013-03-14 | Vmware, Inc. | System and method for improving memory locality of virtual machines |
CN102571698A (en) * | 2010-12-17 | 2012-07-11 | ***通信集团公司 | Access authority control method, system and device for virtual machine |
CN103530167A (en) * | 2013-09-30 | 2014-01-22 | 华为技术有限公司 | Virtual machine memory data migration method and relevant device and cluster system |
CN104978283A (en) * | 2014-04-10 | 2015-10-14 | 华为技术有限公司 | Memory access control method and device |
CN106445628A (en) * | 2015-08-11 | 2017-02-22 | 华为技术有限公司 | Virtualization method, apparatus and system |
CN107783913A (en) * | 2016-08-31 | 2018-03-09 | 华为技术有限公司 | A kind of resource access method and computer applied to computer |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108491249A (en) * | 2018-03-16 | 2018-09-04 | 中国人民解放军战略支援部队信息工程大学 | A kind of kernel module partition method and system based on module powers and functions |
CN109766165A (en) * | 2018-11-22 | 2019-05-17 | 海光信息技术有限公司 | A kind of memory access control method, device, Memory Controller Hub and computer system |
CN110008692B (en) * | 2019-03-22 | 2021-08-17 | 联想(北京)有限公司 | Information processing method and device and storage medium |
CN110008692A (en) * | 2019-03-22 | 2019-07-12 | 联想(北京)有限公司 | A kind of information processing method, device and storage medium |
CN110442425B (en) * | 2019-07-19 | 2022-04-08 | 南京芯驰半导体科技有限公司 | Virtualized address space isolation system and method |
CN110442425A (en) * | 2019-07-19 | 2019-11-12 | 南京芯驰半导体科技有限公司 | A kind of virtualization address space shielding system and method |
CN110928646A (en) * | 2019-11-22 | 2020-03-27 | 海光信息技术有限公司 | Method, device, processor and computer system for accessing shared memory |
CN110928646B (en) * | 2019-11-22 | 2023-02-17 | 海光信息技术股份有限公司 | Method, device, processor and computer system for accessing shared memory |
CN111400096A (en) * | 2020-03-16 | 2020-07-10 | 杭州涂鸦信息技术有限公司 | Memory mirroring method based on linux page missing mechanism and system and device thereof |
CN111400096B (en) * | 2020-03-16 | 2023-05-02 | 杭州涂鸦信息技术有限公司 | Memory mirroring method based on linux page-missing mechanism and system and device thereof |
CN112817756A (en) * | 2021-01-25 | 2021-05-18 | 上海壁仞智能科技有限公司 | Computer readable storage medium, and virtualization method and device of memory management unit |
CN112817756B (en) * | 2021-01-25 | 2022-05-27 | 上海壁仞智能科技有限公司 | Computer readable storage medium, and virtualization method and device of memory management unit |
WO2022193768A1 (en) * | 2021-03-16 | 2022-09-22 | 华为技术有限公司 | Method for executing memory read-write instruction, and computing device |
CN113391881A (en) * | 2021-06-28 | 2021-09-14 | 元心信息科技集团有限公司 | Interrupt management method and device, electronic equipment and computer storage medium |
CN113391881B (en) * | 2021-06-28 | 2023-07-14 | 元心信息科技集团有限公司 | Interrupt management method and device, electronic equipment and computer storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN107085535B (en) | 2020-10-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107085535A (en) | A kind of information processing method and electronic equipment | |
CN103902878B (en) | License authentication methods and device under a kind of virtual environment | |
TWI616762B (en) | Dynamic data masking method and data library system | |
EP0860763A1 (en) | Information registration method and document information processing apparatus | |
CN104239438B (en) | File information storage method and fileinfo reading/writing method based on separation storage | |
KR20130001240A (en) | Storing secure mode page table data in secure and non-secure regions of memory | |
US10425787B2 (en) | Tracking a mobile unit in a housing facility for mobile units | |
CN104011698B (en) | Supplementary data is accessed based on the identifier derived from corresponding primary application program data | |
CN106033461A (en) | Sensitive information query method and apparatus | |
CN102034036A (en) | Permission management method and equipment | |
CN109344572A (en) | The Licensing Methods and system of distributed objects | |
CN106547791A (en) | A kind of data access method and system | |
CN108681866A (en) | Processing method, system, equipment and the storage medium of waybill | |
CN107181624A (en) | A kind of method for connecting network, electronic equipment and computer-readable storage medium | |
CN107329836A (en) | Multi-system memory management method and device and mobile terminal | |
CN106203754A (en) | A kind of electronic surface list risk control method, device and electronic equipment | |
CN105955671A (en) | Disc management method and device | |
CN106682504A (en) | Method and device for preventing file from being maliciously edited and electronic equipment | |
JP2002149651A (en) | Data management system | |
CN109324867A (en) | A kind of virtual machine temporary storage method, restoration methods and device | |
CN106559385A (en) | A kind of data authentication method and apparatus | |
CN103514052A (en) | Multi-application mutually-accessing method and smart card | |
CN106611109A (en) | Software operating method on storage device | |
Glazer et al. | Conflict and governance | |
CN104951550B (en) | Date storage method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |