[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

TWI844963B - System and method for controling access to a physical address space - Google Patents

System and method for controling access to a physical address space Download PDF

Info

Publication number
TWI844963B
TWI844963B TW111135601A TW111135601A TWI844963B TW I844963 B TWI844963 B TW I844963B TW 111135601 A TW111135601 A TW 111135601A TW 111135601 A TW111135601 A TW 111135601A TW I844963 B TWI844963 B TW I844963B
Authority
TW
Taiwan
Prior art keywords
physical address
access
address space
management unit
memory management
Prior art date
Application number
TW111135601A
Other languages
Chinese (zh)
Other versions
TW202316275A (en
Inventor
蕭志祥
簡鴻文
Original Assignee
聯發科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US17/883,541 external-priority patent/US20220382577A1/en
Application filed by 聯發科技股份有限公司 filed Critical 聯發科技股份有限公司
Publication of TW202316275A publication Critical patent/TW202316275A/en
Application granted granted Critical
Publication of TWI844963B publication Critical patent/TWI844963B/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

A system operative to control access to a physical address (PA) space, comprising: a plurality of processing circuits executing a plurality of virtual machines (VMs), a given region of the PA space is dedicated to addressing the VMs; a plurality of system resources addressable within the PA space; a plurality of memory management units (MMUs) coupled to corresponding processing circuits, a given MMU is operative to translate a virtual address indicated in an access request into a requested PA according to a configurable setting of the given MMU; and a plurality of memory protection units (MPUs), a given MPU, is operative to grant or deny the request based on information in a permission filter indicating whether the requested PA is accessible to a requesting VM executed on the requesting processing circuit.

Description

用於控制對物理地址空間的訪問的系統及方法System and method for controlling access to physical address space

本發明涉及對計算系統的記憶體進行保護的計算系統,更進一步地涉及使用硬體虛擬機來提供記憶體保護的計算系統。The present invention relates to a computing system for protecting the memory of the computing system, and more particularly to a computing system for providing memory protection using a hardware virtual machine.

虛擬機監視器(hypervisor)使複數個操作系統能夠在單個物理機器上並行運行。這些操作系統,稱為“客戶(guest)操作系統”,可以包括操作系統的複數個實例以及不同的操作系統。複數個虛擬機(Virtual Machine,VM)可以在虛擬機監視器上運行。每一個VM運行一個客戶操作系統來管理對VM的資源分配。虛擬機監視器通常使用記憶體管理單元(Memory Management Unit,MMU)來支持VM的地址轉換和記憶體保護。在多處理器系統中,每一個處理器核(core)都可以有自己的MMU。A hypervisor enables multiple operating systems to run concurrently on a single physical machine. These operating systems, called "guest operating systems", can include multiple instances of an operating system as well as different operating systems. Multiple virtual machines (VMs) can run on a hypervisor. Each VM runs a guest operating system to manage resource allocation to the VM. A hypervisor typically uses a memory management unit (MMU) to support address translation and memory protection for the VM. In a multiprocessor system, each processor core can have its own MMU.

MMU負責將虛擬地址轉換為物理地址。MMU可以包括一個或複數個轉換後備緩衝器(Translation Look-aside Buffer,TLB)以存儲虛擬地址與其對應的物理地址之間的映射。一些MMU提供兩級(two stage)記憶體轉換機制。來自運行在VM上的應用程序的每次記憶體訪問都在MMU中進行兩級轉換。客戶操作系統配置將虛擬地址映射到中間物理地址的第一級轉換錶。虛擬機監視器配置將中間物理地址映射到物理地址的第二級轉換錶。因此,兩級轉換使虛擬機監視器能夠控制客戶對記憶體的視角並限制客戶可以訪問的物理記憶體。The MMU is responsible for translating virtual addresses into physical addresses. The MMU may include one or more Translation Look-aside Buffers (TLBs) to store the mapping between virtual addresses and their corresponding physical addresses. Some MMUs provide a two-stage memory translation mechanism. Every memory access from an application running on a VM undergoes two levels of translation in the MMU. The guest operating system configures a first-level translation table that maps virtual addresses to intermediate physical addresses. The virtual machine monitor configures a second-level translation table that maps intermediate physical addresses to physical addresses. Therefore, the two-stage translation enables the virtual machine monitor to control the guest's view of memory and limit the physical memory that the guest can access.

MMU硬體可能是複雜且昂貴的。MMU的管理通常需要高度複雜的軟體,並對記憶體的使用和性能造成負面影響。此外,在複數個設備可以訪問同一記憶體位置的共享記憶體環境中,複雜性大大增加,安全性可能會受到影響。因此,需要為虛擬機系統開發一種低複雜度和低開銷的記憶體保護方案。MMU hardware can be complex and expensive. Management of the MMU often requires highly complex software and can negatively impact memory usage and performance. Furthermore, in a shared memory environment where multiple devices can access the same memory location, the complexity is greatly increased and security can be compromised. Therefore, there is a need to develop a low-complexity and low-overhead memory protection scheme for virtual machine systems.

本發明提供用於控制對物理地址空間的訪問的系統及方法,可提供一種低複雜度的訪問控制方案。The present invention provides a system and method for controlling access to a physical address space, which can provide a low-complexity access control solution.

在一個實施例中,本發明提供一種用於控制對物理地址(PA)空間的訪問的系統,包括:執行複數個虛擬機的複數個處理電路,其中該物理地址空間的一給定區域專用於尋址該複數個虛擬機;由該物理地址空間尋址的複數個系統資源;耦接於相應的處理電路的複數個記憶體管理單元(MMU),其中給定MMU用於根據該給定MMU的配置設置將來自請求處理電路的訪問請求中指示的虛擬地址轉換為被請求的物理地址;以及複數個記憶體保護單元(MPU),其中耦接於分配有該被請求的物理地址的目標系統資源的給定MPU用於根據許可過濾器中指示該請求處理電路上運行的請求VM是否可訪問該被請求的物理地址的信息允許或拒絕該訪問請求。In one embodiment, the present invention provides a system for controlling access to a physical address (PA) space, comprising: a plurality of processing circuits executing a plurality of virtual machines, wherein a given region of the physical address space is dedicated to addressing the plurality of virtual machines; a plurality of system resources addressed by the physical address space; a plurality of memory management units (MMUs) coupled to corresponding processing circuits, wherein a given MMU is used to control access to a given region of the physical address space based on the given region of the virtual machines; The MMU is configured to convert a virtual address indicated in an access request from a request processing circuit into a requested physical address; and a plurality of memory protection units (MPUs), wherein a given MPU coupled to a target system resource assigned with the requested physical address is used to allow or deny the access request based on information in a permission filter indicating whether a requesting VM running on the request processing circuit can access the requested physical address.

在另一個實施例中,一種用於控制對物理地址(PA)空間的訪問的方法,由包括複數個處理電路和複數個系統資源的系統執行,該方法包括:從請求處理電路接收訪問虛擬地址的請求,其中該請求處理電路執行請求虛擬機,其中該物理地址空間的一給定區域專用於尋址該系統中執行的複數個虛擬機;由耦接於該請求處理電路的給定記憶體管理單元(MMU)根據該給定MMU的配置設置將該虛擬地址轉換為該請求處理電路可訪問的被請求的物理地址;以及由耦接於分配有該被請求的物理地址的目標系統資源的給定MPU根據許可過濾器中指示該請求處理電路上運行的請求VM是否可訪問該被請求的物理地址的信息允許或拒絕該請求。In another embodiment, a method for controlling access to a physical address (PA) space is performed by a system including a plurality of processing circuits and a plurality of system resources, the method comprising: receiving a request for access to a virtual address from a request processing circuit, wherein the request processing circuit executes a requesting virtual machine, wherein a given region of the physical address space is dedicated to addressing a plurality of virtual machines executing in the system; A given memory management unit (MMU) of a processing circuit converts the virtual address into a requested physical address accessible to the request processing circuit according to a configuration setting of the given MMU; and the request is allowed or denied by a given MPU coupled to a target system resource assigned with the requested physical address according to information in a permission filter indicating whether a requesting VM running on the request processing circuit can access the requested physical address.

在說明書及申請專利範圍當中使用了某些詞彙來指稱特定的元件。所屬技術領域具有通常知識者應可理解,硬體製造商可能會用不同的名詞來稱呼同一個元件。本說明書及申請專利範圍並不以名稱的差異來作為區分元件的方式,而是以元件在功能上的差異來作為區分的準則。在通篇說明書及申請專利範圍當中所提及的“包含”及“包括”為一開放式的用語,故應解釋成“包含但不限定於”。“大體上”或“大約”是指在可接受的誤差範圍內,所屬技術領域具有通常知識者能夠在一定誤差範圍內解決所述技術問題,基本達到所述技術效果。此外,“耦接”或“耦合”一詞在此包含任何直接及間接的電性連接手段。因此,若文中描述一第一裝置耦接在一第二裝置,則代表該第一裝置可直接電性連接於該第二裝置,或通過其它裝置或連接手段間接地電性連接至該第二裝置。以下所述為實施本發明的較佳方式,目的在於說明本發明的精神而非用以限定本發明的保護範圍,本發明的保護範圍當視後附的申請專利範圍所界定者為准。Certain terms are used in the specification and patent application to refer to specific components. A person with ordinary knowledge in the relevant technical field should understand that hardware manufacturers may use different terms to refer to the same component. This specification and patent application do not use differences in names as a way to distinguish components, but use differences in the functions of components as the criterion for distinction. The terms "include" and "including" mentioned throughout the specification and patent application are open-ended terms and should be interpreted as "including but not limited to". "Substantially" or "approximately" means that within an acceptable error range, a person with ordinary knowledge in the relevant technical field can solve the technical problem within a certain error range and basically achieve the technical effect. In addition, the term "coupled" or "coupled" herein includes any direct and indirect electrical connection means. Therefore, if the text describes a first device coupled to a second device, it means that the first device can be directly electrically connected to the second device, or indirectly electrically connected to the second device through other devices or connection means. The following is a preferred method for implementing the present invention, the purpose of which is to illustrate the spirit of the present invention and not to limit the scope of protection of the present invention. The scope of protection of the present invention shall be determined by the scope of the attached patent application.

接下面的描述為本發明預期的最優實施例。這些描述用於闡述本發明的大致原則而不應用於限制本發明。本發明的保護範圍應在參考本發明的申請專利範圍的基礎上進行認定。The following description is the expected best embodiment of the present invention. These descriptions are used to illustrate the general principles of the present invention and should not be used to limit the present invention. The scope of protection of the present invention should be determined based on the scope of the patent application of the present invention.

本發明的實施例提供訪問控制機制,該訪問控制機制使用兩級MMU和記憶體保護單元(Memory Protection Unit,MPU)的組合來控制對物理地址(Physical Address,PA)空間的訪問。該系統使用諸如寄存器之類的硬體來配置預定數量的虛擬機(VM)和專用於尋址VM的給定(given)PA空間區域。這些VM在本文中被稱之為硬體VM或簡單地被稱為VM。每一個VM被分配有特定的PA塊(PA block)或段(segment)並可被配置特定的域(domain)許可(permission)。VM為傳統的MMU 執行的訪問控制提供了一種低複雜度的替代方案或補充。VM還合併MMU執行的主機側(master-side)訪問控制和MPU執行的目標側(target-side)訪問控制的優點。An embodiment of the present invention provides an access control mechanism that uses a combination of a two-level MMU and a memory protection unit (MPU) to control access to a physical address (PA) space. The system uses hardware such as registers to configure a predetermined number of virtual machines (VMs) and a given PA space area dedicated to addressing VMs. These VMs are referred to herein as hardware VMs or simply VMs. Each VM is assigned a specific PA block or segment and can be configured with specific domain permissions. VM provides a low-complexity alternative or supplement to traditional MMU-performed access control. VM also combines the advantages of the host-side access control performed by the MMU and the target-side access control performed by the MPU.

在一個實施例中,MMU管理器管理第二級MMU的配置;例如,配置主機對物理地址的訪問權限(也即,配置哪個主機有權限訪問哪一個物理地址)。此外,硬體VM管理器管理MPU(更具體地,相應的許可過濾器(filter))的配置;例如,配置VM對物理地址的訪問權限(也即,配置哪個VM有權限訪問哪一個物理地址)。在一個實施例中,對第二級MMU或MPU的訪問控制中的任意之一可被啟用(enabled)或被禁用(disabled)。In one embodiment, the MMU manager manages the configuration of the second-level MMU; for example, configuring the host's access rights to the physical address (i.e., configuring which host has the right to access which physical address). In addition, the hardware VM manager manages the configuration of the MPU (more specifically, the corresponding permission filter); for example, configuring the VM's access rights to the physical address (i.e., configuring which VM has the right to access which physical address). In one embodiment, any of the access controls to the second-level MMU or the MPU can be enabled or disabled.

圖1是圖示根據一個實施例的系統100的框圖。系統100包括複數個主機(master),例如110a,110b,110c等,它們統稱為主機。在本文中,主機是發起訪問目標系統資源請求(諸如記憶體、外圍設備等)的硬體組件。主機的示例包括但不限於以下處理電路中的一個或複數個:中央處理單元(Central Processing Unit,CPU)、圖形處理單元(Graphics Processing Unit,GPU)、數位信號處理器(Digital Signal Processor,DSP)、多媒體處理器、人工智能(Artificial Intelligence,AI)處理單元(Artificial intelligence Processing Unit,APU)、直接記憶體訪問(Direct Memory Access,DMA)控制,和/或其他通用和/或專用處理電路。FIG. 1 is a block diagram illustrating a system 100 according to an embodiment. The system 100 includes a plurality of masters, such as 110 a, 110 b, 110 c, etc., which are collectively referred to as masters. In this document, a master is a hardware component that initiates a request to access target system resources (such as memory, peripherals, etc.). Examples of a master include, but are not limited to, one or more of the following processing circuits: a central processing unit (CPU), a graphics processing unit (GPU), a digital signal processor (DSP), a multimedia processor, an artificial intelligence (AI) processing unit (APU), a direct memory access (DMA) control, and/or other general and/or dedicated processing circuits.

在一個實施例中,主機可以是片上系統(System-on-a-Chip,SoC)平台的一部分。可以理解,圖1的實施例為了說明的目的而被簡化。具體實現中,可以包括額外的硬體組件,並且可以省略圖 1 中所示的一些組件。In one embodiment, the host may be part of a system-on-a-chip (SoC) platform. It is understood that the embodiment of FIG. 1 is simplified for illustrative purposes. In a specific implementation, additional hardware components may be included, and some components shown in FIG. 1 may be omitted.

在一個實施例中,主機具有訪問目標系統資源(例如,記憶體120)的權限。記憶體120可以是系統記憶體或系統100的主記憶體。記憶體120可以包括隨機存取記憶體(Random Access Memory,RAM)裝置,例如動態隨機存取記憶體(Dynamic Random Access Memory,DRAM)裝置、閃存裝置和/或其他易失性或非易失性記憶體。主機可以通過總線180或其他形式的互連訪問記憶體120。對記憶體120的訪問是在記憶體接口控制器125的控制下執行的。在一個實施例中,主機用於執行存儲在記憶體120中的指令以運行應用程序並執行系統活動。In one embodiment, the host has access to a target system resource (e.g., memory 120). Memory 120 may be system memory or main memory of system 100. Memory 120 may include random access memory (RAM) devices, such as dynamic random access memory (DRAM) devices, flash memory devices, and/or other volatile or non-volatile memories. The host may access memory 120 via bus 180 or other forms of interconnection. Access to memory 120 is performed under the control of memory interface controller 125. In one embodiment, the host is used to execute instructions stored in the memory 120 to run applications and perform system activities.

在一個實施例中,主機具有訪問目標系統資源(例如,外圍設備140)的權限,外圍設備140還可被稱之為輸入/輸出(I/O)設備,例如鍵盤、揚聲器、麥克風、顯示器、相機等。可在外圍接口控制器145的控制下通過總線180或其他形式的互連訪問外圍設備140。外圍設備140可以包括I/O設備並且可以是記憶體映射的。例如,外圍接口控制器145可以包括或控制映射到物理地址範圍的設備控制器,在該物理地址範圍內I/O資料速度、格式等在主機和設備控制器之間傳遞。In one embodiment, the host has access to target system resources (e.g., peripherals 140), which may also be referred to as input/output (I/O) devices, such as keyboards, speakers, microphones, displays, cameras, etc. Peripherals 140 may be accessed through a bus 180 or other form of interconnection under the control of a peripheral interface controller 145. Peripherals 140 may include I/O devices and may be memory mapped. For example, peripheral interface controller 145 may include or control a device controller mapped to a physical address range within which I/O data speeds, formats, etc. are communicated between the host and the device controller.

在一個實施例中,每一個主機使用記憶體管理單元(MMU)執行兩級地址轉換。MMU中的一部分可被稱之為系統SMMU。因此,應當理解,本文所示或描述的MMU可包括一個或複數個SMMU。In one embodiment, each host uses a memory management unit (MMU) to perform two-level address translation. A portion of the MMU may be referred to as a system SMMU. Therefore, it should be understood that the MMU shown or described herein may include one or more SMMUs.

第一級MMU115將虛擬地址(Virtual Address,VA)空間轉換為中間物理地址(Intermediate Physical Address,IPA)空間,且第二級MMU116將IPA空間轉換為所有系統資源(例如,記憶體120和外圍設備140)均可被尋址的物理地址(Physical Address,PA)空間。VA空間到IPA空間的映射(也即,第一級MMU115)受控於VM(例如,VM130a,130b,130c等)上運行的客戶操作系統,且IPA空間到PA空間的映射(也即,第二級MMU116)受控於用於管理系統100的硬體資源的虛擬機監視器240或主機操作系統。虛擬機監視器240可在主機操作系統上運行。或者,虛擬機監視器240可為主機操作系統的一部分。在一個實施例中,複數個主機可共享相同的MMU,例如,複數個DMA控制可共享相同的SMMU來執行系統100中的設備之間的資料傳輸。The first-level MMU 115 converts the virtual address (VA) space into the intermediate physical address (IPA) space, and the second-level MMU 116 converts the IPA space into the physical address (PA) space where all system resources (e.g., memory 120 and peripherals 140) can be addressed. The mapping of the VA space to the IPA space (i.e., the first-level MMU 115) is controlled by the guest operating system running on the VM (e.g., VM 130a, 130b, 130c, etc.), and the mapping of the IPA space to the PA space (i.e., the second-level MMU 116) is controlled by the virtual machine monitor 240 or the host operating system for managing the hardware resources of the system 100. The virtual machine monitor 240 may run on the host operating system. Alternatively, the virtual machine monitor 240 may be part of the host operating system. In one embodiment, multiple hosts may share the same MMU, for example, multiple DMA controllers may share the same SMMU to perform data transfer between devices in the system 100.

在一個實施例中,每一個第二級MMU116根據可配置的設置(setting)提供主機側訪問控制,該設置指定主機對PA空間中的頁(例如,4K-byte塊)的訪問權限,也即設定哪個主機可訪問PA空間中的哪個頁。可配置的設置由虛擬機監視器240中的第二級MMU管理器241管理。在一個實施例中,虛擬機監視器240包括PA檢驗器242,其驗證訪問請求中被請求的 PA 的有效性。如果被請求的 PA 驗證通過,則訪問請求被傳遞到目標側訪問控制。In one embodiment, each second-level MMU 116 provides host-side access control according to a configurable setting that specifies the host's access rights to pages (e.g., 4K-byte blocks) in the PA space, that is, which host can access which page in the PA space. The configurable setting is managed by the second-level MMU manager 241 in the virtual machine monitor 240. In one embodiment, the virtual machine monitor 240 includes a PA checker 242 that verifies the validity of the requested PA in the access request. If the requested PA passes the verification, the access request is passed to the target-side access control.

目標側訪問控制由MPU執行,例如圖1中的MPU127和MPU147。記憶體接口控制125包括MPU127,其是包括本地記憶體的硬體電路,用於存儲每一個VM(關於PA空間)的訪問權限信息。訪問權限信息可以存儲在稱為許可過濾器126的資料結構中。MPU127還可以存儲VM和主機之間的映射關係(例如,分配關係)。不同的主機可被映射到相同的VM(也即,共享的VM)或不同的VM。在一個實施例中,許可過濾器126存儲指示,該指示為對應的VM和主機指示一個或複數個地址範圍,其中一個或複數個地址範圍包含VM和分配有VM的主機可訪問的物理地址。對於每一個地址範圍,許可過濾器126可指示訪問的權限,例如,讀,寫,執行等。地址範圍可以是固定大小的地址塊或可配置大小的地址段。MPU127基於存儲在對應的許可過濾器126中的信息來准許或拒絕對物理地址的訪問請求。Target-side access control is performed by an MPU, such as MPU 127 and MPU 147 in FIG. 1 . Memory interface control 125 includes MPU 127, which is a hardware circuit including a local memory for storing access permission information for each VM (regarding the PA space). Access permission information can be stored in a data structure called permission filter 126. MPU 127 can also store a mapping relationship (e.g., an allocation relationship) between a VM and a host. Different hosts can be mapped to the same VM (i.e., a shared VM) or different VMs. In one embodiment, the permission filter 126 stores an indication indicating one or more address ranges for the corresponding VM and host, wherein the one or more address ranges contain physical addresses accessible to the VM and the host to which the VM is assigned. For each address range, the permission filter 126 may indicate the access rights, such as read, write, execute, etc. The address range may be a fixed-size address block or a configurable-size address segment. The MPU 127 grants or denies access requests to the physical address based on the information stored in the corresponding permission filter 126.

在一個實施例中,外圍接口控制器145包括MPU147,MPU147執行與MPU127類似的功能。MPU147使用許可過濾器146存儲VM和主機的訪問權限信息,訪問權限是關於分配給外圍設備140的控制器的PA空間中的區域。MPU127和147連同許可過濾器126和127通過限制VM可訪問的物理記憶體和記憶體映射的資源來提供目標側保護。該基於硬體的記憶體保護機制具有低的複雜性和低的開銷。MPU127和147以及許可過濾器126和127可由虛擬機監視器240中的硬體VM管理器251配置。在一個實施例中,每一個VM和對應的PA區域、塊或段之間的映射關係存儲在硬體VM設置252中。例如,在圖5的示例中,分配給VM的虛擬地址被映射到擴展的PA區域520(例如,分配給VM0的虛擬地址被映射到擴展的PA區域520中的 R0),尋址系統資源(例如,記憶體120,外圍設備140等)的地址位於物理地址空間510中,因此硬體VM設置252通過存儲擴展的PA區域520與物理地址空間510中的塊/段之間的映射關係來存儲VM和PA塊/段之間的映射關係。In one embodiment, the peripheral interface controller 145 includes an MPU 147, which performs functions similar to those of the MPU 127. The MPU 147 uses the permission filter 146 to store access permission information for the VM and the host, and the access permission is about the area in the PA space of the controller allocated to the peripheral device 140. The MPUs 127 and 147 together with the permission filters 126 and 127 provide target-side protection by limiting the physical memory and memory-mapped resources accessible to the VM. This hardware-based memory protection mechanism has low complexity and low overhead. The MPUs 127 and 147 and the permission filters 126 and 127 can be configured by the hardware VM manager 251 in the virtual machine monitor 240. In one embodiment, the mapping relationship between each VM and the corresponding PA area, block or segment is stored in the hardware VM setting 252. For example, in the example of FIG5 , the virtual address assigned to the VM is mapped to the extended PA area 520 (for example, the virtual address assigned to VM0 is mapped to R0 in the extended PA area 520), and the address for addressing system resources (for example, the memory 120, the peripheral device 140, etc.) is located in the physical address space 510, so the hardware VM setting 252 stores the mapping relationship between the VM and the PA block/segment by storing the mapping relationship between the extended PA area 520 and the block/segment in the physical address space 510.

圖2是圖示根據一個實施例的過程200的圖,過程200包括響應於訪問請求的多級地址映射。開始時,通過主機標識(Master_ID)標識的主機向它的MMU發送訪問請求,該訪問請求標識一個被請求的虛擬地址(VA)。如結合圖1所述,第一級MMU115將VA轉換為中間物理地址(IPA)(步驟201),且第二級MMU116將IPA轉換為物理地址(PA)(例如,將IPA轉換為圖5中物理地址空間510中的物理地址)(步驟202)。PA檢驗器242驗證主機允許訪問PA(步驟203)。虛擬機監視器240從硬體VM設置252(圖1)為分配有該PA的VM識別VM_ID,並且將標識PA、Master_ID和VM_ID的訪問請求傳遞到MPU 127(步驟204),例如在步驟204,虛擬監視器240可從硬體VM設置252中存儲的VM和對應的PA區域、塊或段之間的映射關係找到第二級MMU116轉換後的物理地址對應的VM及對應的VM的VM_ID。MPU127基於許可過濾器126中存儲的信息允許或拒絕訪問請求(步驟205)。FIG. 2 is a diagram illustrating a process 200 according to one embodiment, the process 200 including multi-level address mapping in response to an access request. Initially, a host identified by a host identification (Master_ID) sends an access request to its MMU, the access request identifying a requested virtual address (VA). As described in conjunction with FIG. 1 , the first-level MMU 115 converts the VA to an intermediate physical address (IPA) (step 201), and the second-level MMU 116 converts the IPA to a physical address (PA) (e.g., converts the IPA to a physical address in the physical address space 510 of FIG. 5) (step 202). The PA checker 242 verifies that the host allows access to the PA (step 203). The virtual machine monitor 240 identifies the VM_ID for the VM assigned with the PA from the hardware VM setting 252 ( FIG. 1 ), and transmits the access request identifying the PA, Master_ID, and VM_ID to the MPU 127 (step 204 ). For example, in step 204 , the virtual machine monitor 240 can find the VM and the VM_ID of the corresponding VM corresponding to the physical address converted by the second-level MMU 116 from the mapping relationship between the VM and the corresponding PA area, block, or segment stored in the hardware VM setting 252 . The MPU 127 allows or denies the access request based on the information stored in the permission filter 126 (step 205 ).

圖3是圖示根據一個實施例的管理記憶體保護的圖。在該實施例中,第二級MMU管理器241管理和配置由第二級MMU116和 PA檢查器242執行的關於允許每一個主機訪問的PA地址的地址轉換。在本實施例中,主機包括但不限於CPU、GPU、APU以及多媒體處理器。每一個主機執行一個VM,且不同的主機執行不同的VM。可進一步通過硬體VM管理器251增強由第二級MMU116和 PA檢查器242提供的記憶體保護,硬體VM管理器251管理並配置硬體VM設置252、MPU 127和許可過濾器126。硬體VM管理器251還管理系統中的任何額外的MPU和許可過濾器,為了簡化說明,它們在圖3和圖4的示例中未示出。MPU(以及相應的許可過濾器)提供基於硬體的記憶體隔離來阻止每一個主機訪問被分配給其他主機的VM。在一個實施例中,MMU和MPU均用於提供基於硬體的記憶體隔離來進一步增強系統的安全性。FIG3 is a diagram illustrating management of memory protection according to one embodiment. In this embodiment, the second-level MMU manager 241 manages and configures address translation performed by the second-level MMU 116 and the PA checker 242 regarding the PA address that each host is allowed to access. In this embodiment, the host includes but is not limited to a CPU, a GPU, an APU, and a multimedia processor. Each host executes a VM, and different hosts execute different VMs. The memory protection provided by the second-level MMU 116 and the PA checker 242 can be further enhanced by the hardware VM manager 251, which manages and configures the hardware VM settings 252, the MPU 127, and the permission filter 126. The hardware VM manager 251 also manages any additional MPUs and permission filters in the system, which are not shown in the examples of Figures 3 and 4 for simplicity of illustration. The MPU (and corresponding permission filter) provides hardware-based memory isolation to prevent each host from accessing VMs assigned to other hosts. In one embodiment, both the MMU and the MPU are used to provide hardware-based memory isolation to further enhance the security of the system.

硬體VM設置252存儲VM和PA塊/段之間的映射。硬體VM設置252還存儲主機和VM之間的映射。因此,在PA檢驗器242驗證一個請求主機(例如,CPU)被允許訪問訪問請求中的PA後,MPU127執行進一步的驗證且許可過濾器126確定運行在請求主機(例如,CPU VM)上的VM是否被允許訪問該PA。The hardware VM settings 252 stores the mapping between VM and PA blocks/segments. The hardware VM settings 252 also stores the mapping between the host and the VM. Therefore, after the PA verifier 242 verifies that a requesting host (e.g., CPU) is allowed to access the PA in the access request, the MPU 127 performs further verification and the permission filter 126 determines whether the VM running on the requesting host (e.g., CPU VM) is allowed to access the PA.

在一個實施例中,每一個VM中的PA塊大小(block size)(例如,擴展的PA區域520中的PA塊大小)大於第二級MMU 116使用的頁大小(page size)。例如,PA塊大小可以被配置為2兆位元組(2MB)、1吉位元組(1GB)等。第二級MMU 116使用的頁大小可以是4千位元組(4KB)。具有小的頁大小(例如 4KB)的管理訪問控制會產生大量開銷並降低系統性能。 因此,在一些實施例中,可以禁用由第二級MMU 116執行的訪問控制以提高系統性能。在這些實施例中,記憶體保護可以由MPU和許可過濾器提供。In one embodiment, the PA block size in each VM (e.g., the PA block size in the extended PA region 520) is larger than the page size used by the second-level MMU 116. For example, the PA block size may be configured as 2 megabytes (2MB), 1 gigabyte (1GB), etc. The page size used by the second-level MMU 116 may be 4 kilobytes (4KB). Managing access control with a small page size (e.g., 4KB) generates a large amount of overhead and degrades system performance. Therefore, in some embodiments, access control performed by the second-level MMU 116 may be disabled to improve system performance. In these embodiments, memory protection may be provided by the MPU and the permission filter.

圖4是圖示根據一個實施例的用於第二級MMU管理器241和硬體VM管理器251的配置450的圖。圖4將配置450添加到圖3的圖表中。虛擬機監視器240可使用配置450來指示第二級MMU管理器241啟動或禁用由第二級MMU116執行的主機側訪問控制。類似地,虛擬機監視器240可使用配置450來指示硬體VM管理器251啟動或禁用由MPU127和許可過濾器116執行的目標側訪問控制。因此,就訪問控制而言,存在三種備選方案。(1)禁用第二級MMU 116,啟用MPU 127和許可過濾器126。(2)啟用第二級MMU 116,禁用MPU 127和許可過濾器126。(3)啟用第二級MMU 116、MPU 127和許可過濾器126。例如,當系統以低性能運行並且MPU 127使用的PA塊大小大於第二級MMU 116使用的4KB大小時,虛擬機監視器240可以禁用由第二級MMU 116執行的訪問控制,以提高系統性能。FIG4 is a diagram illustrating a configuration 450 for the second-level MMU manager 241 and the hardware VM manager 251 according to one embodiment. FIG4 adds the configuration 450 to the diagram of FIG3 . The virtual machine monitor 240 may use the configuration 450 to instruct the second-level MMU manager 241 to enable or disable host-side access control performed by the second-level MMU 116. Similarly, the virtual machine monitor 240 may use the configuration 450 to instruct the hardware VM manager 251 to enable or disable target-side access control performed by the MPU 127 and the permission filter 116. Therefore, there are three alternatives with respect to access control. (1) Disable the second-level MMU 116, and enable the MPU 127 and the permission filter 126. (2) Enable second-stage MMU 116, disable MPU 127 and admission filter 126. (3) Enable second-stage MMU 116, MPU 127, and admission filter 126. For example, when the system runs at low performance and the PA block size used by MPU 127 is larger than the 4KB size used by second-stage MMU 116, virtual machine monitor 240 can disable access control performed by second-stage MMU 116 to improve system performance.

在一個實施例中,虛擬機監視器240分析被請求的PA地址來識別訪問模式(access pattern)。例如,當來自主機的所有的被請求的PA地址落入限制的地址訪問內,虛擬機監視器240可以啟用相應的MPU和許可過濾器來限制對該地址範圍的訪問。該限制的地址訪問可被配置為被單個主機使用,在同一時間由複數個主機共享或被複數個主機以時分複用的方式使用。In one embodiment, the virtual machine monitor 240 analyzes the requested PA addresses to identify access patterns. For example, when all requested PA addresses from the host fall within the restricted address access, the virtual machine monitor 240 can enable the corresponding MPU and permission filter to restrict access to the address range. The restricted address access can be configured to be used by a single host, shared by multiple hosts at the same time, or used by multiple hosts in a time-division multiplexing manner.

再次參考圖1,主機100支持複數個VM130。每一個VM130運行用於管理VA空間和管理應用程序的IPA空間分配的客戶操作系統。虛擬機監視器240管理VM130,例如,管理VM130的硬體資源的排程。虛擬機監視器240管理IPA空間和用於VM130的擴展的(extended)PA空間之間的映射。如在圖5中所示,擴展的PA空間550為尋址系統資源(例如,記憶體120,外圍設備140等)的PA空間510加上分配給VM130的擴展的PA區域520。擴展的PA區域520被重新映射到(remapped)到專用於尋址VM130的連續的PA地址空間(位於PA空間510中)。Referring again to FIG. 1 , the host 100 supports a plurality of VMs 130. Each VM 130 runs a guest operating system for managing VA space and managing IPA space allocation for applications. The virtual machine monitor 240 manages the VMs 130, for example, managing the scheduling of hardware resources for the VMs 130. The virtual machine monitor 240 manages the mapping between the IPA space and the extended PA space for the VMs 130. As shown in FIG. 5 , the extended PA space 550 is the PA space 510 for addressing system resources (e.g., memory 120, peripherals 140, etc.) plus the extended PA area 520 allocated to the VMs 130. The expanded PA region 520 is remapped to a continuous PA address space (located in the PA space 510 ) dedicated to addressing the VM 130 .

圖5是圖示根據一個實施例的VM和PA空間之間的地址映射的圖。在第二級MMU轉換中,分配給VM的虛擬地址被映射到擴展的PA區域520(也即,擴展的PA區域520中的物理地址被用作VM的虛擬地址)。例如,分配給VM0的虛擬地址被映射到R0(為分配給VM0的擴展的PA區域520)。在包括四個VM的示例中,每一個VM分配一個擴展的PA區域,不同的VM分配不同的擴展的PA區域。所有的擴展的PA區域520都是不重疊的並且具有相同的大小。擴展的PA區域520在PA空間510之外;PA空間510和擴展的PA區域520統稱為擴展的PA空間550。可以理解,這裡描述的記憶體保護機制適用於任何數量的VM。5 is a diagram illustrating address mapping between VM and PA space according to one embodiment. In the second-level MMU translation, the virtual address assigned to the VM is mapped to the extended PA region 520 (that is, the physical address in the extended PA region 520 is used as the virtual address of the VM). For example, the virtual address assigned to VM0 is mapped to R0 (the extended PA region 520 assigned to VM0). In the example including four VMs, each VM is allocated an extended PA region, and different VMs are allocated different extended PA regions. All extended PA regions 520 are non-overlapping and have the same size. The extended PA region 520 is outside the PA space 510; the PA space 510 and the extended PA region 520 are collectively referred to as the extended PA space 550. It will be appreciated that the memory protection mechanism described here is applicable to any number of VMs.

所有的擴展的PA區域520都被重新映射到PA空間510中的重新映射的PA區域530。重新映射的PA區域530專用於尋址VM。重新映射由硬體實施。在一個實施例中,不同的擴展的PA區域520相較於重新映射的PA區域530具有不同的偏移值。偏移值也稱之為基地址偏移。例如,分配給VM0的擴展的PA區域(R0)相較於重新映射的PA區域有一個偏移量(S0); 更具體地,R0的基地址從重映射的PA區域530的基地址偏移S0。分配給VM1的擴展的PA區域相較於重新映射的PA區域530有偏移量(S1),其中S1=S0+R0的大小。可以類似地計算分配給VM2和VM3的擴展的PA 區域的偏移量。以R0為例,將R0重新映射到重新映射的PA區域530為將R0中的每一個地址移位S0。 可以類似地計算其他擴展的PA區域的重新映射。All extended PA regions 520 are remapped to remapped PA regions 530 in the PA space 510. The remapped PA regions 530 are dedicated to addressing VMs. The remapping is implemented by hardware. In one embodiment, different extended PA regions 520 have different offset values relative to the remapped PA regions 530. The offset value is also referred to as a base address offset. For example, the extended PA region (R0) assigned to VM0 has an offset (S0) relative to the remapped PA region; more specifically, the base address of R0 is offset by S0 from the base address of the remapped PA region 530. The extended PA region assigned to VM1 has an offset (S1) relative to the remapped PA region 530, where S1 = S0 + the size of R0. The offsets of the extended PA regions allocated to VM2 and VM3 can be calculated similarly. Taking R0 as an example, remapping R0 to the remapped PA region 530 is to shift each address in R0 by S0. The remapping of other extended PA regions can be calculated similarly.

在一個實施例中,分配給VM的擴展的PA區域520可不立即與PA空間510相鄰;或者,分配給VM的擴展的PA區域520可立即與PA空間510相鄰。如圖5所示,在一個實施例中,分配給不同的VM的擴展的PA區域520可在擴展的PA空間550中連續;或者,分配給不同的VM的擴展的PA區域520可在擴展的PA空間550中不連續。在一個實施例中,每一個擴展的PA區域520的基地址和/或大小可以是可配置的。In one embodiment, the expanded PA region 520 allocated to a VM may not be immediately adjacent to the PA space 510; or, the expanded PA region 520 allocated to a VM may be immediately adjacent to the PA space 510. As shown in FIG5 , in one embodiment, the expanded PA regions 520 allocated to different VMs may be continuous in the expanded PA space 550; or, the expanded PA regions 520 allocated to different VMs may be discontinuous in the expanded PA space 550. In one embodiment, the base address and/or size of each expanded PA region 520 may be configurable.

將擴展的PA區域520分配給VM使得系統可對客戶操作系統和主機操作系統使用不同的頁大小(或塊大小)。假設VM0-VM3在計算系統中的客戶操作系統的複數個實例之上運行。客戶操作系統可使用第一頁大小用於虛擬記憶體管理。計算機系統的主機操作系統可使用比第一頁大小更大的第二頁大小(或塊大小)用於虛擬記憶體管理。較大的頁大小可減小主機系統操作的開銷。換言之,較小的頁大小可能更適用於VM操作。每一個處理器的MMU可通過使用用於主機系統操作的第二頁大小和用於VM操作的第一頁大小來執行地址轉換。Allocating the extended PA region 520 to the VM allows the system to use different page sizes (or block sizes) for the guest operating system and the host operating system. Assume that VM0-VM3 run on multiple instances of the guest operating system in the computing system. The guest operating system may use a first page size for virtual memory management. The host operating system of the computer system may use a second page size (or block size) that is larger than the first page size for virtual memory management. A larger page size may reduce the overhead of host system operations. In other words, a smaller page size may be more suitable for VM operations. The MMU of each processor may perform address translation by using the second page size for host system operations and the first page size for VM operations.

圖6是圖示根據一個實施例的VM記憶體保護的圖。在該實施例中,四個VM(VM0-VM3)分配有擴展的PA區域(例如,分別為R0、R1、R2和R3)。四個擴展的PA區域具有相同的大小(例如,K個位元組)並且不重疊。四個 VM 的基地址偏移量分別表示為S0、S1、S2和S3。所有的四個擴展的PA區域都映射到一個重新映射的PA區域。FIG6 is a diagram illustrating VM memory protection according to one embodiment. In this embodiment, four VMs (VM0-VM3) are allocated with extended PA regions (e.g., R0, R1, R2, and R3, respectively). The four extended PA regions have the same size (e.g., K bytes) and do not overlap. The base address offsets of the four VMs are represented as S0, S1, S2, and S3, respectively. All four extended PA regions are mapped to one remapped PA region.

在每一個擴展的PA區域內,虛擬機監視器或主機操作系統可以將一個或複數個地址塊和/或地址段(位於物理地址空間510中)分配給對應的VM。塊的大小可以是固定的(例如,每一個塊的大小為2MB),而地址段可以是可配置的。在圖6的實施例中,VM0分配地址塊D0,VM1分配地址塊D11和D12,VM2分配地址塊D2,VM3分配地址段D3。當R0-R3被映射到重新映射的PA區域時,所有被分配的地址塊或段彼此不重疊。在一個實施例中,每一個地址段可以單獨打開(switched on)(即,激活(activated))或關閉(switched off)(即,停用(deactivated))以進行分配。Within each expanded PA area, the virtual machine monitor or host operating system can allocate one or more address blocks and/or address segments (located in the physical address space 510) to the corresponding VM. The size of the block can be fixed (for example, the size of each block is 2MB), and the address segment can be configurable. In the embodiment of Figure 6, VM0 is allocated address block D0, VM1 is allocated address blocks D11 and D12, VM2 is allocated address block D2, and VM3 is allocated address segment D3. When R0-R3 are mapped to the remapped PA area, all allocated address blocks or segments do not overlap with each other. In one embodiment, each address segment can be individually switched on (i.e., activated) or switched off (i.e., deactivated) for allocation.

同時參考圖1,記憶體接口控制器125可從請求VM(例如,VM0)接收請求以用於訪問PA空間中的一個被請求的地址(也即,物理地址空間510中的一個或複數個地址塊和/或地址段)。根據請求和硬體VM設置252,請求VM的域ID(也稱為VM ID)被識別為VM0。MPU127檢驗識別出的VM ID的許可過濾器126來確定該請求是否應該被允許或被拒絕。許可過濾器126將VM0與允許或拒絕VM0訪問的地址塊和/或地址段的列表相關聯。許可過濾器126還可以將VM0與運行VM0的主機相關聯。結合圖5和圖6的描述適用於關於圖1中的記憶體120和外圍設備140的訪問控制。Also referring to FIG. 1 , the memory interface controller 125 may receive a request from a requesting VM (e.g., VM0) for access to a requested address in the PA space (i.e., one or more address blocks and/or address segments in the physical address space 510). Based on the request and the hardware VM settings 252, the domain ID (also referred to as the VM ID) of the requesting VM is identified as VM0. The MPU 127 checks the permission filter 126 of the identified VM ID to determine whether the request should be allowed or denied. The permission filter 126 associates VM0 with a list of address blocks and/or address segments that VM0 is allowed or denied access to. The permission filter 126 may also associate VM0 with the host on which VM0 is running. The description in conjunction with FIG. 5 and FIG. 6 is applicable to access control regarding the memory 120 and the peripheral device 140 in FIG. 1 .

圖7是圖示根據一個實施例的用於控制對PA空間的訪問的方法700的流程圖。在一個實施例中,方法700可以由系統(例如,圖1中的系統100)來執行,該系統包括複數個處理電路和可在PA空間(例如,PA空間510)內尋址的複數個系統資源。處理電路可以包括一個或複數個處理器和一個或複數個直接記憶體訪問(DMA)控制器。系統資源可以包括系統一個或複數個記憶體設備和一個或複數個外圍設備。FIG7 is a flow chart illustrating a method 700 for controlling access to a PA space according to one embodiment. In one embodiment, the method 700 may be performed by a system (e.g., system 100 in FIG1 ) that includes a plurality of processing circuits and a plurality of system resources addressable within a PA space (e.g., PA space 510). The processing circuits may include one or more processors and one or more direct memory access (DMA) controllers. The system resources may include one or more memory devices and one or more peripheral devices of the system.

方法700從步驟710開始,在該步驟中,系統從請求處理電路接收用於訪問虛擬地址的請求。請求處理電路執行請求VM,其中PA空間(例如,PA空間510)中的給定區域(例如,530)專用於尋址該系統中執行的VM。在步驟720,耦接於請求處理電路的給定MMU根據該給定MMU的可配置的設置將虛擬地址轉換為請求處理電路可訪問的被請求的PA。在步驟730,耦接於分配有被請求的PA的目標系統資源的給定MPU基於許可過濾器中的信息准許或拒絕請求,該許可過濾器指示被請求的PA是否可被在請求處理電路上執行的請求VM訪問。The method 700 begins at step 710, in which the system receives a request from a request processing circuit to access a virtual address. The request processing circuit executes the requesting VM, wherein a given region (e.g., 530) in a PA space (e.g., PA space 510) is dedicated to addressing VMs executing in the system. At step 720, a given MMU coupled to the request processing circuit converts the virtual address into a requested PA accessible to the request processing circuit according to a configurable setting of the given MMU. At step 730, a given MPU coupled to the target system resource to which the requested PA is allocated grants or denies the request based on information in a permission filter indicating whether the requested PA is accessible to a requesting VM executing on a request processing circuit.

在一個實施例中,系統包括複數個MMU和複數個MPU。每一個MMU包括第一級MMU和第二級MMU。第二級MMU用於對相應的處理電路進行主機側訪問控制,並可配置為禁用。每一個MPU用於對相應的系統資源進行目標側訪問控制,並可配置為禁用。第二級MMU使用一個頁大小執行主機側訪問控制,MPU使用大於一個頁大小的塊大小執行目標側訪問控制。In one embodiment, the system includes a plurality of MMUs and a plurality of MPUs. Each MMU includes a first-level MMU and a second-level MMU. The second-level MMU is used to perform host-side access control on the corresponding processing circuit and can be configured to be disabled. Each MPU is used to perform target-side access control on the corresponding system resources and can be configured to be disabled. The second-level MMU uses a page size to perform host-side access control, and the MPU uses a block size larger than a page size to perform target-side access control.

在一個實施例中,給定MPU使用的許可過濾器中的信息將請求VM與請求VM可訪問的PA空間的給定區域中的地址相關聯。該地址可以由具有相同塊大小的一個或複數個地址塊、具有可配置大小的一個或複數個地址段、或一個或複數個地址塊與一個或複數個地址段的組合來指示。In one embodiment, information in the admission filter used by a given MPU associates a requesting VM with an address in a given region of the PA space accessible to the requesting VM. The address may be indicated by one or more address blocks of the same block size, one or more address segments of configurable size, or a combination of one or more address blocks and one or more address segments.

在一個實施例中,給定MPU使用的許可過濾器中的信息可配置為僅包括請求處理電路被授權訪問的地址。在一個實施例中,系統配置為執行複數個VM,其中VM的總數和PA空間中的給定區域在硬體中預先被配置。In one embodiment, the information in the permission filter used by a given MPU can be configured to include only addresses that the request processing circuit is authorized to access. In one embodiment, the system is configured to execute a plurality of VMs, wherein the total number of VMs and a given region in the PA space are preconfigured in the hardware.

已經參照圖1的示例性實施例描述了圖7的流程圖的操作。然而,應當理解,圖7的流程圖的操作可以由圖1的實施例之外的本發明的其他實施例執行,且圖1的實施例可以執行與參考流程圖討論的那些不同的操作。雖然圖7的流程圖顯示了由本發明的某些實施例執行的操作的特定順序,但應該理解這種順序是示例性的(例如,替代實施例可以以不同的順序執行操作、組合某些操作、重疊某些操作等)。The operations of the flowchart of FIG. 7 have been described with reference to the exemplary embodiment of FIG. 1 . However, it should be understood that the operations of the flowchart of FIG. 7 may be performed by other embodiments of the present invention other than the embodiment of FIG. 1 , and that the embodiment of FIG. 1 may perform operations different from those discussed with reference to the flowchart. Although the flowchart of FIG. 7 shows a particular order of operations performed by certain embodiments of the present invention, it should be understood that such an order is exemplary (e.g., alternative embodiments may perform operations in a different order, combine certain operations, overlap certain operations, etc.).

本文已經描述了各種功能組件或塊。如所屬技術領域具有通常知識者將理解的,功能塊將優選地通過電路(專用電路或通用電路,其在一個或複數個處理器和編碼指令的控制下操作)實現,所述電路通常包括被配置為根據本文描述的功能和操作來控制電路的操作的電晶體。Various functional components or blocks have been described herein. As will be understood by those skilled in the art, the functional blocks will preferably be implemented by circuits (special purpose or general purpose circuits that operate under the control of one or more processors and coded instructions), which typically include transistors configured to control the operation of the circuits according to the functions and operations described herein.

本發明雖以較佳實施例揭露如上,然其並非用以限定本發明的範圍,任何所屬技術領域具有通常知識者,在不脫離本發明的精神和範圍內,當可做些許的更動與潤飾,因此本發明的保護範圍當視申請專利範圍所界定者為准。Although the present invention is disclosed as above with the preferred embodiments, it is not intended to limit the scope of the present invention. Any person with ordinary knowledge in the relevant technical field can make some changes and modifications without departing from the spirit and scope of the present invention. Therefore, the protection scope of the present invention shall be determined by the scope of the patent application.

100:系統 240:虛擬機監視器 241:第二級MMU管理器 242:PA檢驗器 252:硬體VM設置 251:硬體VM管理器 110a,110b,110c:基帶處理設備 115:第一級MMU 116:第二級MMU 130a,130b,130c,130:VM 180:總線 125:記憶體接口控制器 126,146:許可過濾器 127,147:MPU 120:記憶體 145:外圍接口控制器 140:外圍設備 200:過程 201,202,203,204,205,710,720,730:步驟 510:PA空間 530:重新映射的PA區域 520:擴展的PA區域 550:擴展的PA空間 700:方法 100: System 240: Virtual Machine Monitor 241: Second Level MMU Manager 242: PA Verifier 252: Hardware VM Settings 251: Hardware VM Manager 110a,110b,110c: Baseband Processing Device 115: First Level MMU 116: Second Level MMU 130a,130b,130c,130: VM 180: Bus 125: Memory Interface Controller 126,146: Permission Filter 127,147: MPU 120: Memory 145: Peripheral Interface Controller 140: Peripheral Devices 200: Process 201,202,203,204,205,710,720,730:Steps 510:PA space 530:Remapped PA area 520:Expanded PA area 550:Expanded PA space 700:Method

圖1是圖示根據一個實施例的系統100的框圖。 圖2是圖示根據一個實施例的過程200的圖。 圖3是圖示根據一個實施例的管理記憶體保護的圖。 圖4是圖示根據一個實施例的用於第二級MMU管理器241和硬體VM管理器251的配置450的圖。 圖5是圖示根據一個實施例的VM和PA空間之間的地址映射的圖。 圖6是圖示根據一個實施例的VM記憶體保護的圖。 圖7是圖示根據一個實施例的用於控制對PA空間的訪問的方法700的流程圖。 FIG. 1 is a block diagram illustrating a system 100 according to one embodiment. FIG. 2 is a diagram illustrating a process 200 according to one embodiment. FIG. 3 is a diagram illustrating managing memory protection according to one embodiment. FIG. 4 is a diagram illustrating a configuration 450 for a second-level MMU manager 241 and a hardware VM manager 251 according to one embodiment. FIG. 5 is a diagram illustrating address mapping between VM and PA space according to one embodiment. FIG. 6 is a diagram illustrating VM memory protection according to one embodiment. FIG. 7 is a flow chart illustrating a method 700 for controlling access to PA space according to one embodiment.

100:系統 100:System

240:虛擬機監視器 240:Virtual machine monitor

241:第二級MMU管理器 241: Second level MMU manager

242:PA檢驗器 242:PA tester

252:硬體VM設置 252:Hardware VM settings

251:硬體VM管理器 251:Hardware VM Manager

110a,110b,110c:基帶處理設備 110a, 110b, 110c: Baseband processing equipment

115:第一級MMU 115: First level MMU

116:第二級MMU 116: Second level MMU

130a,130b,130c:VM 130a,130b,130c:VM

180:總線 180: Bus

125:記憶體接口控制器 125:Memory interface controller

126,146:許可過濾器 126,146:Permit filter

127,147:MPU 127,147:MPU

120:記憶體 120: Memory

145:外圍接口控制器 145:Peripheral interface controller

140:外圍設備 140: Peripheral equipment

Claims (18)

一種用於控制對物理地址空間的訪問的系統,包括:執行複數個虛擬機的複數個處理電路,其中該物理地址空間的一給定區域專用於尋址該複數個虛擬機;由該物理地址空間尋址的複數個系統資源;耦接於相應的處理電路的複數個記憶體管理單元,其中給定記憶體管理單元用於根據該給定記憶體管理單元的配置設置將來自請求處理電路的訪問請求中指示的虛擬地址轉換為被請求的物理地址;以及複數個記憶體保護單元,其中耦接於分配有該被請求的物理地址的目標系統資源的給定記憶體保護單元用於根據許可過濾器中指示該請求處理電路上運行的請求虛擬機是否可訪問該被請求的物理地址的信息允許或拒絕該訪問請求,其中該目標系統資源為該複數個系統資源之一,該給定記憶體保護單元為該複數個記憶體保護單元之一;其中每一個記憶體管理單元包括第一級記憶體管理單元和第二級記憶體管理單元,該第二級記憶體管理單元用於使用頁尺寸執行主機側訪問控制,該給定記憶體保護單元使用大於該頁尺寸的塊尺寸執行目標側訪問控制。 A system for controlling access to a physical address space, comprising: a plurality of processing circuits executing a plurality of virtual machines, wherein a given region of the physical address space is dedicated to addressing the plurality of virtual machines; a plurality of system resources addressed by the physical address space; a plurality of memory management units coupled to the corresponding processing circuits, wherein a given memory management unit is used to convert a virtual address indicated in an access request from a requesting processing circuit into a requested physical address according to a configuration setting of the given memory management unit; and a plurality of memory protection units, wherein the memory protection units are coupled to a target system resource allocated with the requested physical address. The given memory protection unit of the source is used to allow or deny the access request according to the information in the permission filter indicating whether the requesting virtual machine running on the request processing circuit can access the requested physical address, wherein the target system resource is one of the plurality of system resources, and the given memory protection unit is one of the plurality of memory protection units; wherein each memory management unit includes a first-level memory management unit and a second-level memory management unit, the second-level memory management unit is used to perform host-side access control using a page size, and the given memory protection unit uses a block size larger than the page size to perform target-side access control. 如請求項1所述的用於控制對物理地址空間的訪問的系統,其中每一個記憶體管理單元包括第一級記憶體管理單元和第二級記憶體管理單元,該第二級記憶體管理單元用於對相應的處理電路執行主機側訪問控制,且該第二記憶體管理單元可選擇性被禁用。 A system for controlling access to a physical address space as described in claim 1, wherein each memory management unit includes a first-level memory management unit and a second-level memory management unit, the second-level memory management unit is used to perform host-side access control on the corresponding processing circuit, and the second memory management unit can be selectively disabled. 如請求項1所述的用於控制對物理地址空間的訪問的系統,其中每一個記憶體保護單元用於對該複數個系統資源中至少之一執行目標側訪問控制,且每一個該記憶體保護單元可選擇性被禁用。 A system for controlling access to a physical address space as described in claim 1, wherein each memory protection unit is used to perform target-side access control on at least one of the plurality of system resources, and each of the memory protection units can be selectively disabled. 如請求項1所述的用於控制對物理地址空間的訪問的系統, 其中由該給定記憶體保護單元使用的該許可過濾器中的該信息將該請求虛擬機與該物理地址空間中可被該請求虛擬機訪問的給定區域的地址相關聯。 A system for controlling access to a physical address space as described in claim 1, wherein the information in the permission filter used by the given memory protection unit associates the requesting virtual machine with an address of a given area in the physical address space accessible by the requesting virtual machine. 如請求項4所述的用於控制對物理地址空間的訪問的系統,其中該地址由具有相同塊大小的一個或複數個地址塊、具有可配置大小的一個或複數個地址段、或一個或複數個地址塊與一個或複數個地址段的組合來指示。 A system for controlling access to a physical address space as described in claim 4, wherein the address is indicated by one or more address blocks having the same block size, one or more address segments having a configurable size, or a combination of one or more address blocks and one or more address segments. 如請求項1所述的用於控制對物理地址空間的訪問的系統,其中由該給定記憶體保護單元使用的該許可過濾器中的該信息被配置為僅包括該請求處理電路被授權訪問的地址。 A system for controlling access to a physical address space as described in claim 1, wherein the information in the permission filter used by the given memory protection unit is configured to include only addresses that the request processing circuit is authorized to access. 如請求項1所述的用於控制對物理地址空間的訪問的系統,其中虛擬機的總數和該物理地址空間中的該給定區域在硬件中預先配置。 A system for controlling access to a physical address space as described in claim 1, wherein the total number of virtual machines and the given area in the physical address space are preconfigured in hardware. 如請求項1所述的用於控制對物理地址空間的訪問的系統,其中該複數個處理電路包括一個或複數個處理器和一個或複數個直接記憶體訪問控制器。 A system for controlling access to a physical address space as described in claim 1, wherein the plurality of processing circuits include one or more processors and one or more direct memory access controllers. 如請求項1所述的用於控制對物理地址空間的訪問的系統,其中該一個或複數個系統資源包括一個或複數個記憶體和一個或複數個外圍設備。 A system for controlling access to a physical address space as described in claim 1, wherein the one or more system resources include one or more memories and one or more peripheral devices. 一種用於控制對物理地址空間的訪問的方法,由包括複數個處理電路和複數個系統資源的系統執行,該方法包括:從請求處理電路接收訪問虛擬地址的請求,其中該請求處理電路執行請求虛擬機,其中該物理地址空間的一給定區域專用於尋址該系統中執行的複數個虛擬機;由耦接於該請求處理電路的給定記憶體管理單元根據該給定記憶體管理單元的配置設置將該虛擬地址轉換為該請求處理電路可訪問的被請求的物理地址;以及 由耦接於分配有該被請求的物理地址的目標系統資源的給定記憶體保護單元根據許可過濾器中指示該請求處理電路上運行的請求虛擬機是否可訪問該被請求的物理地址的信息允許或拒絕該請求,其中該目標系統資源為該複數個系統資源之一;其中每一個記憶體管理單元包括第一級記憶體管理單元和第二級記憶體管理單元,該第二級記憶體管理單元用於使用頁尺寸執行主機側訪問控制,該給定記憶體保護單元使用大於該頁尺寸的塊尺寸執行目標側訪問控制。 A method for controlling access to a physical address space, performed by a system including a plurality of processing circuits and a plurality of system resources, the method comprising: receiving a request for access to a virtual address from a request processing circuit, wherein the request processing circuit executes a requesting virtual machine, wherein a given region of the physical address space is dedicated to addressing a plurality of virtual machines executed in the system; converting the virtual address into a requested physical address accessible to the request processing circuit by a given memory management unit coupled to the request processing circuit according to a configuration setting of the given memory management unit; and A given memory protection unit having a target system resource of the requested physical address allows or denies the request based on information in a permission filter indicating whether a requesting virtual machine running on the request processing circuit can access the requested physical address, wherein the target system resource is one of the plurality of system resources; wherein each memory management unit includes a first-level memory management unit and a second-level memory management unit, the second-level memory management unit is used to perform host-side access control using a page size, and the given memory protection unit uses a block size larger than the page size to perform target-side access control. 如請求項10所述的用於控制對物理地址空間的訪問的方法,其中每一個記憶體管理單元包括第一級記憶體管理單元和第二級記憶體管理單元,該方法進一步包括:啟用或禁用第二級記憶體管理單元對該請求處理電路執行的主機側訪問控制。 A method for controlling access to a physical address space as described in claim 10, wherein each memory management unit includes a first-level memory management unit and a second-level memory management unit, and the method further includes: enabling or disabling the host-side access control performed by the second-level memory management unit on the request processing circuit. 如請求項10所述的用於控制對物理地址空間的訪問的方法,進一步包括:啟用或禁用該給定記憶體保護單元對該系統資源執行的目標側訪問控制。 The method for controlling access to a physical address space as described in claim 10 further comprises: enabling or disabling target-side access control performed by the given memory protection unit on the system resource. 如請求項10所述的用於控制對物理地址空間的訪問的方法,其中由該給定記憶體保護單元使用的該許可過濾器中的該信息將該請求虛擬機與該物理地址空間中可被該請求虛擬機訪問的給定區域的地址相關聯。 A method for controlling access to a physical address space as described in claim 10, wherein the information in the permission filter used by the given memory protection unit associates the requesting virtual machine with an address of a given area in the physical address space accessible by the requesting virtual machine. 如請求項13所述的用於控制對物理地址空間的訪問的方法,其中該地址由具有相同塊大小的一個或複數個地址塊、具有可配置大小的一個或複數個地址段、或一個或複數個地址塊與一個或複數個地址段的組合來指示。 A method for controlling access to a physical address space as described in claim 13, wherein the address is indicated by one or more address blocks having the same block size, one or more address segments having a configurable size, or a combination of one or more address blocks and one or more address segments. 如請求項10所述的用於控制對物理地址空間的訪問的方法,其中由該給定記憶體保護單元使用的該許可過濾器中的該信息被配置為僅 包括該請求處理電路被授權訪問的地址。 A method for controlling access to a physical address space as described in claim 10, wherein the information in the permission filter used by the given memory protection unit is configured to include only addresses that the request processing circuit is authorized to access. 如請求項10所述的用於控制對物理地址空間的訪問的方法,其中虛擬機的總數和該物理地址空間中的該給定區域在硬件中預先配置。 A method for controlling access to a physical address space as described in claim 10, wherein the total number of virtual machines and the given area in the physical address space are preconfigured in hardware. 如請求項10所述的用於控制對物理地址空間的訪問的方法,其中該複數個處理電路包括一個或複數個處理器和一個或複數個直接記憶體訪問控制器。 A method for controlling access to a physical address space as described in claim 10, wherein the plurality of processing circuits include one or more processors and one or more direct memory access controllers. 如請求項10所述的用於控制對物理地址空間的訪問的方法,其中該一個或複數個系統資源包括一個或複數個記憶體和一個或複數個外圍設備。 A method for controlling access to a physical address space as described in claim 10, wherein the one or more system resources include one or more memories and one or more peripheral devices.
TW111135601A 2021-10-06 2022-09-20 System and method for controling access to a physical address space TWI844963B (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US202163252637P 2021-10-06 2021-10-06
US63/252,637 2021-10-06
US17/883,541 2022-08-08
US17/883,541 US20220382577A1 (en) 2020-12-09 2022-08-08 Hardware Virtual Machine for Controlling Access to Physical Memory Space

Publications (2)

Publication Number Publication Date
TW202316275A TW202316275A (en) 2023-04-16
TWI844963B true TWI844963B (en) 2024-06-11

Family

ID=86551117

Family Applications (1)

Application Number Title Priority Date Filing Date
TW111135601A TWI844963B (en) 2021-10-06 2022-09-20 System and method for controling access to a physical address space

Country Status (2)

Country Link
CN (1) CN115934243A (en)
TW (1) TWI844963B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117421096B (en) * 2023-12-19 2024-04-05 麒麟软件有限公司 SMMU (SMMU) using method based on jailhouse virtual machine monitor

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200951980A (en) * 2008-04-30 2009-12-16 Advanced Micro Devices Inc Translation data prefetch in an IOMMU
US20150100791A1 (en) * 2007-10-30 2015-04-09 Vmware, Inc. Cryptographic multi-shadowing with integrity verification
CN104956342A (en) * 2013-02-05 2015-09-30 Arm有限公司 Virtualization supporting guest operating systems using memory protection units
CN105074663A (en) * 2013-03-12 2015-11-18 高通股份有限公司 Method and apparatus to selectively enable operations of a virtual machine monitor on demand
US20170249261A1 (en) * 2016-02-29 2017-08-31 Intel Corporation System for address mapping and translation protection
CN107562515A (en) * 2017-08-04 2018-01-09 致象尔微电子科技(上海)有限公司 A kind of method of the managing internal memory in virtualization technology

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150100791A1 (en) * 2007-10-30 2015-04-09 Vmware, Inc. Cryptographic multi-shadowing with integrity verification
TW200951980A (en) * 2008-04-30 2009-12-16 Advanced Micro Devices Inc Translation data prefetch in an IOMMU
CN104956342A (en) * 2013-02-05 2015-09-30 Arm有限公司 Virtualization supporting guest operating systems using memory protection units
CN105074663A (en) * 2013-03-12 2015-11-18 高通股份有限公司 Method and apparatus to selectively enable operations of a virtual machine monitor on demand
US20170249261A1 (en) * 2016-02-29 2017-08-31 Intel Corporation System for address mapping and translation protection
CN107562515A (en) * 2017-08-04 2018-01-09 致象尔微电子科技(上海)有限公司 A kind of method of the managing internal memory in virtualization technology

Also Published As

Publication number Publication date
TW202316275A (en) 2023-04-16
CN115934243A (en) 2023-04-07

Similar Documents

Publication Publication Date Title
KR101179341B1 (en) Performing direct cache access transactions based on a memory access data structure
US8386745B2 (en) I/O memory management unit including multilevel address translation for I/O and computation offload
US8392628B2 (en) Sharing memory spaces for access by hardware and software in a virtual machine environment
JP6110946B2 (en) Virtual I / O memory management unit in the guest virtual machine
US7873770B2 (en) Filtering and remapping interrupts
US9063891B2 (en) Secure computer system for preventing access requests to portions of system memory by peripheral devices and/or processor cores
US7849287B2 (en) Efficiently controlling special memory mapped system accesses
US7653803B2 (en) Address translation for input/output (I/O) devices and interrupt remapping for I/O devices in an I/O memory management unit (IOMMU)
US9535849B2 (en) IOMMU using two-level address translation for I/O and computation offload devices on a peripheral interconnect
US7882330B2 (en) Virtualizing an IOMMU
US20130013889A1 (en) Memory management unit using stream identifiers
AMD et al. Technology (IOMMU) specification
JP7387873B2 (en) Networked I/O memory management unit
JP2013232151A (en) Memory protection circuit, processing apparatus, and memory protection method
WO2021013273A1 (en) Method and system for accessing physical address space, electronic device, and chip
US9875132B2 (en) Input output memory management unit based zero copy virtual machine to virtual machine communication
TWI844963B (en) System and method for controling access to a physical address space
TWI814167B (en) System operative to support virtual machines and method for controlling access to a physical address space in thereof
US11494092B2 (en) Address space access control
US20220382577A1 (en) Hardware Virtual Machine for Controlling Access to Physical Memory Space
CN117120988A (en) Partition identifier space selection
US11009841B2 (en) Initialising control data for a device