US20050080934A1 - Invalidating translation lookaside buffer entries in a virtual machine (VM) system - Google Patents
Invalidating translation lookaside buffer entries in a virtual machine (VM) system Download PDFInfo
- Publication number
- US20050080934A1 US20050080934A1 US10/676,584 US67658403A US2005080934A1 US 20050080934 A1 US20050080934 A1 US 20050080934A1 US 67658403 A US67658403 A US 67658403A US 2005080934 A1 US2005080934 A1 US 2005080934A1
- Authority
- US
- United States
- Prior art keywords
- word
- vmx
- processor
- tlbvmx
- tlb
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/08—Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
- G06F12/10—Address translation
- G06F12/1027—Address translation using associative or pseudo-associative address translation means, e.g. translation look-aside buffer [TLB]
- G06F12/1036—Address translation using associative or pseudo-associative address translation means, e.g. translation look-aside buffer [TLB] for multiple virtual address spaces, e.g. segmentation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/08—Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
- G06F12/10—Address translation
- G06F12/1027—Address translation using associative or pseudo-associative address translation means, e.g. translation look-aside buffer [TLB]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/30003—Arrangements for executing specific machine instructions
- G06F9/30076—Arrangements for executing specific machine instructions to perform miscellaneous control operations, e.g. NOP
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2212/00—Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
- G06F2212/15—Use in a specific computing environment
- G06F2212/151—Emulated environment, e.g. virtual machine
Definitions
- This invention relates to virtual machines.
- the invention relates to translation lookaside buffers that support a virtual-machine system.
- a virtual-machine system is a computer system that includes a virtual machine monitor (VMM) supporting one or more virtual machines (VMs).
- VMM virtual machine monitor
- a Virtual Machine Monitor (VMM) is a software program that controls physical computer hardware and presents programs executing within a Virtual Machine (VM) with the illusion that they are executing on real physical computer hardware.
- Each VM typically functions as a self-contained platform, controlled by a “guest” operating system (OS), i.e., an OS hosted by the VMM, which executes as if it were running on a real machine instead of within a VM.
- OS guest operating system
- a VM e.g., attempts to configure device hardware
- VMM virtual hardware resources
- a memory address generated by software (a “virtual” address) is translated by hardware into a physical address which is then used to reference memory. This translation process is called paging, and the hardware used to perform the translation is called the paging hardware.
- the virtual-to-physical address translation is defined by system software in a set of data structures (called page tables) that reside in memory.
- page tables data structures
- Modem virtual-memory systems typically incorporate into a system's central processing unit (CPU) a specialized caching structure, often called a translation lookaside buffer (TLB), which stores information about virtual-to-physical address translations and which can be accessed far more quickly than memory.
- TLB translation lookaside buffer
- an OS When an OS stops executing one process and begins executing another, it will typically change the address space by directing the hardware to use a new set of paging structures. This can be accomplished using a software or hardware mechanism to invalidate or remove the entire contents of the TLB. More frequent than changes between processes are transitions of control between a process and OS software. Because of this, system performance would suffer significantly if the TLB were invalidated on each such transition. Thus, modern operating systems are typically constructed so that no change of address space is required. One or more ranges of (virtual) memory addresses in every address space are protected so that only the OS can access addresses in those ranges.
- FIG. 1 is a diagram illustrating a system in which one embodiment of the invention can be practiced.
- FIG. 2 is a diagram illustrating a translation lookaside buffer (TLB) shown in FIG. 1 according to one embodiment of the invention.
- TLB translation lookaside buffer
- FIG. 3 is a flowchart illustrating an invalidating policy for the TLB entries shown in FIG. 2 according to one embodiment of the invention.
- FIG. 4 is a list of operations that cause TLB entry invalidations according to one embodiment of the invention. Such operations are referred to as invalidation operations in the following description.
- One embodiment of the present invention is a technique to invalidate entries in a translation lookaside buffer (TLB).
- TLB translation lookaside buffer
- a translation lookaside buffer (TLB) in a processor has a plurality of TLB entries. Each TLB entry is associated with a virtual machine extension (VMX) tag word indicating if the associated TLB entry is invalidated according to a processor mode when an invalidation operation is performed.
- the processor mode is one of execution in a virtual machine (VM) and execution not in a virtual machine.
- VMCS Virtual Machine Control Structure
- the VMCS is stored in a region of memory and contains, for example, state of the guest, state of the VMM, and control information indicating under which conditions the VMM wishes to regain control during guest execution.
- the one or more processors in the physical machine read information from the VMCS to determine the execution environment of the VM and VMM, and to constrain the behavior of the guest software appropriately.
- the translation process will require one or more memory references because the paging hardware may need to fetch from memory data from one or more page tables.
- the virtual-to-physical address translation defined by a set of page tables is called an address space.
- operating systems execute each application program, or process, in a separate address space.
- the TLB is largely under the control of the paging hardware.
- One embodiment of the present invention relates to systems in which the paging hardware determines when to cache in the TLB a virtual-to-physical address translation that has been fetched from the page tables in memory.
- the paging structures that define the address translation reside in memory and may be modified by system software. This may cause translation information cached in the TLB to become out of date.
- systems allow software to direct the hardware to use an entirely different set of paging structures so that the entire contents of the TLB may become out of date.
- the hardware of some virtual-memory systems may detect such changes and then remove or modify out-of-date translation information while other systems provide software with special instructions to remove such information and still other systems use a combination of the two techniques.
- FIG. 1 is a diagram illustrating a computer system 100 in which one embodiment of the invention can be practiced.
- the computer system 100 includes a processor 110 , a host bus 120 , a memory control hub (MCH) 130 , a system memory 140 , an input/output control hub (ICH) 150 , a mass storage device 170 , and input/output devices 180 1 to 180 K .
- MCH memory control hub
- ICH input/output control hub
- the processor 110 represents a central processing unit of any type of architecture, such as embedded processors, micro-controllers, digital signal processors, superscalar computers, vector processors, single instruction multiple data (SIMD) computers, complex instruction set computers (CISC), reduced instruction set computers (RISC), very long instruction word (VLIW), or hybrid architecture.
- the processor 110 is compatible with the Intel Architecture (IA) processor, sometimes referred to as IA-32.
- the processor 110 typically contains a number of control registers to support memory management tasks such as virtual memory and cache memory. These tasks may include paging and segmentation.
- the processor I 10 also has a cache unit 117 .
- the cache unit 117 has a translation lookaside buffer (TLB) I 19 .
- the processor 110 is compatible with the Intel Architecture (IA) processor, has control registers and a TLB and further supports a Virtual Machine eXtension (VMX) mode.
- the VMX mode is a mode whereby all virtualization holes in the processor's instruction set are trapped.
- Software in this new mode executes with as many protection rings (e.g., 4) and with the same paging protection as it would ordinarily have, but whenever privileged software in a VM attempts to change machine state that is virtualized (e.g., mask interrupts) a variety of hardware and software techniques are used by hardware (e.g., the processor), software (e.g., the VMM) or both to provide software in the VM with the illusion that it has effected the change to the actual hardware state when in fact only the model presented to the VM has changed state.
- hardware e.g., the processor
- software e.g., the VMM
- the control registers include a first control register CR_PA 112 and a second control register CR_PM 114 .
- the CR_PA register contains the (physical) address of the currently active page table while the CR_PM register contains various “paging_mode” fields such as a “page mode” bit to enable paging.
- these control registers are mapped onto the control registers with the same functionality in the Intel Instruction Set Architecture as follows: CR_PA 112 is CR3, and some fields of CR_PM are located in CR0 and others in CR4.
- the CR_PM 114 register has a new control word of 1 or more bits in size that is only configurable by software when the processor is not in VMX mode: Translation Lookaside Buffer Virtual Machine eXtension (TLBVMX).
- CR_PM 114 register has two new control words of identical size of 1 or more bits that are only configurable by software when the processor is not in VMX mode: Translation Lookaside Buffer Virtual Machine eXtension (TLBVMX word) and Invalidation Translation Lookaside Buffer Virtual Machine eXtension (TLBVMX invalidation word).
- CR_PM 114 register has two new control words of identical size of 1 or more bits that are only configurable by software when the processor is not in VMX mode: Translation Lookaside Buffer Virtual Machine extension (TLBVMX word) and Translation Lookaside Buffer Virtual Machine extension Mask (TLBVMX mask word).
- CR_PM 114 register has one new control word of size of 1 or more bits that is fully configurable by software when the processor is not in VMX mode: Translation Lookaside Buffer Virtual Machine extension (TLBVMX word) and the Virtual Machine Control Structure (VMCS) has a new field of identical size, Translation Lookaside Buffer Virtual Machine eXtension Mask (TLBVMX mask field).
- TLBVMX mask field is inverted and the condition for access is inverted such that access to bits of the TLBVMX word is only allowed for bits that are set in the TLBVMX mask field in the currently active VMCS.
- the host bus 120 provides interface signals to allow the processor 110 to communicate with other processors or devices, e.g., the MCH 130 .
- the host bus 120 may support a uni-processor or multiprocessor configuration.
- the host bus 120 may be parallel, sequential, pipelined, asynchronous, synchronous, or any combination thereof.
- the MCH 130 provides control and configuration of memory and input/output devices such as the system memory 140 and the ICH 150 .
- the MCH 130 may be integrated into a chipset that integrates multiple functionalities such as the isolated execution mode, host-to-peripheral bus interface, memory control. For clarity, not all the peripheral buses are shown. It is contemplated that the system 100 may also include peripheral buses such as Peripheral Component Interconnect (PCI), accelerated graphics port (AGP), Industry Standard Architecture (ISA) bus, and Universal Serial Bus (USB), etc.
- PCI Peripheral Component Interconnect
- AGP accelerated graphics port
- ISA Industry Standard Architecture
- USB Universal Serial Bus
- the system memory 140 stores system code and data.
- the system memory 140 is typically implemented with dynamic random access memory (DRAM) or static random access memory (SRAM).
- the system memory may include program code or code segments implementing one embodiment of the invention.
- the system memory includes a virtual machine (VM) module 145 and a virtual machine monitor (VMM) module 148 .
- the VM and VMM 145 and 148 may also be implemented by hardware, software, firmware, microcode, or any combination thereof.
- the system memory 140 may also include other programs or data which are not shown, such as one or more guest operating systems, as well as sets of page tables 190 1 to 190 L .
- the sets of page tables 190 1 to 190 L may be created and maintained by software and reside in system memory 140 or they may be implemented and maintained by hardware, firmware, microcode, or any combination thereof. There may be one or more sets of page tables for the Virtual Machine Monitor (VMM) and one or more sets of page tables for each of one or more Virtual Machines (VMs).
- VMM Virtual Machine Monitor
- VMs Virtual Machines
- the ICH 150 has a number of functionalities that are designed to support I/O functions.
- the ICH 150 may also be integrated into a chipset together or separate from the MCH 130 to perform I/O functions.
- the ICH 150 may include a number of interface and I/O functions such as PCI bus interface, processor interface, interrupt controller, direct memory access (DMA) controller, power management logic, timer, universal serial bus (USB) interface, mass storage interface, low pin count (LPC) interface, etc.
- the mass storage device 170 stores archive information such as code, programs, files, data, applications, and operating systems.
- the mass storage device 170 may include compact disk (CD) ROM 172 , floppy diskettes 174 , and hard drive 176 , and any other magnetic or optic storage devices.
- the mass storage device 170 provides a mechanism to read machine-readable media.
- the I/O devices 180 1 to 180 K may include any I/O devices to perform I/O functions.
- I/O devices 180 1 to 180 K include controller for input devices (e.g., keyboard, mouse, trackball, pointing device), media card (e.g., audio, video, graphics), network card, and any other peripheral controllers.
- Elements of one embodiment of the invention may be implemented by hardware, firmware, software or any combination thereof.
- hardware generally refers to an element having a physical structure such as electronic, electromagnetic, optical, electro-optical, mechanical, electromechanical parts, etc.
- software generally refers to a logical structure, a method, a procedure, a program, a routine, a process, an algorithm, a formula, a function, an expression, etc.
- firmware generally refers to a logical structure, a method, a procedure, a program, a routine, a process, an algorithm, a formula, a function, an expression, etc. that is implemented or embodied in a hardware structure (e.g., flash memory).
- firmware may include microcode, writable control store, and micro-programmed structure.
- the elements of an embodiment of the present invention are essentially the code segments to perform the necessary tasks.
- the software/firmware may include the actual code to carry out the operations described in one embodiment of the invention, or code that emulates or simulates the operations.
- the program or code segments can be stored in a processor or machine accessible medium or transmitted by a computer data signal embodied in a carrier wave, or a signal modulated by a carrier, over a transmission medium.
- the “processor readable or accessible medium” or “machine readable or accessible medium” may include any medium that can store, transmit, or transfer information.
- Examples of the processor readable or machine accessible medium include an electronic circuit, a semiconductor memory device, a read only memory (ROM), a flash memory, an erasable ROM (EROM), a floppy diskette, a compact disk (CD) ROM, an optical disk, a hard disk, a fiber optic medium, a radio frequency (RF) link, etc.
- the computer data signal may include any signal that can propagate over a transmission medium such as electronic network channels, optical fibers, air, electromagnetic, RF links, etc.
- the code segments may be downloaded via computer networks such as the Internet, Intranet, etc.
- the machine accessible medium may be embodied in an article of manufacture.
- the machine accessible medium may include data that, when accessed by a machine, cause the machine to perform the operations described in the following.
- the machine accessible medium may also include program code embedded therein.
- the program code may include machine readable code to perform the operations described in the following.
- the term “data” here refers to any type of information that is encoded for machine-readable purposes. Therefore, it may include program, code, data, file, etc.
- All or part of an embodiment of the invention may be implemented by hardware, software, or firmware, or any combination thereof.
- the hardware, software, or firmware element may have several modules coupled to one another.
- a hardware module is coupled to another module by mechanical, electrical, optical, electromagnetic or any physical connections.
- a software module is coupled to another module by a function, procedure, method, subprogram, or subroutine call, a jump, a link, a parameter, variable, and argument passing, a function return, etc.
- a software module is coupled to another module to receive variables, parameters, arguments, pointers, etc. and/or to generate or pass results, updated variables, pointers, etc.
- a firmware module is coupled to another module by any combination of hardware and software coupling methods above.
- a hardware, software, or firmware module may be coupled to any one of another hardware, software, or firmware module.
- a module may also be a software driver or interface to interact with the operating system running on the platform.
- a module may also be a hardware driver to configure, set up, initialize, send and receive data to and from a hardware device.
- An apparatus may include any combination of hardware, software, and firmware modules.
- One embodiment of the invention may be described as a process which is usually depicted as a flowchart, a flow diagram, a structure diagram, or a block diagram. Although a flowchart may describe the operations as a sequential process, many of the operations can be performed in parallel or concurrently. In addition, the order of the operations may be re-arranged. A process is terminated when its operations are completed. A process may correspond to a method, a program, a procedure, a method of manufacturing or fabrication, etc.
- FIG. 2 is a diagram illustrating a translation lookaside buffer (TLB) 119 shown in FIG. 1 according to one embodiment of the invention.
- the TLB 119 includes a storage 210 and an invalidating mechanism 240 .
- the storage 210 is a fast memory organized with two fields TLB entry 220 and virtual machine extension (VMX) tag word 230 .
- the TLB 220 has N TLB entries 220 1 to 220 N and the VMX tag word array 230 has N VMX tag words 230 1 to 230 N .
- Each of the N TLB entries 220 1 to 220 N has an associated VMX tag word.
- Each of the N TLB entries 220 1 to 220 N is referred to as a TLB translation or translation for short.
- Each of the VMX tag words 230 1 to 230 N indicates if the associated TLB entry is invalidated according to a processor mode when an invalidation operation is performed.
- a VMX tag word When a VMX tag word is non-zero, the corresponding TLB entry is referred to as a VMX translation. When a VMX tag word is zero (0), the corresponding TLB entry is referred to as a non-VMX translation.
- the processor may be in VMX mode.
- VMX mode is the mode when the processor is executing guest code in a VM.
- the processor is not in VMX mode when the VMM is executing.
- the VMM operates in the protected mode of operation of an Intel Architecture processor.
- the VMM may create several VMs and each of the VMs operates in VMX mode.
- the processor mode may be set by a hardware circuit or by a configuration word programmed by software.
- Each of the VMX tag words 230 1 to 230 N may correspond to a VM created by the VMM.
- the VMX tag word field 230 has a word size of one bit.
- the VMX tag word is a single bit, so it is always 1 when in VMX mode and 0 when not in VMX mode (or vice versa).
- the active level of logical 1 or 0 is for illustrative purposes. Other active levels may be used.
- a bit is said to be asserted when it is set to its active level and to be negated when it is set to the complement of its active level. In the Intel Architecture, the value of this bit could be stored in a control register, a model-specific register, a new architectural register, or a new register.
- the value of this bit need not be visible at all and the Translation Lookaside Buffer Virtual Machine eXtension (TLBVMX word) need not exist per se since the necessary information can be derived automatically from other processor state (i.e., 1 when in VMX mode, 0 when not, or vice versa).
- the VMX tag word is larger than one bit and it is then set to the new value of the TLBVMX control word, which corresponds to the particular VM being executed, as the processor transitions into VMX mode. To maintain proper operation of the processor, the VMM would naturally prevent direct accesses by guest OSes to the TLBVMX control word
- the VMX tag word field 230 has a word size of greater than one bit, which we denote by M, and distinct VMX tag word values, excepting the zero (0) value that is reserved for the VMM, are assigned to VMs as they are created by the VMM until the largest possible value is reached, said value being shared by all subsequently created VMs (e.g., if M is 8 then 0 is for the VMM, 1 through 6 are for the first 6 VMs created and 7 is shared by all additional VMs).
- the VMX word field 230 again has a word size of greater than one bit and multiple distinct VMX tag word values are reserved for one or more VMMs and the remaining values are assigned to VMs as they are created by the VMMs until the largest possible value is reached, said value being shared by all subsequently created VMs.
- Some embodiments of this invention may support a TLBVMX word 116 in a new or existing control register.
- the width of this field is the same as the width of the VMX tag words 230 associated with the TLB entries. It determines the number of different address spaces whose translations may be cached in the TLB at any one time.
- Some embodiments may report the width of this field to software through some mechanism. For example, IA-32 processors report capabilities such as this through the CPUID instruction or through capability registers. Any such mechanism might be used to report the width of the TLBVMX word supported by a CPU.
- Some virtual-machine systems may support layers of virtual machine monitors (VMMs). For example, a single VMM ultimately controls the CPU. This “root” VMM may support, in guest VMs, other VMMs (“guest” VMMs) that may themselves support guest VMs. The support for layering may be provided by software, hardware, or a combination of the two.
- the multiple VMMs e.g., root and guest VMMs
- the multiple VMMs may all seek to manage the address spaces of their respective guests using the CPU's TLBVMX word. For embodiments that support a single TLBVMX word, this represents a challenge.
- the root VMM partitions the bits in the TLBVMX word into those that it controls and those whose control is yielded to its guest VMMs. If the width (in bits) of the CPU's TLBVMX word is M and the root VMM wants to support 2 L ⁇ 1 guest VMMs, where L ⁇ M, then the root VMM can assign to each of its guest VMMs a unique value in the range 1 to 2 L ⁇ 1. Whenever the guest VMM with value I (1 ⁇ I ⁇ 2 L ⁇ 1) is running, the root VMM will ensure that the high L bits of the CPU's TLB tag word will contain the value I.
- the root VMM will present to each guest VMM (through a capability reporting mechanism described above) the abstraction of a VM with a virtual CPU in which the width of the TLBVMX word is M-L.
- the guest VMMs will each be allowed to control only the low M-L bits of the TLBVMX word. Each such guest can thus support up to 2 M-L ⁇ 1 guests whose address spaces can concurrently use the TLB.
- This embodiment requires that the root VMM is able to (a) control the reporting of the width of the TLBVMX word to its guest VMMs, and (b) prevent its guest VMMs from modifying or reading selected bits of the TLBVMX word.
- Trapping to the root VMM from a higher level guest VMM so that the root VMM can emulate a single guest instruction is expensive but, since that reporting the width of the TLBVMX word should be an infrequent operation, this manner of support should not adversely affect performance.
- guest VMMs will be modifying and/or reading bits in the TLBVMX word frequently as they do VM entrances to their guest VMs.
- the processor provides a TLBVMX mask word to provide bit-by-bit capability to mask and shadow fields for control registers to constrain the ability of guest software to read and modify control registers
- software in a VM is only allowed to access those bits of the TLBVMX word whose corresponding bits are cleared in the TLBVMX mask word.
- the TLBVMX word is 10100000 and the TLBVMX mask word is 111110000 then a read by software of the TLBVMX word might return 0000 and software can set the TLBVMX word to any desired value from 10100000 to 10101111 by simply writing the low order bits, the high order bits are automatically supplied by the logical AND of the TLBVMX mask word and the TLBVMX word.
- the (intermediate) VMM sets the TLBVMX word to 10101100 and specifies that the new TLBVMX mask word will be 1100 then upon VM entrance the TLBVMX mask word is actually set to 11111100 and the TLBVMX word for the guest will be limited to the values 10101100 through 10101111.
- software specifies the new TLBVMX mask word value for the VM by loading an appropriate field in a Virtual Machine Control Structure
- the TLBVMX mask word is replaced by a TLBVMX inverted mask word which functions identically except that it is the logical NOT of the TLBVMX mask word and may thus be logically NOTed in the above formulas. Storing and using such an inverted mask word could simplify an actual implementation depending on the underlying logic circuitry in the processor.
- the invalidation mechanism 240 invalidates the TLB entries according to an invalidation policy 250 .
- the invalidation mechanism 240 may be implemented as a circuit having a control logic consistent with the invalidation policy 250 .
- the control logic provides an efficient way to update or invalidate the TLB entries in a virtual-machine system.
- FIG. 3 is a flowchart illustrating a process 300 to implement the invalidation policy 250 for the TLB entries shown in FIG. 2 according to one embodiment of the invention.
- the process 300 determines if an invalidation operation has been performed (Block 345 ). If so, the process 300 proceeds to invalidate one or more TLB entries, as appropriate to the invalidation operation being performed (e.g., INVLPG on an Intel Architecture processor), providing that the VMX tag word for the entry or entries match according to one of three rules or implementations. The selection of which rule is to be used depends on performance enhancement and implementation risk. In the conservative rule, the process 300 invalidates one or more TLB entries regardless of the VMX tag words (Block 350 ).
- the process 300 invalidates only those zero or more TLB entries that have the associated VMX tag word matched with the high order M-M′ bits of the TLBVMX word ( FIG. 1 ) by using the TLBVMX mask word to perform a logical AND on the VMX tag word (Block 372 ). In another embodiment of the configurable rule, only those zero or more TLB entries having a VMX tag word set to match the current (possibly logical) value of the TLBVMX invalidation word are invalidated (Block 374 ). For all rules, if an invalidation operation is not performed, the process 300 is terminated.
- FIG. 4 is a list of invalidation operations according to one embodiment of the invention. Specifically, for an Intel Architecture processor there are basically five invalidation operations.
- Invalidation operation 2 (Block 420 ): Execution of the page invalidation instruction (e.g., INVLPG instruction in the Intel Architecture)
- page invalidation instruction e.g., INVLPG instruction in the Intel Architecture
- Invalidation operation 3 (Block 430 ): Task switching that modifies the first control register CR3.
- Invalidation operation 5 (Block 450 ): Loading the third register CR4 that changes one or more of the PSE bit, PGE bit, or PAE bit.
- a VM system can efficiently trap to the VMM and resume execution of the VM without invalidating the TLB. This significantly increases the efficiency of the VMM system.
Abstract
One embodiment of the present invention is a technique to invalidate entries in a translation lookaside buffer (TLB). A TLB in a processor has a plurality of TLB entries. Each TLB entry is associated with a virtual machine extension (VMX) tag word indicating if the associated TLB entry is invalidated according to a processor mode when an invalidation operation is performed. The processor mode is one of execution in a virtual machine (VM) and execution not in a virtual machine. The invalidation operation belongs to a non-empty set of invalidation operations composed of a union of (1) a possibly empty set of operations that invalidate a variable number of TLB entries, (2) a possibly empty set of operations that invalidate exactly one TLB entry, (3) a possibly empty set of operations that invalidate the plurality of TLB entries, (4) a possibly empty set of operations that enable and disable use of virtual memory, and (5) a possibly empty set of operations that configure physical address size, page size or other virtual memory system behavior in a manner that changes the manner in which a physical machine interprets the TLB entries.
Description
- 1. Field of the Invention
- This invention relates to virtual machines. In particular, the invention relates to translation lookaside buffers that support a virtual-machine system.
- 2. Description of Related Art
- A virtual-machine system is a computer system that includes a virtual machine monitor (VMM) supporting one or more virtual machines (VMs). A Virtual Machine Monitor (VMM) is a software program that controls physical computer hardware and presents programs executing within a Virtual Machine (VM) with the illusion that they are executing on real physical computer hardware. Each VM typically functions as a self-contained platform, controlled by a “guest” operating system (OS), i.e., an OS hosted by the VMM, which executes as if it were running on a real machine instead of within a VM.
- To accomplish this simulation, it is necessary for some operations within a VM (e.g., attempts to configure device hardware) to be trapped and emulated by the VMM, which will perform operations to simulate virtual hardware resources (e.g., a simulated device) to maintain the illusion that the guest OS is manipulating real hardware. Thus, in a virtual-machine system transitions from a VM to the VMM and back will occur with some frequency, depending upon the number of instructions and events that the VMM must emulate.
- In a virtual-memory system, a memory address generated by software (a “virtual” address) is translated by hardware into a physical address which is then used to reference memory. This translation process is called paging, and the hardware used to perform the translation is called the paging hardware. In many virtual-memory systems, the virtual-to-physical address translation is defined by system software in a set of data structures (called page tables) that reside in memory. Modem virtual-memory systems typically incorporate into a system's central processing unit (CPU) a specialized caching structure, often called a translation lookaside buffer (TLB), which stores information about virtual-to-physical address translations and which can be accessed far more quickly than memory.
- When an OS stops executing one process and begins executing another, it will typically change the address space by directing the hardware to use a new set of paging structures. This can be accomplished using a software or hardware mechanism to invalidate or remove the entire contents of the TLB. More frequent than changes between processes are transitions of control between a process and OS software. Because of this, system performance would suffer significantly if the TLB were invalidated on each such transition. Thus, modern operating systems are typically constructed so that no change of address space is required. One or more ranges of (virtual) memory addresses in every address space are protected so that only the OS can access addresses in those ranges.
- In a virtual-machine system, certain operations within a VM must be trapped and emulated by the VMM. While this is much as an OS supports a user process, the situation here is different. Applications designed to run in user processes are bound by the address-space constraints imposed by the OS. In contrast, software that executes in a VM is not aware that it is being supported by a VMM and thus expects to have access to all memory addresses. For this reason, a VM and its supporting VMM cannot easily share an address space.
- If a VM and its support VMM do not share an address space, then transitions between the VM and the VMM will adversely affect performance because all entries in the TLB must be invalidated on each such transition. Therefore, there is a need to have an efficient technique to allow translations for different address spaces to coexist in the TLB in a VM system.
- The features and advantages of the present invention will become apparent from the following detailed description of the present invention in which:
-
FIG. 1 is a diagram illustrating a system in which one embodiment of the invention can be practiced. -
FIG. 2 is a diagram illustrating a translation lookaside buffer (TLB) shown inFIG. 1 according to one embodiment of the invention. -
FIG. 3 is a flowchart illustrating an invalidating policy for the TLB entries shown inFIG. 2 according to one embodiment of the invention. -
FIG. 4 is a list of operations that cause TLB entry invalidations according to one embodiment of the invention. Such operations are referred to as invalidation operations in the following description. - One embodiment of the present invention is a technique to invalidate entries in a translation lookaside buffer (TLB). A translation lookaside buffer (TLB) in a processor has a plurality of TLB entries. Each TLB entry is associated with a virtual machine extension (VMX) tag word indicating if the associated TLB entry is invalidated according to a processor mode when an invalidation operation is performed. The processor mode is one of execution in a virtual machine (VM) and execution not in a virtual machine. The invalidation operation belongs to a non-empty set of invalidation operations composed of a union of (1) a possibly empty set of operations that invalidate a variable number of TLB entries, (2) a possibly empty set of operations that invalidate exactly one TLB entry, (3) a possibly empty set of operations that invalidate the plurality of TLB entries, (4) a possibly empty set of operations that enable and disable use of virtual memory, and (5) a possibly empty set of operations that configure physical address size, page size or other virtual memory system behavior in a manner that changes the manner in which a physical machine interprets the TLB entries.
- In the following description, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In other instances, well-known circuits, structures, and techniques have not been shown in order not to obscure the understanding of this description.
- Existing physical machines that support VM operation control the execution environment of a VM using a structure herein referred to as a Virtual Machine Control Structure (VMCS). The VMCS is stored in a region of memory and contains, for example, state of the guest, state of the VMM, and control information indicating under which conditions the VMM wishes to regain control during guest execution. The one or more processors in the physical machine read information from the VMCS to determine the execution environment of the VM and VMM, and to constrain the behavior of the guest software appropriately.
- In systems using paging, the translation process will require one or more memory references because the paging hardware may need to fetch from memory data from one or more page tables. The virtual-to-physical address translation defined by a set of page tables is called an address space. Typically, operating systems execute each application program, or process, in a separate address space. In some virtual-memory systems, the TLB is largely under the control of the paging hardware. One embodiment of the present invention relates to systems in which the paging hardware determines when to cache in the TLB a virtual-to-physical address translation that has been fetched from the page tables in memory.
- The paging structures that define the address translation reside in memory and may be modified by system software. This may cause translation information cached in the TLB to become out of date. In addition, systems allow software to direct the hardware to use an entirely different set of paging structures so that the entire contents of the TLB may become out of date. The hardware of some virtual-memory systems may detect such changes and then remove or modify out-of-date translation information while other systems provide software with special instructions to remove such information and still other systems use a combination of the two techniques.
-
FIG. 1 is a diagram illustrating acomputer system 100 in which one embodiment of the invention can be practiced. Thecomputer system 100 includes aprocessor 110, ahost bus 120, a memory control hub (MCH) 130, asystem memory 140, an input/output control hub (ICH) 150, amass storage device 170, and input/output devices 180 1 to 180 K. - The
processor 110 represents a central processing unit of any type of architecture, such as embedded processors, micro-controllers, digital signal processors, superscalar computers, vector processors, single instruction multiple data (SIMD) computers, complex instruction set computers (CISC), reduced instruction set computers (RISC), very long instruction word (VLIW), or hybrid architecture. In one embodiment, theprocessor 110 is compatible with the Intel Architecture (IA) processor, sometimes referred to as IA-32. Theprocessor 110 typically contains a number of control registers to support memory management tasks such as virtual memory and cache memory. These tasks may include paging and segmentation. The processor I 10 also has acache unit 117. Thecache unit 117 has a translation lookaside buffer (TLB) I 19. In one embodiment, theprocessor 110 is compatible with the Intel Architecture (IA) processor, has control registers and a TLB and further supports a Virtual Machine eXtension (VMX) mode. The VMX mode is a mode whereby all virtualization holes in the processor's instruction set are trapped. Software in this new mode executes with as many protection rings (e.g., 4) and with the same paging protection as it would ordinarily have, but whenever privileged software in a VM attempts to change machine state that is virtualized (e.g., mask interrupts) a variety of hardware and software techniques are used by hardware (e.g., the processor), software (e.g., the VMM) or both to provide software in the VM with the illusion that it has effected the change to the actual hardware state when in fact only the model presented to the VM has changed state. - The control registers include a first
control register CR_PA 112 and a secondcontrol register CR_PM 114. The CR_PA register contains the (physical) address of the currently active page table while the CR_PM register contains various “paging_mode” fields such as a “page mode” bit to enable paging. In one embodiment of the invention these control registers are mapped onto the control registers with the same functionality in the Intel Instruction Set Architecture as follows:CR_PA 112 is CR3, and some fields of CR_PM are located in CR0 and others in CR4. Specifically, the CR0 register has two control bits from CR_PM: protected mode enable (PE) and page mode (PG), and the CR4 register has three control bits from CR_PM: Page Size Extension (PSE), Page Global Enable (PGE), and Physical Address Extension (PAE). - In another embodiment, the
CR_PM 114 register has a new control word of 1 or more bits in size that is only configurable by software when the processor is not in VMX mode: Translation Lookaside Buffer Virtual Machine eXtension (TLBVMX). In an alternative embodiment,CR_PM 114 register has two new control words of identical size of 1 or more bits that are only configurable by software when the processor is not in VMX mode: Translation Lookaside Buffer Virtual Machine eXtension (TLBVMX word) and Invalidation Translation Lookaside Buffer Virtual Machine eXtension (TLBVMX invalidation word). In yet another alternative embodiment,CR_PM 114 register has two new control words of identical size of 1 or more bits that are only configurable by software when the processor is not in VMX mode: Translation Lookaside Buffer Virtual Machine extension (TLBVMX word) and Translation Lookaside Buffer Virtual Machine extension Mask (TLBVMX mask word). In still another alternative embodiment,CR_PM 114 register has one new control word of size of 1 or more bits that is fully configurable by software when the processor is not in VMX mode: Translation Lookaside Buffer Virtual Machine extension (TLBVMX word) and the Virtual Machine Control Structure (VMCS) has a new field of identical size, Translation Lookaside Buffer Virtual Machine eXtension Mask (TLBVMX mask field). When the processor is in VMX mode access to the TLBVMX word is controlled by the TLBVMX mask field in the currently active VMCS such that the processor can only access those bits of the TLBVMX word whose corresponding bits are cleared in the TLBVMX mask field in the currently active VMCS. In still another embodiment the TLBVMX mask field is inverted and the condition for access is inverted such that access to bits of the TLBVMX word is only allowed for bits that are set in the TLBVMX mask field in the currently active VMCS. - The
host bus 120 provides interface signals to allow theprocessor 110 to communicate with other processors or devices, e.g., theMCH 130. Thehost bus 120 may support a uni-processor or multiprocessor configuration. Thehost bus 120 may be parallel, sequential, pipelined, asynchronous, synchronous, or any combination thereof. - The
MCH 130 provides control and configuration of memory and input/output devices such as thesystem memory 140 and theICH 150. TheMCH 130 may be integrated into a chipset that integrates multiple functionalities such as the isolated execution mode, host-to-peripheral bus interface, memory control. For clarity, not all the peripheral buses are shown. It is contemplated that thesystem 100 may also include peripheral buses such as Peripheral Component Interconnect (PCI), accelerated graphics port (AGP), Industry Standard Architecture (ISA) bus, and Universal Serial Bus (USB), etc. - The
system memory 140 stores system code and data. Thesystem memory 140 is typically implemented with dynamic random access memory (DRAM) or static random access memory (SRAM). The system memory may include program code or code segments implementing one embodiment of the invention. The system memory includes a virtual machine (VM)module 145 and a virtual machine monitor (VMM)module 148. The VM andVMM system memory 140 may also include other programs or data which are not shown, such as one or more guest operating systems, as well as sets of page tables 190 1 to 190 L. The sets of page tables 190 1 to 190 L may be created and maintained by software and reside insystem memory 140 or they may be implemented and maintained by hardware, firmware, microcode, or any combination thereof. There may be one or more sets of page tables for the Virtual Machine Monitor (VMM) and one or more sets of page tables for each of one or more Virtual Machines (VMs). - The
ICH 150 has a number of functionalities that are designed to support I/O functions. TheICH 150 may also be integrated into a chipset together or separate from theMCH 130 to perform I/O functions. TheICH 150 may include a number of interface and I/O functions such as PCI bus interface, processor interface, interrupt controller, direct memory access (DMA) controller, power management logic, timer, universal serial bus (USB) interface, mass storage interface, low pin count (LPC) interface, etc. - The
mass storage device 170 stores archive information such as code, programs, files, data, applications, and operating systems. Themass storage device 170 may include compact disk (CD)ROM 172,floppy diskettes 174, andhard drive 176, and any other magnetic or optic storage devices. Themass storage device 170 provides a mechanism to read machine-readable media. - The I/O devices 180 1 to 180 K may include any I/O devices to perform I/O functions. Examples of I/O devices 180 1 to 180 K include controller for input devices (e.g., keyboard, mouse, trackball, pointing device), media card (e.g., audio, video, graphics), network card, and any other peripheral controllers.
- Elements of one embodiment of the invention may be implemented by hardware, firmware, software or any combination thereof. The term hardware generally refers to an element having a physical structure such as electronic, electromagnetic, optical, electro-optical, mechanical, electromechanical parts, etc. The term software generally refers to a logical structure, a method, a procedure, a program, a routine, a process, an algorithm, a formula, a function, an expression, etc. The term firmware generally refers to a logical structure, a method, a procedure, a program, a routine, a process, an algorithm, a formula, a function, an expression, etc. that is implemented or embodied in a hardware structure (e.g., flash memory). Examples of firmware may include microcode, writable control store, and micro-programmed structure. When implemented in software or firmware, the elements of an embodiment of the present invention are essentially the code segments to perform the necessary tasks. The software/firmware may include the actual code to carry out the operations described in one embodiment of the invention, or code that emulates or simulates the operations. The program or code segments can be stored in a processor or machine accessible medium or transmitted by a computer data signal embodied in a carrier wave, or a signal modulated by a carrier, over a transmission medium. The “processor readable or accessible medium” or “machine readable or accessible medium” may include any medium that can store, transmit, or transfer information. Examples of the processor readable or machine accessible medium include an electronic circuit, a semiconductor memory device, a read only memory (ROM), a flash memory, an erasable ROM (EROM), a floppy diskette, a compact disk (CD) ROM, an optical disk, a hard disk, a fiber optic medium, a radio frequency (RF) link, etc. The computer data signal may include any signal that can propagate over a transmission medium such as electronic network channels, optical fibers, air, electromagnetic, RF links, etc. The code segments may be downloaded via computer networks such as the Internet, Intranet, etc. The machine accessible medium may be embodied in an article of manufacture. The machine accessible medium may include data that, when accessed by a machine, cause the machine to perform the operations described in the following. The machine accessible medium may also include program code embedded therein. The program code may include machine readable code to perform the operations described in the following. The term “data” here refers to any type of information that is encoded for machine-readable purposes. Therefore, it may include program, code, data, file, etc.
- All or part of an embodiment of the invention may be implemented by hardware, software, or firmware, or any combination thereof. The hardware, software, or firmware element may have several modules coupled to one another. A hardware module is coupled to another module by mechanical, electrical, optical, electromagnetic or any physical connections. A software module is coupled to another module by a function, procedure, method, subprogram, or subroutine call, a jump, a link, a parameter, variable, and argument passing, a function return, etc. A software module is coupled to another module to receive variables, parameters, arguments, pointers, etc. and/or to generate or pass results, updated variables, pointers, etc. A firmware module is coupled to another module by any combination of hardware and software coupling methods above. A hardware, software, or firmware module may be coupled to any one of another hardware, software, or firmware module. A module may also be a software driver or interface to interact with the operating system running on the platform. A module may also be a hardware driver to configure, set up, initialize, send and receive data to and from a hardware device. An apparatus may include any combination of hardware, software, and firmware modules.
- One embodiment of the invention may be described as a process which is usually depicted as a flowchart, a flow diagram, a structure diagram, or a block diagram. Although a flowchart may describe the operations as a sequential process, many of the operations can be performed in parallel or concurrently. In addition, the order of the operations may be re-arranged. A process is terminated when its operations are completed. A process may correspond to a method, a program, a procedure, a method of manufacturing or fabrication, etc.
-
FIG. 2 is a diagram illustrating a translation lookaside buffer (TLB) 119 shown inFIG. 1 according to one embodiment of the invention. TheTLB 119 includes astorage 210 and aninvalidating mechanism 240. - The
storage 210 is a fast memory organized with twofields TLB entry 220 and virtual machine extension (VMX)tag word 230. For some integer N theTLB 220 hasN TLB entries 220 1 to 220 N and the VMXtag word array 230 has NVMX tag words 230 1 to 230 N. Each of theN TLB entries 220 1 to 220 N has an associated VMX tag word. Each of theN TLB entries 220 1 to 220 N is referred to as a TLB translation or translation for short. Each of theVMX tag words 230 1 to 230 N indicates if the associated TLB entry is invalidated according to a processor mode when an invalidation operation is performed. When a VMX tag word is non-zero, the corresponding TLB entry is referred to as a VMX translation. When a VMX tag word is zero (0), the corresponding TLB entry is referred to as a non-VMX translation. - At any given time, the processor may be in VMX mode. VMX mode is the mode when the processor is executing guest code in a VM. The processor is not in VMX mode when the VMM is executing. In one embodiment, the VMM operates in the protected mode of operation of an Intel Architecture processor. The VMM may create several VMs and each of the VMs operates in VMX mode. The processor mode may be set by a hardware circuit or by a configuration word programmed by software. Each of the
VMX tag words 230 1 to 230 N may correspond to a VM created by the VMM. In one embodiment, the VMXtag word field 230 has a word size of one bit. - As noted in the preceding paragraph, in one embodiment, the VMX tag word is a single bit, so it is always 1 when in VMX mode and 0 when not in VMX mode (or vice versa). Note that the active level of logical 1 or 0 is for illustrative purposes. Other active levels may be used. A bit is said to be asserted when it is set to its active level and to be negated when it is set to the complement of its active level. In the Intel Architecture, the value of this bit could be stored in a control register, a model-specific register, a new architectural register, or a new register. In fact, the value of this bit need not be visible at all and the Translation Lookaside Buffer Virtual Machine eXtension (TLBVMX word) need not exist per se since the necessary information can be derived automatically from other processor state (i.e., 1 when in VMX mode, 0 when not, or vice versa). In an alternative embodiment, the VMX tag word is larger than one bit and it is then set to the new value of the TLBVMX control word, which corresponds to the particular VM being executed, as the processor transitions into VMX mode. To maintain proper operation of the processor, the VMM would naturally prevent direct accesses by guest OSes to the TLBVMX control word
- In another embodiment, the VMX
tag word field 230 has a word size of greater than one bit, which we denote by M, and distinct VMX tag word values, excepting the zero (0) value that is reserved for the VMM, are assigned to VMs as they are created by the VMM until the largest possible value is reached, said value being shared by all subsequently created VMs (e.g., if M is 8 then 0 is for the VMM, 1 through 6 are for the first 6 VMs created and 7 is shared by all additional VMs). In another embodiment, theVMX word field 230 again has a word size of greater than one bit and multiple distinct VMX tag word values are reserved for one or more VMMs and the remaining values are assigned to VMs as they are created by the VMMs until the largest possible value is reached, said value being shared by all subsequently created VMs. - Some embodiments of this invention may support a
TLBVMX word 116 in a new or existing control register. The width of this field is the same as the width of theVMX tag words 230 associated with the TLB entries. It determines the number of different address spaces whose translations may be cached in the TLB at any one time. Some embodiments may report the width of this field to software through some mechanism. For example, IA-32 processors report capabilities such as this through the CPUID instruction or through capability registers. Any such mechanism might be used to report the width of the TLBVMX word supported by a CPU. - Some virtual-machine systems may support layers of virtual machine monitors (VMMs). For example, a single VMM ultimately controls the CPU. This “root” VMM may support, in guest VMs, other VMMs (“guest” VMMs) that may themselves support guest VMs. The support for layering may be provided by software, hardware, or a combination of the two. For systems based on embodiments that support the VMX tag words defined in this invention, the multiple VMMs (e.g., root and guest VMMs) may all seek to manage the address spaces of their respective guests using the CPU's TLBVMX word. For embodiments that support a single TLBVMX word, this represents a challenge.
- In one embodiment of the invention, the root VMM partitions the bits in the TLBVMX word into those that it controls and those whose control is yielded to its guest VMMs. If the width (in bits) of the CPU's TLBVMX word is M and the root VMM wants to support 2L−1 guest VMMs, where L<M, then the root VMM can assign to each of its guest VMMs a unique value in the range 1 to 2L−1. Whenever the guest VMM with value I (1<I<2L−1) is running, the root VMM will ensure that the high L bits of the CPU's TLB tag word will contain the value I. These bits will be given the
value 0 only for (1) the root VMM or (2) guests of the root VMM that are not themselves VMMs. The root VMM will present to each guest VMM (through a capability reporting mechanism described above) the abstraction of a VM with a virtual CPU in which the width of the TLBVMX word is M-L. The guest VMMs will each be allowed to control only the low M-L bits of the TLBVMX word. Each such guest can thus support up to 2M-L−1 guests whose address spaces can concurrently use the TLB. - This embodiment requires that the root VMM is able to (a) control the reporting of the width of the TLBVMX word to its guest VMMs, and (b) prevent its guest VMMs from modifying or reading selected bits of the TLBVMX word.
- Both of these capabilities are already supported in some virtual-machine systems. For example, in IA-32 systems, it is sufficient to ensure that guest attempts to execute the CPUID instruction or to read capability registers or to read or write control registers cause transitions to the root VM monitor (VMM). The root VMM can then emulate the relevant guest instruction, presenting to its guest the values it desires (e.g., in this case, it would report to its guest that the width of the TLBVMX word is M-L instead of M).
- Trapping to the root VMM from a higher level guest VMM so that the root VMM can emulate a single guest instruction is expensive but, since that reporting the width of the TLBVMX word should be an infrequent operation, this manner of support should not adversely affect performance. On the other hand, guest VMMs will be modifying and/or reading bits in the TLBVMX word frequently as they do VM entrances to their guest VMs.
- In an alternative embodiment of the invention, the processor provides a TLBVMX mask word to provide bit-by-bit capability to mask and shadow fields for control registers to constrain the ability of guest software to read and modify control registers Thus software in a VM is only allowed to access those bits of the TLBVMX word whose corresponding bits are cleared in the TLBVMX mask word. For example, if the TLBVMX word is 10100000 and the TLBVMX mask word is 111110000 then a read by software of the TLBVMX word might return 0000 and software can set the TLBVMX word to any desired value from 10100000 to 10101111 by simply writing the low order bits, the high order bits are automatically supplied by the logical AND of the TLBVMX mask word and the TLBVMX word.
- To efficiently support a layered virtualization architecture, the processor provides a hardware-managed stack of TLBVMX mask words that work as follows. Incident to a VM entrance a VMM can specify a new value of the TLBVMX mask word for the guest (whether VMM or not) but the new value will be automatically logically ORed by the processor with the old value of the TLBVMX mask word so that the logical AND of the new value and the old value of the TLBVMX mask word will be equal to the old value. The old value is automatically restored from the hardware-managed stack upon a VM exit. In the new guest the TLBVMX mask word constrains the space of possible TLBVMX word values. For example, continuing the above example, if the (intermediate) VMM sets the TLBVMX word to 10101100 and specifies that the new TLBVMX mask word will be 1100 then upon VM entrance the TLBVMX mask word is actually set to 11111100 and the TLBVMX word for the guest will be limited to the values 10101100 through 10101111.
- In one embodiment of the invention, software specifies the new TLBVMX mask word value for the VM by loading an appropriate field in a Virtual Machine Control Structure In yet another embodiment of the invention, the TLBVMX mask word is replaced by a TLBVMX inverted mask word which functions identically except that it is the logical NOT of the TLBVMX mask word and may thus be logically NOTed in the above formulas. Storing and using such an inverted mask word could simplify an actual implementation depending on the underlying logic circuitry in the processor.
- Using these techniques, a guest VMM could reserve K bits in the TLBVMX word (of the M-L bits to which it has access) for its own use, presenting to its guest VMM the abstraction of virtual CPU with a TLBVMX word with only M−(L+K) bits. The technique can be used for at most M layers, after which any guest VMMs would be presented with the abstraction of a virtual CPU that does not support a TLBVMX word.
- The
invalidation mechanism 240 invalidates the TLB entries according to aninvalidation policy 250. Theinvalidation mechanism 240 may be implemented as a circuit having a control logic consistent with theinvalidation policy 250. The control logic provides an efficient way to update or invalidate the TLB entries in a virtual-machine system. -
FIG. 3 is a flowchart illustrating aprocess 300 to implement theinvalidation policy 250 for the TLB entries shown inFIG. 2 according to one embodiment of the invention. - Upon START the
process 300 determines if the processor is in VMX mode (Block 310). As noted above, in one embodiment of the invention, the VMX tag word is a single bit and the TLBVMX word may exist only logically, its contents being derived automatically from other processor state. In other embodiments, the TLBVMX word may be more than one bit and exists as a physical field in theCR_PM 114 control register. For all embodiments of the invention, if the processor is in VMX mode, then all new translations in the TLB set the VMX tag word to match the possibly logical value of the TLBVMX word (Block 325) and if the processor is not in VMX mode, then all new translations set the VMX tag word to match the possibly logical value of the TLBVMX word (Block 340). - Next, if the processor is in VMX mode, the
process 330 determines if an operation causing invalidation of one or more TLB entries is performed (i.e., an invalidation operation) (Block 330). For an Intel Architecture processor, examples of such invalidation operations are INVLPG (invalidates only one entry) and loads to the CR3 register (invalidates all entries). If so, theprocess 300 invalidates the one or more TLB entries, as appropriate, provided that every TLB entry invalidated must have a VMX tag word value that matches the value in the TLBVMX word (which may exist only logically), otherwise theprocess 300 is terminated. - Alternatively, if the processor is not in VMX mode, the
process 300 determines if an invalidation operation has been performed (Block 345). If so, theprocess 300 proceeds to invalidate one or more TLB entries, as appropriate to the invalidation operation being performed (e.g., INVLPG on an Intel Architecture processor), providing that the VMX tag word for the entry or entries match according to one of three rules or implementations. The selection of which rule is to be used depends on performance enhancement and implementation risk. In the conservative rule, theprocess 300 invalidates one or more TLB entries regardless of the VMX tag words (Block 350). In one embodiment of the configurable rule, theprocess 300 invalidates only those zero or more TLB entries that have the associated VMX tag word matched with the high order M-M′ bits of the TLBVMX word (FIG. 1 ) by using the TLBVMX mask word to perform a logical AND on the VMX tag word (Block 372). In another embodiment of the configurable rule, only those zero or more TLB entries having a VMX tag word set to match the current (possibly logical) value of the TLBVMX invalidation word are invalidated (Block 374). For all rules, if an invalidation operation is not performed, theprocess 300 is terminated. - Note that, regardless of any rules above defining behavior both inside and outside VMX mode, a change to the
CR_PA 112 register incident to a transition into VMX mode (i.e., VM entrance) or out of VMX mode (i.e., VM exit) does not invalidate any entries in the TLB. This special case is therefore not an invalidation operation. -
FIG. 4 is a list of invalidation operations according to one embodiment of the invention. Specifically, for an Intel Architecture processor there are basically five invalidation operations. - Invalidation operation 1 (Block410): Loading the first register CR3, subject to the setting of the global (G) bit in the TLB entry and other existing TLB behavior such as the width of the TLBVMX word.
- Invalidation operation 2 (Block420): Execution of the page invalidation instruction (e.g., INVLPG instruction in the Intel Architecture)
- Invalidation operation 3 (Block430): Task switching that modifies the first control register CR3.
- Invalidation operation 4 (Block440): Loading the second register CR0 that changes either the PE bit or the PG bit.
- Invalidation operation 5 (Block450): Loading the third register CR4 that changes one or more of the PSE bit, PGE bit, or PAE bit.
- By providing the VMX tag word associated with each TLB entry in the TLB, a VM system can efficiently trap to the VMM and resume execution of the VM without invalidating the TLB. This significantly increases the efficiency of the VMM system.
- While this invention has been described with reference to illustrative embodiments, this description is not intended to be construed in a limiting sense. Various modifications of the illustrative embodiments, as well as other embodiments of the invention, which are apparent to persons skilled in the art to which the invention pertains are deemed to lie within the spirit and scope of the invention.
Claims (80)
1. An apparatus comprising:
a translation lookaside buffer (TLB) in a processor having a plurality of TLB entries, each TLB entry being associated with a virtual machine extension (VMX) tag word indicating if the associated TLB entry is invalidated according to the processor mode when an invalidation operation is performed, the processor mode being one of execution in a virtual machine (VM) and execution not in a virtual machine, the invalidation operation belonging to a non-empty set of invalidation operations composed of a union of (1) a possibly empty set of operations that invalidate a variable number of TLB entries, (2) a possibly empty set of operations that invalidate exactly one TLB entry, (3) a possibly empty set of operations that invalidate the plurality of TLB entries, (4) a possibly empty set of operations that enable and disable use of virtual memory, and (5) a possibly empty set of operations that configure physical address size, page size or other virtual memory system behavior in a manner that changes the manner in which a physical machine interprets the TLB entries;
wherein the invalidation operations include IA-32-specific operations (a) IA-32 task switches involving changes of virtual memory related control registers, or (b) loading of control registers that modify IA-32-specific page size extension (PSE) and physical address extension (PAE).
2. The apparatus of claim 1 wherein the invalidation operation is one of (1) a loading of a first control register conditioned on a global bit, (2) an execution of a page invalidate instruction, (3) an IA-32 task switch involving change of at least one virtual memory related control register (4) a loading of a second control register that modifies one of a protected mode indicator and a page mode indicator, and (5) a loading of a third control register that modifies one of an IA-32-specific page size extension (PSE), a page global enable (PGE), and a physical address extension (PAE).
3. The apparatus of claim 2 wherein the processor is in or not in VMX mode and the TLB entry is not invalidated at loading of the first control register when one of a transition into VMX mode (a VM entrance) and a transition out of VMX mode (a VM exit) occurs.
4. The apparatus of claim 3 wherein the VMX tag word is a single bit and
the VMX tag word is negated for a new TLB entry when the processor is not in VMX mode and the VMX tag word is asserted for a new TLB entry when the processor is in VMX mode; and
the TLB entry is invalidated when an invalidation operation is performed and the VMX tag word is asserted and the processor is in VMX mode.
5. The apparatus of claim 4 wherein the TLB entry is invalidated irrespective of value of the VMX tag word when an invalidation operation is performed and the processor is not in VMX mode.
6. The apparatus of claim 4 wherein a field in a control register is designated the translation lookaside buffer virtual machine extension (TLBVMX) word and the TLB entry is invalidated when an invalidation operation is performed and the VMX tag word matches the TLBVMX word and the processor is not in VMX mode.
7. The apparatus of claim 3 wherein the VMX tag word is a single bit and
the VMX tag word is asserted for a new TLB entry when the processor is not in VMX mode and the VMX tag word is negated for a new TLB entry when the processor is in VMX mode; and
the TLB entry is invalidated when an invalidation operation is performed and the VMX tag word is negated and the processor is in VMX mode.
8. The apparatus of claim 7 wherein the TLB entry is invalidated irrespective of the value of the VMX tag word when an invalidation operation is performed and the processor is not in VMX mode.
9. The apparatus of claim 7 wherein a field in a control register is designated the TLBVMX word and the TLB entry is invalidated when an invalidation operation is performed and the VMX tag word matches the TLBVMX word and the processor is not in VMX mode.
10. The apparatus of claim 1 wherein invalidation of a TLB entry by an invalidation operation is further conditioned upon value of one or more control words associated with the TLB.
11. The apparatus of claim 10 wherein the control word or words associated with the TLB are located in one or more of the control registers of the processor or in a Virtual Machine Control Structure (VMCS) in memory.
12. The apparatus of claim 11 wherein one of the control words associated with the TLB is distinguished such that the VMX tag word is set to match a distinguished control word for a new TLB entry, the distinguished control word associated with the TLB being designated the TLBVMX word.
13. The apparatus of claim 12 wherein the TLBVMX word is set to one of a plurality of values that constitute a proper subset of a set of all possible values for a VMX tag word when the processor mode corresponds to execution in a virtual machine (VM).
14. The apparatus of claim 13 wherein the TLB entry is invalidated when an invalidation operation is performed and the value of the associated VMX tag word matches the value of the TLBVMX word and the processor mode corresponds to execution in a virtual machine (VM).
15. The apparatus of claim 14 wherein the one or more control words associated with the TLB, including the TLBVMX word, are configurable when the processor mode corresponds to execution not in a virtual machine.
16. The apparatus of claim 13 wherein the TLBVMX word is set to one of a plurality of values that constitute a proper subset of a set of all possible values for a VMX tag word when the processor mode corresponds to execution not in a virtual machine.
17. The apparatus of claim 16 wherein a set theoretic intersection of the plurality of values allowable for the TLBVMX word when the processor mode corresponds to execution not in a virtual machine and the plurality of values allowable for the TLBVMX word when the processor mode corresponds to execution in a virtual machine (VM) is an empty set.
18. The apparatus of claim 16 wherein invalidation of a TLB entry by an invalidation operation is further conditioned upon value of a second control word associated with the TLB when the processor mode corresponds to execution not in a virtual machine.
19. The apparatus of claim 18 wherein the TLB entry is invalidated when an invalidation operation is performed and the associated VMX tag word matches the second control word associated with the TLB and the processor mode corresponds to execution not in a virtual machine.
20. The apparatus of claim 18 wherein the TLB entry is invalidated when an invalidation operation is performed and the logical AND of the associated VMX tag word and the second control word associated with the TLB matches the TLBVMX word and the processor mode corresponds to execution in a virtual machine, the second control word associated with the TLB being designated the TLBVMX mask word.
21. The apparatus of claim 20 wherein access by software to configure a portion of the TLBVMX word when the processor mode corresponds to execution in a virtual machine (VM) is conditioned upon value of the TLBVMX mask word such that software executing when the processor mode corresponds to execution in a virtual machine (VM) is able to set the TLBVMX word to a value such that the logical AND of a new value of the TLBVMX word and a value of the TLBVMX mask word matches a logical AND of a previous value of the TLBVMX word and the value of TLBVMX mask word.
22. (canceled)
23. (canceled)
24. (canceled)
25. The apparatus of claim 20 wherein the bits configured in the VMX tag word and the TLBVMX word are determined by an execution of a specified processor instruction in a specified manner.
26. (canceled)
27. The apparatus of claim 18 wherein the TLB entry is invalidated when an invalidation operation is performed and the logical AND of the associated VMX tag word with a logical NOT of the second control word associated with the TLB matches the TLBVMX word and the processor mode corresponds to execution in a virtual machine (VM), the second control word associated with the TLB being designated the TLBVMX inverted mask word.
28. The apparatus of claim 27 wherein access by software to configure a portion of the TLBVMX word when the processor mode corresponds to execution in a virtual machine (VM) is conditioned upon the value of the TLBVMX inverted mask word such that software executing when the processor mode corresponds to execution in a virtual machine (VM) is able to set the TLBVMX word to a value such that a logical AND of a new value of the TLBVMX word and the logical NOT of the TLBVMX inverted mask word matches the logical AND of a previous value of the TLBVMX word and the logical NOT of TLBVMX inverted mask word.
29. (canceled)
30. (canceled)
31. (canceled)
32. (canceled)
33. (canceled)
34. The apparatus of claim 16 wherein size of a VMX tag word and the TLBVMX word is determined by executing a specified processor instruction in a specified manner.
35. The apparatus of claim 34 wherein the processor is compatible with the Intel Architecture and the specified instruction is a CPUID instruction and the specified manner is to have a specified value in an EAX register when the CPUID instruction is executed.
36. A method comprising:
associating a translation lookaside buffer (TLB) entry in a plurality of TLB entries in a processor with a virtual machine extension (VMX) tag word to indicate if the associated TLB entry is invalidated according to the processor mode when an invalidation operation is performed, the processor mode being one of execution in a virtual machine (VM) and execution not in a virtual machine; and
performing the invalidation operation, the invalidation operation belonging to a non-empty set of invalidation operations composed of a union of (1) a possibly empty set of operations that invalidate a variable number of TLB entries, (2) a possibly empty set of operations that invalidate exactly one TLB entry, (3) a possibly empty set of operations that invalidate the plurality of TLB entries, (4) a possibly empty set of operations that enable and disable use of virtual memory, and (5) a possibly empty set of operations that configure physical address size, page size or other virtual memory system behavior in a manner that changes the manner in which a physical machine interprets the TLB entries;
wherein the invalidation operations include IA-32-specific operations (a) IA-32 task switches involving changes of virtual memory related control registers, or (b) loading of control registers that modify IA-32-specific page size extension (PSE) and physical address extension (PAE).
37. The method of claim 36 wherein performing comprises performing the invalidation operation being one of (1) a loading of a first control register conditioned on a global bit, (2) an execution of a page invalidate instruction, (3) an IA-32 task switch involving change of at least one virtual memory related control register, (4) a loading of a second control register that modifies one of a protected mode indicator and a page mode indicator, and (5) a loading of a third control register that modifies one of an IA-32-specific page size extension (PSE), a page global enable (PGE), and a physical address extension (PAE).
38. The method of claim 37 wherein the processor is in or not in VMX mode and the TLB entry is not invalidated at loading of the first control register when one of a transition into VMX mode (a VM entrance) and a transition out of VMX mode (a VM exit) occurs.
39. The method of claim 38 further comprising:
negating the VMX tag word for a new TLB entry when the processor is not in VMX mode, the VMX tag word being a single bit;
asserting the VMX tag word for a new TLB entry when the processor is in VMX mode; and
invalidating the TLB entry when an invalidation operation is performed and the VMX tag word is asserted and the processor is in VMX mode.
40. The method of claim 39 wherein invalidating comprises invalidating the TLB entry irrespective of value of the VMX tag word when an invalidation operation is performed and the processor is not in VMX mode.
41. The method of claim 39 wherein invalidating comprises invalidating the TLB entry when an invalidation operation is performed and the VMX tag word matches the translation lookaside buffer virtual machine extension (TLBVMX) word and the processor is not in VMX mode, the TLBVMX word designating a field in a control register.
42. The method of claim 38 further comprising:
asserting the VMX tag word for a new TLB entry when the processor is not in VMX mode, the VMX tag word being a single bit;
negating the VMX tag word for a new TLB entry when the processor is in VMX mode; and
invalidating the TLB entry when an invalidation operation is performed and the VMX tag word is negated and the processor is in VMX mode.
43. The method of claim 42 wherein invalidating comprises invalidating the TLB entry irrespective of the value of the VMX tag word when an invalidation operation is performed and the processor is not in VMX mode.
44. The method of claim 42 wherein invalidating comprises invalidating the TLB entry when an invalidation operation is performed and the VMX tag word matches the TLBVMX word and the processor is not in VMX mode, the TLBVMX word designating a field in a control register.
45. The method of claim 42 wherein invalidating comprises invalidating the TLB entry by the invalidation operation conditioned upon value of one or more control words associated with the TLB.
46. The method of claim 45 wherein the control word or words associated with the TLB are located in one or more of the control registers of the processor or in a Virtual Machine Control Structure (VMCS) in memory.
47. The method of claim 46 further comprising distinguishing one of the control words associated with the TLB such that the VMX tag word is set to match a distinguished control word for a new TLB entry, the distinguished control word associated with the TLB being designated the TLBVMX word.
48. The method of claim 47 further comprising setting the TLBVMX word to one of a plurality of values that constitute a proper subset of a set of all possible values for a VMX tag word when the processor mode corresponds to execution in a virtual machine (VM).
49. The method of claim 48 wherein invalidating comprises invalidating the TLB entry when an invalidation operation is performed and the value of the associated VMX tag word matches the value of the TLBVMX word and the processor mode corresponds to execution in a virtual machine (VM).
50. The method of claim 49 further comprising configuring the one or more control words associated with the TLB, including the TLBVMX word, when the processor mode corresponds to execution not in a virtual machine.
51. The method of claim 48 further comprising setting the TLBVMX word to one of a plurality of values that constitute a proper subset of a set of all possible values for a VMX tag word when the processor mode corresponds to execution not in a virtual machine.
52. The method of claim 51 wherein a set theoretic intersection of the plurality of values allowable for the TLBVMX word when the processor mode corresponds to execution not in a virtual machine and the plurality of values allowable for the TLBVMX word when the processor mode corresponds to execution in a virtual machine (VM) is an empty set.
53. The method of claim 51 wherein invalidation of a TLB entry by an invalidation operation is further conditioned upon value of a second control word associated with the TLB when the processor mode corresponds to execution not in a virtual machine.
54. The method of claim 53 wherein invalidating comprises invalidating the TLB entry when an invalidation operation is performed and the associated VMX tag word matches the second control word associated with the TLB and the processor mode corresponds to execution not in a virtual machine.
55. The method of claim 53 wherein invalidating comprises invalidating the TLB entry when an invalidation operation is performed and the logical AND of the associated VMX tag word and the second control word associated with the TLB matches the TLBVMX word and the processor mode corresponds to execution in a virtual machine, the second control word associated with the TLB being designated the TLBVMX mask word.
56. The method of claim 55 further comprising accessing by software to configure a portion of the TLBVMX word when the processor mode corresponds to execution in a virtual machine (VM) conditioned upon value of the TLBVMX mask word such that software executing when the processor mode corresponds to execution in a virtual machine (VM) is able to set the TLBVMX word to a value such that the logical AND of a new value of the TLBVMX word and a value of the TLBVMX mask word matches a logical AND of a previous value of the TLBVMX word and the value of TLBVMX mask word.
57. (canceled)
58. (canceled)
59. (canceled)
60. (canceled)
61. (canceled)
62. The method of claim 53 wherein invalidating comprises invalidating the TLB entry when an invalidation operation is performed and the logical AND of the associated VMX tag word with a logical NOT of the second control word associated with the TLB matches the TLBVMX word and the processor mode corresponds to execution in a virtual machine (VM), the second control word associated with the TLB being designated the TLBVMX inverted mask word.
63. The method of claim 62 further comprising accessing by software to configure a portion of the TLBVMX word when the processor mode corresponds to execution in a virtual machine (VM) conditioned upon the value of the TLBVMX inverted mask word such that software executing when the processor mode corresponds to execution in a virtual machine (VM) is able to set the TLBVMX word to a value such that a logical AND of a new value of the TLBVMX word and the logical NOT of the TLBVMX inverted mask word matches the logical AND of a previous value of the TLBVMX word and the logical NOT of TLBVMX inverted mask word.
64. (canceled)
65. (canceled)
66. (canceled)
67. (canceled)
68. (canceled)
69. The method of claim 51 wherein determining comprises determining size of a VMX tag word and the TLBVMX word by executing a specified processor instruction in a specified manner.
70. The method of claim 69 wherein the processor is compatible with the Intel Architecture and the specified instruction is a CPUID instruction and the specified manner is to have a specified value in an EAX register when the CPUID instruction is executed.
71. A processor comprising:
a translation lookaside buffer (TLB) having a plurality of TLB entries, each TLB entry being associated with a virtual machine extension (VMX) tag word indicating if the associated TLB entry is invalidated according to the processor mode when an invalidation operation is performed, the processor mode being one of execution in a virtual machine (VM) and execution not in a virtual machine, the invalidation operation belonging to a non-empty set of invalidation operations composed of a union of (1) a possibly empty set of operations that invalidate a variable number of TLB entries, (2) a possibly empty set of operations that invalidate exactly one TLB entry, (3) a possibly empty set of operations that invalidate the plurality of TLB entries, (4) a possibly empty set of operations that enable and disable use of virtual memory, and (5) a possibly empty set of operations that configure physical address size, page size or other virtual memory system behavior in a manner that changes the manner in which a physical machine interprets the TLB entries; and
first, second, and third registers coupled to the TLB to store information related to the invalidation operation
wherein the invalidation operations include IA-32-specific operations (a) IA-32 task switches involving changes of virtual memory related control registers, or (b) loading of control registers that modify IA-32-specific page size extension (PSE) and physical address extension (PAE).
72. The processor of claim 71 wherein the invalidation operation is one of (1) a loading of the first control register conditioned on a global bit, (2) an execution of a page invalidate instruction, (3) an IA-32 task switch involving change of at least one virtual memory related control register, and (5) a loading of the third control register that modifies one of an IA-32-specific page size extension (PSE), a page global enable (PGE), and a physical address extension (PAE).
73. The processor of claim 72 wherein the processor is in or not in VMX mode and the TLB entry is not invalidated at loading of the first control register when one of a transition into VMX mode (a VM entrance) and a transition out of VMX mode (a VM exit) occurs.
74. The processor of claim 73 wherein the VMX tag word is a single bit and
the VMX tag word is negated for a new TLB entry when the processor is not in VMX mode and the VMX tag word is asserted for a new TLB entry when the processor is in VMX mode; and
the TLB entry is invalidated when an invalidation operation is performed and the VMX tag word is asserted and the processor is in VMX mode.
75. The processor of claim 74 wherein the TLB entry is invalidated irrespective of value of the VMX tag word when an invalidation operation is performed and the processor is not in VMX mode.
76. The processor of claim 74 wherein a field in a control register is designated the translation lookaside buffer virtual machine extension (TLBVMX) word and the TLB entry is invalidated when an invalidation operation is performed and the VMX tag word matches the TLBVMX word and the processor is not in VMX mode.
77. The processor of claim 73 wherein the VMX tag word is a single bit and
the VMX tag word is asserted for a new TLB entry when the processor is not in VMX mode and the VMX tag word is negated for a new TLB entry when the processor is in VMX mode; and
the TLB entry is invalidated when an invalidation operation is performed and the VMX tag word is negated and the processor is in VMX mode.
78. The processor of claim 77 wherein the TLB entry is invalidated irrespective of the value of the VMX tag word when an invalidation operation is performed and the processor is not in VMX mode.
79. The processor of claim 77 wherein a field in a control register is designated the TLBVMX word and the TLB entry is invalidated when an invalidation operation is performed and the VMX tag word matches the TLBVMX word and the processor is not in VMX mode.
80. (canceled)
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/676,584 US20050080934A1 (en) | 2003-09-30 | 2003-09-30 | Invalidating translation lookaside buffer entries in a virtual machine (VM) system |
US10/973,678 US7865670B2 (en) | 2003-09-30 | 2004-10-25 | Invalidating translation lookaside buffer entries in a virtual machine (VM) system |
US12/959,109 US8543772B2 (en) | 2003-09-30 | 2010-12-02 | Invalidating translation lookaside buffer entries in a virtual machine (VM) system |
US13/837,648 US8751752B2 (en) | 2003-09-30 | 2013-03-15 | Invalidating translation lookaside buffer entries in a virtual machine system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/676,584 US20050080934A1 (en) | 2003-09-30 | 2003-09-30 | Invalidating translation lookaside buffer entries in a virtual machine (VM) system |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/973,678 Continuation US7865670B2 (en) | 2003-09-30 | 2004-10-25 | Invalidating translation lookaside buffer entries in a virtual machine (VM) system |
Publications (1)
Publication Number | Publication Date |
---|---|
US20050080934A1 true US20050080934A1 (en) | 2005-04-14 |
Family
ID=34422112
Family Applications (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/676,584 Abandoned US20050080934A1 (en) | 2003-09-30 | 2003-09-30 | Invalidating translation lookaside buffer entries in a virtual machine (VM) system |
US10/973,678 Expired - Fee Related US7865670B2 (en) | 2003-09-30 | 2004-10-25 | Invalidating translation lookaside buffer entries in a virtual machine (VM) system |
US12/959,109 Active 2024-07-25 US8543772B2 (en) | 2003-09-30 | 2010-12-02 | Invalidating translation lookaside buffer entries in a virtual machine (VM) system |
US13/837,648 Expired - Fee Related US8751752B2 (en) | 2003-09-30 | 2013-03-15 | Invalidating translation lookaside buffer entries in a virtual machine system |
Family Applications After (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/973,678 Expired - Fee Related US7865670B2 (en) | 2003-09-30 | 2004-10-25 | Invalidating translation lookaside buffer entries in a virtual machine (VM) system |
US12/959,109 Active 2024-07-25 US8543772B2 (en) | 2003-09-30 | 2010-12-02 | Invalidating translation lookaside buffer entries in a virtual machine (VM) system |
US13/837,648 Expired - Fee Related US8751752B2 (en) | 2003-09-30 | 2013-03-15 | Invalidating translation lookaside buffer entries in a virtual machine system |
Country Status (1)
Country | Link |
---|---|
US (4) | US20050080934A1 (en) |
Cited By (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050044408A1 (en) * | 2003-08-18 | 2005-02-24 | Bajikar Sundeep M. | Low pin count docking architecture for a trusted platform |
US20060069899A1 (en) * | 2004-09-30 | 2006-03-30 | Ioannis Schoinas | Performance enhancement of address translation using translation tables covering large address spaces |
US20060259734A1 (en) * | 2005-05-13 | 2006-11-16 | Microsoft Corporation | Method and system for caching address translations from multiple address spaces in virtual machines |
US20070083739A1 (en) * | 2005-08-29 | 2007-04-12 | Glew Andrew F | Processor with branch predictor |
US20070112999A1 (en) * | 2005-11-15 | 2007-05-17 | Microsoft Corporation | Efficient power management of a system with virtual machines |
US20080133889A1 (en) * | 2005-08-29 | 2008-06-05 | Centaurus Data Llc | Hierarchical instruction scheduler |
US20080133883A1 (en) * | 2005-08-29 | 2008-06-05 | Centaurus Data Llc | Hierarchical store buffer |
US20080133893A1 (en) * | 2005-08-29 | 2008-06-05 | Centaurus Data Llc | Hierarchical register file |
US20080134174A1 (en) * | 2006-12-05 | 2008-06-05 | Microsoft Corporation | Reduction of operational costs of virtual TLBs |
US20080162868A1 (en) * | 2006-12-28 | 2008-07-03 | Andy Glew | Means to share translation lookaside buffer (TLB) entries between different contexts |
US20120330640A1 (en) * | 2004-08-30 | 2012-12-27 | International Business Machines Corporation | Simplifying the deployment and serviceability of commercial software environments |
CN104050017A (en) * | 2014-07-01 | 2014-09-17 | 龙芯中科技术有限公司 | Method and device for controlling operating virtual machine |
US20150312109A1 (en) * | 2014-04-24 | 2015-10-29 | International Business Machines Corporation | Administering virtual machines in a distributed computing environment |
US9176741B2 (en) | 2005-08-29 | 2015-11-03 | Invention Science Fund I, Llc | Method and apparatus for segmented sequential storage |
US20160140051A1 (en) * | 2014-11-14 | 2016-05-19 | Cavium, Inc. | Translation lookaside buffer invalidation suppression |
US20160140040A1 (en) * | 2014-11-14 | 2016-05-19 | Cavium, Inc. | Filtering translation lookaside buffer invalidations |
US9503515B2 (en) | 2014-04-24 | 2016-11-22 | International Business Machines Corporation | Administering virtual machines in a distributed computing environment |
US9606824B2 (en) | 2014-04-24 | 2017-03-28 | International Business Machines Corporation | Administering virtual machines in a distributed computing environment |
US9612857B2 (en) | 2014-04-24 | 2017-04-04 | International Business Machines Corporation | Administering virtual machines in a distributed computing environment |
US9672159B2 (en) * | 2015-07-02 | 2017-06-06 | Arm Limited | Translation buffer unit management |
US9858099B2 (en) | 2014-04-24 | 2018-01-02 | International Business Machines Corporation | Administering virtual machines in a distributed computing environment |
US20180067866A1 (en) * | 2016-09-08 | 2018-03-08 | Intel Corporation | Translate on virtual machine entry |
EP3333699A1 (en) * | 2016-12-12 | 2018-06-13 | INTEL Corporation | System and method to improve nested virtual machine monitor performance |
Families Citing this family (45)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080005399A1 (en) * | 2006-05-16 | 2008-01-03 | Ati Technologies Inc. | Method and Apparatus for Determining the Status of Bus Requests and Responses |
US8601470B2 (en) * | 2007-01-05 | 2013-12-03 | Moka5, Inc. | Symbiotic smart peripherals |
US9268694B2 (en) | 2013-09-26 | 2016-02-23 | Cavium, Inc. | Maintenance of cache and tags in a translation lookaside buffer |
US9639476B2 (en) | 2013-09-26 | 2017-05-02 | Cavium, Inc. | Merged TLB structure for multiple sequential address translations |
US9645941B2 (en) | 2013-09-26 | 2017-05-09 | Cavium, Inc. | Collapsed address translation with multiple page sizes |
US9208103B2 (en) | 2013-09-26 | 2015-12-08 | Cavium, Inc. | Translation bypass in multi-stage address translation |
US9384133B2 (en) | 2014-05-30 | 2016-07-05 | International Business Machines Corporation | Synchronizing updates of page table status indicators and performing bulk operations |
US9785554B2 (en) | 2014-05-30 | 2017-10-10 | International Business Machines Corporation | Synchronizing updates of page table status indicators in a multiprocessing environment |
US9501425B2 (en) * | 2014-11-14 | 2016-11-22 | Cavium, Inc. | Translation lookaside buffer management |
US9665505B2 (en) | 2014-11-14 | 2017-05-30 | Cavium, Inc. | Managing buffered communication between sockets |
US9870328B2 (en) | 2014-11-14 | 2018-01-16 | Cavium, Inc. | Managing buffered communication between cores |
US9910776B2 (en) | 2014-11-14 | 2018-03-06 | Cavium, Inc. | Instruction ordering for in-progress operations |
JP2016139322A (en) * | 2015-01-28 | 2016-08-04 | 株式会社リコー | Image processor and electronic blackboard provided with the same |
US10216662B2 (en) * | 2015-09-26 | 2019-02-26 | Intel Corporation | Hardware mechanism for performing atomic actions on remote processors |
US10261916B2 (en) * | 2016-03-25 | 2019-04-16 | Advanced Micro Devices, Inc. | Adaptive extension of leases for entries in a translation lookaside buffer |
US9779028B1 (en) | 2016-04-01 | 2017-10-03 | Cavium, Inc. | Managing translation invalidation |
US10678702B2 (en) | 2016-05-27 | 2020-06-09 | Advanced Micro Devices, Inc. | Using multiple memory elements in an input-output memory management unit for performing virtual address to physical address translations |
US10599569B2 (en) | 2016-06-23 | 2020-03-24 | International Business Machines Corporation | Maintaining consistency between address translations in a data processing system |
US10169243B2 (en) | 2016-07-18 | 2019-01-01 | International Business Machines Corporation | Reducing over-purging of structures associated with address translation |
US10176006B2 (en) | 2016-07-18 | 2019-01-08 | International Business Machines Corporation | Delaying purging of structures associated with address translation |
US10802986B2 (en) | 2016-07-18 | 2020-10-13 | International Business Machines Corporation | Marking to indicate memory used to back address translation structures |
US10241924B2 (en) | 2016-07-18 | 2019-03-26 | International Business Machines Corporation | Reducing over-purging of structures associated with address translation using an array of tags |
US10180909B2 (en) | 2016-07-18 | 2019-01-15 | International Business Machines Corporation | Host-based resetting of active use of guest page table indicators |
US10176110B2 (en) | 2016-07-18 | 2019-01-08 | International Business Machines Corporation | Marking storage keys to indicate memory used to back address translation structures |
US10282305B2 (en) | 2016-07-18 | 2019-05-07 | International Business Machines Corporation | Selective purging of entries of structures associated with address translation in a virtualized environment |
US10223281B2 (en) | 2016-07-18 | 2019-03-05 | International Business Machines Corporation | Increasing the scope of local purges of structures associated with address translation |
US10176111B2 (en) | 2016-07-18 | 2019-01-08 | International Business Machines Corporation | Host page management using active guest page table indicators |
US10162764B2 (en) | 2016-07-18 | 2018-12-25 | International Business Machines Corporation | Marking page table/page status table entries to indicate memory used to back address translation structures |
US10248573B2 (en) | 2016-07-18 | 2019-04-02 | International Business Machines Corporation | Managing memory used to back address translation structures |
US10168902B2 (en) | 2016-07-18 | 2019-01-01 | International Business Machines Corporation | Reducing purging of structures associated with address translation |
US10853262B2 (en) | 2016-11-29 | 2020-12-01 | Arm Limited | Memory address translation using stored key entries |
US10706143B2 (en) * | 2017-05-19 | 2020-07-07 | Intel Corporation | Techniques for secure-chip memory for trusted execution environments |
US10169233B2 (en) | 2017-06-05 | 2019-01-01 | International Business Machines Corporation | Translation lookaside buffer purging with concurrent cache updates |
US10353827B2 (en) | 2017-06-07 | 2019-07-16 | International Business Machines Corporation | Zone-SDID mapping scheme for TLB purges |
GB2565069B (en) * | 2017-07-31 | 2021-01-06 | Advanced Risc Mach Ltd | Address translation cache |
US10866904B2 (en) | 2017-11-22 | 2020-12-15 | Arm Limited | Data storage for multiple data types |
US10929308B2 (en) * | 2017-11-22 | 2021-02-23 | Arm Limited | Performing maintenance operations |
US10831673B2 (en) | 2017-11-22 | 2020-11-10 | Arm Limited | Memory address translation |
US10867092B2 (en) | 2017-12-16 | 2020-12-15 | Intel Corporation | Avoiding asynchronous enclave exits based on requests to invalidate translation lookaside buffer entries |
US11847064B2 (en) | 2018-12-07 | 2023-12-19 | International Business Machines Corporation | Buffer and methods for address translations in a processor |
US10740239B2 (en) | 2018-12-11 | 2020-08-11 | International Business Machines Corporation | Translation entry invalidation in a multithreaded data processing system |
US10977183B2 (en) | 2018-12-11 | 2021-04-13 | International Business Machines Corporation | Processing a sequence of translation entry invalidation requests with regard to draining a processor core |
US10817434B2 (en) | 2018-12-19 | 2020-10-27 | International Business Machines Corporation | Interruptible translation entry invalidation in a multithreaded data processing system |
US11275697B2 (en) * | 2019-05-31 | 2022-03-15 | Apple Inc. | Translation lookaside buffer invalidation for merged invalidation requests across power boundaries |
US11537519B1 (en) | 2021-07-29 | 2022-12-27 | International Business Machines Corporation | Marking in-flight requests affected by translation entry invalidation in a data processing system |
Citations (98)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US3996449A (en) * | 1975-08-25 | 1976-12-07 | International Business Machines Corporation | Operating system authenticator |
US4037214A (en) * | 1976-04-30 | 1977-07-19 | International Business Machines Corporation | Key register controlled accessing system |
US4162536A (en) * | 1976-01-02 | 1979-07-24 | Gould Inc., Modicon Div. | Digital input/output system and method |
US4247905A (en) * | 1977-08-26 | 1981-01-27 | Sharp Kabushiki Kaisha | Memory clear system |
US4276594A (en) * | 1978-01-27 | 1981-06-30 | Gould Inc. Modicon Division | Digital computer with multi-processor capability utilizing intelligent composite memory and input/output modules and method for performing the same |
US4278837A (en) * | 1977-10-31 | 1981-07-14 | Best Robert M | Crypto microprocessor for executing enciphered programs |
US4307447A (en) * | 1979-06-19 | 1981-12-22 | Gould Inc. | Programmable controller |
US4319323A (en) * | 1980-04-04 | 1982-03-09 | Digital Equipment Corporation | Communications device for data processing system |
US4347565A (en) * | 1978-12-01 | 1982-08-31 | Fujitsu Limited | Address control system for software simulation |
US4366537A (en) * | 1980-05-23 | 1982-12-28 | International Business Machines Corp. | Authorization mechanism for transfer of program control or data between different address spaces having different storage protect keys |
US4430709A (en) * | 1980-09-13 | 1984-02-07 | Robert Bosch Gmbh | Apparatus for safeguarding data entered into a microprocessor |
US4521852A (en) * | 1982-06-30 | 1985-06-04 | Texas Instruments Incorporated | Data processing device formed on a single semiconductor substrate having secure memory |
US4571672A (en) * | 1982-12-17 | 1986-02-18 | Hitachi, Ltd. | Access control method for multiprocessor systems |
US4759064A (en) * | 1985-10-07 | 1988-07-19 | Chaum David L | Blind unanticipated signature systems |
US4795893A (en) * | 1986-07-11 | 1989-01-03 | Bull, Cp8 | Security device prohibiting the function of an electronic data processing unit after a first cutoff of its electrical power |
US4825052A (en) * | 1985-12-31 | 1989-04-25 | Bull Cp8 | Method and apparatus for certifying services obtained using a portable carrier such as a memory card |
US4907272A (en) * | 1986-07-11 | 1990-03-06 | Bull Cp8 | Method for authenticating an external authorizing datum by a portable object, such as a memory card |
US4907270A (en) * | 1986-07-11 | 1990-03-06 | Bull Cp8 | Method for certifying the authenticity of a datum exchanged between two devices connected locally or remotely by a transmission line |
US4910774A (en) * | 1987-07-10 | 1990-03-20 | Schlumberger Industries | Method and system for suthenticating electronic memory cards |
US5007082A (en) * | 1988-08-03 | 1991-04-09 | Kelly Services, Inc. | Computer software encryption apparatus |
US5022077A (en) * | 1989-08-25 | 1991-06-04 | International Business Machines Corp. | Apparatus and method for preventing unauthorized access to BIOS in a personal computer system |
US5075842A (en) * | 1989-12-22 | 1991-12-24 | Intel Corporation | Disabling tag bit recognition and allowing privileged operations to occur in an object-oriented memory protection mechanism |
US5079737A (en) * | 1988-10-25 | 1992-01-07 | United Technologies Corporation | Memory management unit for the MIL-STD 1750 bus |
US5139760A (en) * | 1989-02-28 | 1992-08-18 | Mizusawa Industrial Chemicals, Ltd. | Amorphous silica-alumina spherical particles and process for preparation thereof |
US5255379A (en) * | 1990-12-28 | 1993-10-19 | Sun Microsystems, Inc. | Method for automatically transitioning from V86 mode to protected mode in a computer system using an Intel 80386 or 80486 processor |
US5293424A (en) * | 1992-10-14 | 1994-03-08 | Bull Hn Information Systems Inc. | Secure memory card |
US5317705A (en) * | 1990-10-24 | 1994-05-31 | International Business Machines Corporation | Apparatus and method for TLB purge reduction in a multi-level machine system |
US5319760A (en) * | 1991-06-28 | 1994-06-07 | Digital Equipment Corporation | Translation buffer for virtual machines with address space match |
US5386552A (en) * | 1991-10-21 | 1995-01-31 | Intel Corporation | Preservation of a computer system processing state in a mass storage device |
US5421006A (en) * | 1992-05-07 | 1995-05-30 | Compaq Computer Corp. | Method and apparatus for assessing integrity of computer system software |
US5434999A (en) * | 1988-11-09 | 1995-07-18 | Bull Cp8 | Safeguarded remote loading of service programs by authorizing loading in protected memory zones in a terminal |
US5437033A (en) * | 1990-11-16 | 1995-07-25 | Hitachi, Ltd. | System for recovery from a virtual machine monitor failure with a continuous guest dispatched to a nonguest mode |
US5442645A (en) * | 1989-06-06 | 1995-08-15 | Bull Cp8 | Method for checking the integrity of a program or data, and apparatus for implementing this method |
US5455909A (en) * | 1991-07-05 | 1995-10-03 | Chips And Technologies Inc. | Microprocessor with operation capture facility |
US5459867A (en) * | 1989-10-20 | 1995-10-17 | Iomega Corporation | Kernels, description tables, and device drivers |
US5459869A (en) * | 1994-02-17 | 1995-10-17 | Spilo; Michael L. | Method for providing protected mode services for device drivers and other resident software |
US5469557A (en) * | 1993-03-05 | 1995-11-21 | Microchip Technology Incorporated | Code protection in microcontroller with EEPROM fuses |
US5473692A (en) * | 1994-09-07 | 1995-12-05 | Intel Corporation | Roving software license for a hardware agent |
US5479509A (en) * | 1993-04-06 | 1995-12-26 | Bull Cp8 | Method for signature of an information processing file, and apparatus for implementing it |
US5504922A (en) * | 1989-06-30 | 1996-04-02 | Hitachi, Ltd. | Virtual machine with hardware display controllers for base and target machines |
US5511217A (en) * | 1992-11-30 | 1996-04-23 | Hitachi, Ltd. | Computer system of virtual machines sharing a vector processor |
US5522075A (en) * | 1991-06-28 | 1996-05-28 | Digital Equipment Corporation | Protection ring extension for computers having distinct virtual machine monitor and virtual machine address spaces |
US5528231A (en) * | 1993-06-08 | 1996-06-18 | Bull Cp8 | Method for the authentication of a portable object by an offline terminal, and apparatus for implementing the process |
US5533126A (en) * | 1993-04-22 | 1996-07-02 | Bull Cp8 | Key protection device for smart cards |
US5566323A (en) * | 1988-12-20 | 1996-10-15 | Bull Cp8 | Data processing system including programming voltage inhibitor for an electrically erasable reprogrammable nonvolatile memory |
US5604805A (en) * | 1994-02-28 | 1997-02-18 | Brands; Stefanus A. | Privacy-protected transfer of electronic information |
US5606617A (en) * | 1994-10-14 | 1997-02-25 | Brands; Stefanus A. | Secret-key certificates |
US5615263A (en) * | 1995-01-06 | 1997-03-25 | Vlsi Technology, Inc. | Dual purpose security architecture with protected internal operating system |
US5628022A (en) * | 1993-06-04 | 1997-05-06 | Hitachi, Ltd. | Microcomputer with programmable ROM |
US5633929A (en) * | 1995-09-15 | 1997-05-27 | Rsa Data Security, Inc | Cryptographic key escrow system having reduced vulnerability to harvesting attacks |
US5657445A (en) * | 1996-01-26 | 1997-08-12 | Dell Usa, L.P. | Apparatus and method for limiting access to mass storage devices in a computer system |
US5717903A (en) * | 1995-05-15 | 1998-02-10 | Compaq Computer Corporation | Method and appartus for emulating a peripheral device to allow device driver development before availability of the peripheral device |
US5720609A (en) * | 1991-01-09 | 1998-02-24 | Pfefferle; William Charles | Catalytic method |
US5721222A (en) * | 1992-04-16 | 1998-02-24 | Zeneca Limited | Heterocyclic ketones |
US5729760A (en) * | 1996-06-21 | 1998-03-17 | Intel Corporation | System for providing first type access to register if processor in first mode and second type access to register if processor not in first mode |
US5737604A (en) * | 1989-11-03 | 1998-04-07 | Compaq Computer Corporation | Method and apparatus for independently resetting processors and cache controllers in multiple processor systems |
US5737760A (en) * | 1995-10-06 | 1998-04-07 | Motorola Inc. | Microcontroller with security logic circuit which prevents reading of internal memory by external program |
US5757919A (en) * | 1996-12-12 | 1998-05-26 | Intel Corporation | Cryptographically protected paging subsystem |
US5764969A (en) * | 1995-02-10 | 1998-06-09 | International Business Machines Corporation | Method and system for enhanced management operation utilizing intermixed user level and supervisory level instructions with partial concept synchronization |
US5796835A (en) * | 1992-10-27 | 1998-08-18 | Bull Cp8 | Method and system for writing information in a data carrier making it possible to later certify the originality of this information |
US5796845A (en) * | 1994-05-23 | 1998-08-18 | Matsushita Electric Industrial Co., Ltd. | Sound field and sound image control apparatus and method |
US5805712A (en) * | 1994-05-31 | 1998-09-08 | Intel Corporation | Apparatus and method for providing secured communications |
US5825875A (en) * | 1994-10-11 | 1998-10-20 | Cp8 Transac | Process for loading a protected storage zone of an information processing device, and associated device |
US5835594A (en) * | 1996-02-09 | 1998-11-10 | Intel Corporation | Methods and apparatus for preventing unauthorized write access to a protected non-volatile storage |
US5844986A (en) * | 1996-09-30 | 1998-12-01 | Intel Corporation | Secure BIOS |
US5852717A (en) * | 1996-11-20 | 1998-12-22 | Shiva Corporation | Performance optimizations for computer networks utilizing HTTP |
US5854913A (en) * | 1995-06-07 | 1998-12-29 | International Business Machines Corporation | Microprocessor with an architecture mode control capable of supporting extensions of two distinct instruction-set architectures |
US5867577A (en) * | 1994-03-09 | 1999-02-02 | Bull Cp8 | Method and apparatus for authenticating a data carrier intended to enable a transaction or access to a service or a location, and corresponding carrier |
US5872994A (en) * | 1995-11-10 | 1999-02-16 | Nec Corporation | Flash memory incorporating microcomputer having on-board writing function |
US5890189A (en) * | 1991-11-29 | 1999-03-30 | Kabushiki Kaisha Toshiba | Memory management and protection system for virtual memory in computer system |
US5901225A (en) * | 1996-12-05 | 1999-05-04 | Advanced Micro Devices, Inc. | System and method for performing software patches in embedded systems |
US5900606A (en) * | 1995-03-10 | 1999-05-04 | Schlumberger Industries, S.A. | Method of writing information securely in a portable medium |
US5903752A (en) * | 1994-10-13 | 1999-05-11 | Intel Corporation | Method and apparatus for embedding a real-time multi-tasking kernel in a non-real-time operating system |
US5935247A (en) * | 1997-09-18 | 1999-08-10 | Geneticware Co., Ltd. | Computer system having a genetic code that cannot be directly accessed and a method of maintaining the same |
US5937063A (en) * | 1996-09-30 | 1999-08-10 | Intel Corporation | Secure boot |
US5953502A (en) * | 1997-02-13 | 1999-09-14 | Helbig, Sr.; Walter A | Method and apparatus for enhancing computer system security |
US5956408A (en) * | 1994-09-15 | 1999-09-21 | International Business Machines Corporation | Apparatus and method for secure distribution of data |
US5970147A (en) * | 1997-09-30 | 1999-10-19 | Intel Corporation | System and method for configuring and registering a cryptographic device |
US5978475A (en) * | 1997-07-18 | 1999-11-02 | Counterpane Internet Security, Inc. | Event auditing system |
US5978481A (en) * | 1994-08-16 | 1999-11-02 | Intel Corporation | Modem compatible method and apparatus for encrypting data that is transparent to software applications |
US5987557A (en) * | 1997-06-19 | 1999-11-16 | Sun Microsystems, Inc. | Method and apparatus for implementing hardware protection domains in a system with no memory management unit (MMU) |
US6014745A (en) * | 1997-07-17 | 2000-01-11 | Silicon Systems Design Ltd. | Protection for customer programs (EPROM) |
US6044478A (en) * | 1997-05-30 | 2000-03-28 | National Semiconductor Corporation | Cache with finely granular locked-down regions |
US6055637A (en) * | 1996-09-27 | 2000-04-25 | Electronic Data Systems Corporation | System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential |
US6058478A (en) * | 1994-09-30 | 2000-05-02 | Intel Corporation | Apparatus and method for a vetted field upgrade |
US6061794A (en) * | 1997-09-30 | 2000-05-09 | Compaq Computer Corp. | System and method for performing secure device communications in a peer-to-peer bus architecture |
US6075938A (en) * | 1997-06-10 | 2000-06-13 | The Board Of Trustees Of The Leland Stanford Junior University | Virtual machine monitors for scalable multiprocessors |
US6085296A (en) * | 1997-11-12 | 2000-07-04 | Digital Equipment Corporation | Sharing memory pages and page tables among computer processes |
US6088262A (en) * | 1997-02-27 | 2000-07-11 | Seiko Epson Corporation | Semiconductor device and electronic equipment having a non-volatile memory with a security function |
US6092095A (en) * | 1996-01-08 | 2000-07-18 | Smart Link Ltd. | Real-time task manager for a personal computer |
US6093213A (en) * | 1995-10-06 | 2000-07-25 | Advanced Micro Devices, Inc. | Flexible implementation of a system management mode (SMM) in a processor |
US6101584A (en) * | 1996-11-05 | 2000-08-08 | Mitsubishi Denki Kabushiki Kaisha | Computer system and semiconductor device on one chip including a memory and central processing unit for making interlock access to the memory |
US6115816A (en) * | 1996-12-18 | 2000-09-05 | Intel Corporation | Optimized security functionality in an electronic system |
US6125430A (en) * | 1996-05-03 | 2000-09-26 | Compaq Computer Corporation | Virtual memory allocation in a virtual address space having an inaccessible gap |
US6148379A (en) * | 1997-09-19 | 2000-11-14 | Silicon Graphics, Inc. | System, method and computer program product for page sharing between fault-isolated cells in a distributed shared memory system |
US6158546A (en) * | 1999-06-25 | 2000-12-12 | Tenneco Automotive Inc. | Straight through muffler with conically-ended output passage |
US6674536B2 (en) * | 1997-04-30 | 2004-01-06 | Canon Kabushiki Kaisha | Multi-instruction stream processor |
US6839813B2 (en) * | 2000-08-21 | 2005-01-04 | Texas Instruments Incorporated | TLB operations based on shared bit |
Family Cites Families (97)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US3014745A (en) | 1959-10-26 | 1961-12-26 | Bendix Corp | Sheet metal locking means |
US4975836A (en) | 1984-12-19 | 1990-12-04 | Hitachi, Ltd. | Virtual computer system |
JPS61206057A (en) | 1985-03-11 | 1986-09-12 | Hitachi Ltd | Address converting device |
JPH02171934A (en) | 1988-12-26 | 1990-07-03 | Hitachi Ltd | Virtual machine system |
JPH02208740A (en) | 1989-02-09 | 1990-08-20 | Fujitsu Ltd | Virtual computer control system |
US5781753A (en) | 1989-02-24 | 1998-07-14 | Advanced Micro Devices, Inc. | Semi-autonomous RISC pipelines for overlapped execution of RISC-like instructions within the multiple superscalar execution units of a processor having distributed pipeline control for speculative and out-of-order execution of complex instructions |
JP2825550B2 (en) | 1989-09-21 | 1998-11-18 | 株式会社日立製作所 | Multiple virtual space address control method and computer system |
JP2593721B2 (en) | 1990-01-08 | 1997-03-26 | 松下電器産業株式会社 | Information recording / reproducing device |
EP0473913A3 (en) | 1990-09-04 | 1992-12-16 | International Business Machines Corporation | Method and apparatus for providing a service pool of virtual machines for a plurality of vm users |
US5108590A (en) | 1990-09-12 | 1992-04-28 | Disanto Dennis | Water dispenser |
US5230069A (en) | 1990-10-02 | 1993-07-20 | International Business Machines Corporation | Apparatus and method for providing private and shared access to host address and data spaces by guest programs in a virtual machine computer system |
US5446904A (en) | 1991-05-17 | 1995-08-29 | Zenith Data Systems Corporation | Suspend/resume capability for a protected mode microprocessor |
JPH04348434A (en) | 1991-05-27 | 1992-12-03 | Hitachi Ltd | Virtual computer system |
US5574936A (en) | 1992-01-02 | 1996-11-12 | Amdahl Corporation | Access control mechanism controlling access to and logical purging of access register translation lookaside buffer (ALB) in a computer system |
US5610981A (en) | 1992-06-04 | 1997-03-11 | Integrated Technologies Of America, Inc. | Preboot protection for a data security system with anti-intrusion capability |
EP0600112A1 (en) | 1992-11-30 | 1994-06-08 | Siemens Nixdorf Informationssysteme Aktiengesellschaft | Data processing system with virtual memory addressing and memory access controlled by keys |
JPH06187178A (en) | 1992-12-18 | 1994-07-08 | Hitachi Ltd | Input and output interruption control method for virtual computer system |
US5555385A (en) | 1993-10-27 | 1996-09-10 | International Business Machines Corporation | Allocation of address spaces within virtual machine compute system |
US5533123A (en) | 1994-06-28 | 1996-07-02 | National Semiconductor Corporation | Programmable distributed personal security |
US5564040A (en) | 1994-11-08 | 1996-10-08 | International Business Machines Corporation | Method and apparatus for providing a server function in a logically partitioned hardware machine |
US6269392B1 (en) | 1994-11-15 | 2001-07-31 | Christian Cotichini | Method and apparatus to monitor and locate an electronic device using a secured intelligent agent |
US5555414A (en) | 1994-12-14 | 1996-09-10 | International Business Machines Corporation | Multiprocessing system including gating of host I/O and external enablement to guest enablement at polling intervals |
FR2734632B1 (en) | 1995-05-24 | 1997-07-25 | Sextant Avionique | GYROMETRIC DETECTION METHOD AND SAMPLE OPTICAL GYROMETER FOR CARRYING OUT SAID METHOD |
DE29513700U1 (en) | 1995-08-25 | 1996-09-19 | Siemens Ag | Motor-gear drive unit, in particular for a motor vehicle window regulator drive or the like. |
EP0880840A4 (en) | 1996-01-11 | 2002-10-23 | Mrj Inc | System for controlling access and distribution of digital property |
IL117085A (en) | 1996-02-08 | 2005-07-25 | Milsys Ltd | Secure computer system |
US6178509B1 (en) | 1996-06-13 | 2001-01-23 | Intel Corporation | Tamper resistant methods and apparatus |
US6175925B1 (en) | 1996-06-13 | 2001-01-16 | Intel Corporation | Tamper resistant player for scrambled contents |
US6205550B1 (en) | 1996-06-13 | 2001-03-20 | Intel Corporation | Tamper resistant methods and apparatus |
DE19649292A1 (en) | 1996-11-28 | 1998-06-04 | Deutsche Telekom Ag | Access protection method for pay television |
WO1998031511A1 (en) | 1997-01-17 | 1998-07-23 | Willi Hahn Gmbh & Co. Kg | Turning tool system |
US6412035B1 (en) | 1997-02-03 | 2002-06-25 | Real Time, Inc. | Apparatus and method for decreasing the response times of interrupt service routines |
US6148401A (en) | 1997-02-05 | 2000-11-14 | At&T Corp. | System and method for providing assurance to a host that a piece of software possesses a particular property |
EP0970411B1 (en) | 1997-03-27 | 2002-05-15 | BRITISH TELECOMMUNICATIONS public limited company | Copy protection of data |
US6272637B1 (en) | 1997-04-14 | 2001-08-07 | Dallas Semiconductor Corporation | Systems and methods for protecting access to encrypted information |
US6557104B2 (en) | 1997-05-02 | 2003-04-29 | Phoenix Technologies Ltd. | Method and apparatus for secure processing of cryptographic keys |
US6175924B1 (en) | 1997-06-20 | 2001-01-16 | International Business Machines Corp. | Method and apparatus for protecting application data in secure storage areas |
US6212635B1 (en) | 1997-07-18 | 2001-04-03 | David C. Reardon | Network security system allowing access and modification to a security subsystem after initial installation when a master token is in place |
US6188995B1 (en) | 1997-07-28 | 2001-02-13 | Apple Computer, Inc. | Method and apparatus for enforcing software licenses |
DE19735948C1 (en) | 1997-08-19 | 1998-10-01 | Siemens Nixdorf Inf Syst | Method for improving controllability in data processing equipment with translation-look-aside-buffer (TLB) |
US6282657B1 (en) | 1997-09-16 | 2001-08-28 | Safenet, Inc. | Kernel mode protection |
US6182089B1 (en) | 1997-09-23 | 2001-01-30 | Silicon Graphics, Inc. | Method, system and computer program product for dynamically allocating large memory pages of different sizes |
US6357004B1 (en) | 1997-09-30 | 2002-03-12 | Intel Corporation | System and method for ensuring integrity throughout post-processing |
US5987604A (en) | 1997-10-07 | 1999-11-16 | Phoenix Technologies, Ltd. | Method and apparatus for providing execution of system management mode services in virtual mode |
US6055639A (en) | 1997-10-10 | 2000-04-25 | Unisys Corporation | Synchronous message control system in a Kerberos domain |
US6219787B1 (en) | 1997-12-22 | 2001-04-17 | Texas Instruments Incorporated | Method and apparatus for extending security model to native code |
US6378072B1 (en) | 1998-02-03 | 2002-04-23 | Compaq Computer Corporation | Cryptographic system |
US6308270B1 (en) | 1998-02-13 | 2001-10-23 | Schlumberger Technologies, Inc. | Validating and certifying execution of a software program with a smart card |
US6192455B1 (en) | 1998-03-30 | 2001-02-20 | Intel Corporation | Apparatus and method for preventing access to SMRAM space through AGP addressing |
US6374286B1 (en) | 1998-04-06 | 2002-04-16 | Rockwell Collins, Inc. | Real time processor capable of concurrently running multiple independent JAVA machines |
US6173417B1 (en) | 1998-04-30 | 2001-01-09 | Intel Corporation | Initializing and restarting operating systems |
US6339826B2 (en) | 1998-05-05 | 2002-01-15 | International Business Machines Corp. | Client-server system for maintaining a user desktop consistent with server application user access permissions |
US6397242B1 (en) | 1998-05-15 | 2002-05-28 | Vmware, Inc. | Virtualization system including a virtual machine monitor for a computer with a segmented architecture |
FR2778998B1 (en) | 1998-05-20 | 2000-06-30 | Schlumberger Ind Sa | METHOD FOR AUTHENTICATING A PERSONAL CODE OF A USER OF AN INTEGRATED CIRCUIT CARD |
DE69942712D1 (en) | 1998-05-29 | 2010-10-14 | Texas Instruments Inc | Secure computing device |
US6421702B1 (en) | 1998-06-09 | 2002-07-16 | Advanced Micro Devices, Inc. | Interrupt driven isochronous task scheduler system |
NZ509018A (en) | 1998-06-17 | 2002-06-28 | Aristocrat Technologies Au | Software verification and authentication |
US6339815B1 (en) | 1998-08-14 | 2002-01-15 | Silicon Storage Technology, Inc. | Microcontroller system having allocation circuitry to selectively allocate and/or hide portions of a program memory address space |
US6505279B1 (en) | 1998-08-14 | 2003-01-07 | Silicon Storage Technology, Inc. | Microcontroller system having security circuitry to selectively lock portions of a program memory address space |
JP2000076139A (en) | 1998-08-28 | 2000-03-14 | Nippon Telegr & Teleph Corp <Ntt> | Portable information storage medium |
US6363485B1 (en) | 1998-09-09 | 2002-03-26 | Entrust Technologies Limited | Multi-factor biometric authenticating device and method |
US6463535B1 (en) | 1998-10-05 | 2002-10-08 | Intel Corporation | System and method for verifying the integrity and authorization of software before execution in a local platform |
US6230248B1 (en) | 1998-10-12 | 2001-05-08 | Institute For The Development Of Emerging Architectures, L.L.C. | Method and apparatus for pre-validating regions in a virtual addressing scheme |
US6330670B1 (en) | 1998-10-26 | 2001-12-11 | Microsoft Corporation | Digital rights management operating system |
US6445797B1 (en) | 1998-12-16 | 2002-09-03 | Secure Choice Llc | Method and system for performing secure electronic digital streaming |
US6463537B1 (en) | 1999-01-04 | 2002-10-08 | Codex Technologies, Inc. | Modified computer motherboard security and identification system |
US6282650B1 (en) | 1999-01-25 | 2001-08-28 | Intel Corporation | Secure public digital watermark |
US6188257B1 (en) | 1999-02-01 | 2001-02-13 | Vlsi Technology, Inc. | Power-on-reset logic with secure power down capability |
EP1030237A1 (en) | 1999-02-15 | 2000-08-23 | Hewlett-Packard Company | Trusted hardware device in a computer |
US6272533B1 (en) | 1999-02-16 | 2001-08-07 | Hendrik A. Browne | Secure computer system and method of providing secure access to a computer system including a stand alone switch operable to inhibit data corruption on a storage device |
CA2368858A1 (en) | 1999-04-12 | 2000-10-19 | Digital Media On Demand, Inc. | Secure electronic commerce system |
US6389537B1 (en) | 1999-04-23 | 2002-05-14 | Intel Corporation | Platform and method for assuring integrity of trusted agent communications |
US6275933B1 (en) | 1999-04-30 | 2001-08-14 | 3Com Corporation | Security system for a computerized apparatus |
US6321314B1 (en) | 1999-06-09 | 2001-11-20 | Ati International S.R.L. | Method and apparatus for restricting memory access |
US6633981B1 (en) | 1999-06-18 | 2003-10-14 | Intel Corporation | Electronic system and method for controlling access through user authentication |
US6301646B1 (en) | 1999-07-30 | 2001-10-09 | Curl Corporation | Pointer verification system and method |
JP2001148344A (en) | 1999-09-09 | 2001-05-29 | Nikon Corp | Aligner, method for controlling output of energy source, laser using the method and method for manufacturing device |
EP1085396A1 (en) | 1999-09-17 | 2001-03-21 | Hewlett-Packard Company | Operation of trusted state in computing platform |
US6535988B1 (en) | 1999-09-29 | 2003-03-18 | Intel Corporation | System for detecting over-clocking uses a reference signal thereafter preventing over-clocking by reducing clock rate |
US6374317B1 (en) | 1999-10-07 | 2002-04-16 | Intel Corporation | Method and apparatus for initializing a computer interface |
GB9923802D0 (en) | 1999-10-08 | 1999-12-08 | Hewlett Packard Co | User authentication |
GB9923804D0 (en) | 1999-10-08 | 1999-12-08 | Hewlett Packard Co | Electronic commerce system |
US6292874B1 (en) | 1999-10-19 | 2001-09-18 | Advanced Technology Materials, Inc. | Memory management method and apparatus for partitioning homogeneous memory and restricting access of installed applications to predetermined memory ranges |
WO2001063994A2 (en) | 2000-02-23 | 2001-08-30 | Iridian Technologies, Inc. | Tamper proof case for electronic devices having memories with sensitive information |
WO2001063567A2 (en) | 2000-02-25 | 2001-08-30 | Identix Incorporated | Secure transaction system |
AU2001243365A1 (en) | 2000-03-02 | 2001-09-12 | Alarity Corporation | System and method for process protection |
CA2341931C (en) | 2000-03-24 | 2006-05-30 | Contentguard Holdings, Inc. | System and method for protection of digital works |
US6990579B1 (en) | 2000-03-31 | 2006-01-24 | Intel Corporation | Platform and method for remote attestation of a platform |
US6795905B1 (en) | 2000-03-31 | 2004-09-21 | Intel Corporation | Controlling accesses to isolated memory using a memory controller for isolated execution |
US6507904B1 (en) | 2000-03-31 | 2003-01-14 | Intel Corporation | Executing isolated mode instructions in a secure system running in privilege rings |
US6633963B1 (en) | 2000-03-31 | 2003-10-14 | Intel Corporation | Controlling access to multiple memory zones in an isolated execution environment |
US20020062452A1 (en) | 2000-08-18 | 2002-05-23 | Warwick Ford | Countering credentials copying |
WO2002086684A2 (en) | 2001-04-24 | 2002-10-31 | Hewlett-Packard Company | An information security system |
US7676430B2 (en) | 2001-05-09 | 2010-03-09 | Lenovo (Singapore) Ptd. Ltd. | System and method for installing a remote credit card authorization on a system with a TCPA complaint chipset |
EP1271277A3 (en) | 2001-06-26 | 2003-02-05 | Redstrike B.V. | Security system and software to prevent unauthorized use of a computing device |
US20030018892A1 (en) | 2001-07-19 | 2003-01-23 | Jose Tello | Computer with a modified north bridge, security engine and smart card having a secure boot capability and method for secure booting a computer |
JP2005352395A (en) | 2004-06-14 | 2005-12-22 | Fujinon Corp | Insertion/extraction device of optical element |
-
2003
- 2003-09-30 US US10/676,584 patent/US20050080934A1/en not_active Abandoned
-
2004
- 2004-10-25 US US10/973,678 patent/US7865670B2/en not_active Expired - Fee Related
-
2010
- 2010-12-02 US US12/959,109 patent/US8543772B2/en active Active
-
2013
- 2013-03-15 US US13/837,648 patent/US8751752B2/en not_active Expired - Fee Related
Patent Citations (99)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US3996449A (en) * | 1975-08-25 | 1976-12-07 | International Business Machines Corporation | Operating system authenticator |
US4162536A (en) * | 1976-01-02 | 1979-07-24 | Gould Inc., Modicon Div. | Digital input/output system and method |
US4037214A (en) * | 1976-04-30 | 1977-07-19 | International Business Machines Corporation | Key register controlled accessing system |
US4247905A (en) * | 1977-08-26 | 1981-01-27 | Sharp Kabushiki Kaisha | Memory clear system |
US4278837A (en) * | 1977-10-31 | 1981-07-14 | Best Robert M | Crypto microprocessor for executing enciphered programs |
US4276594A (en) * | 1978-01-27 | 1981-06-30 | Gould Inc. Modicon Division | Digital computer with multi-processor capability utilizing intelligent composite memory and input/output modules and method for performing the same |
US4347565A (en) * | 1978-12-01 | 1982-08-31 | Fujitsu Limited | Address control system for software simulation |
US4307447A (en) * | 1979-06-19 | 1981-12-22 | Gould Inc. | Programmable controller |
US4319323A (en) * | 1980-04-04 | 1982-03-09 | Digital Equipment Corporation | Communications device for data processing system |
US4366537A (en) * | 1980-05-23 | 1982-12-28 | International Business Machines Corp. | Authorization mechanism for transfer of program control or data between different address spaces having different storage protect keys |
US4430709A (en) * | 1980-09-13 | 1984-02-07 | Robert Bosch Gmbh | Apparatus for safeguarding data entered into a microprocessor |
US4521852A (en) * | 1982-06-30 | 1985-06-04 | Texas Instruments Incorporated | Data processing device formed on a single semiconductor substrate having secure memory |
US4571672A (en) * | 1982-12-17 | 1986-02-18 | Hitachi, Ltd. | Access control method for multiprocessor systems |
US4759064A (en) * | 1985-10-07 | 1988-07-19 | Chaum David L | Blind unanticipated signature systems |
US4825052A (en) * | 1985-12-31 | 1989-04-25 | Bull Cp8 | Method and apparatus for certifying services obtained using a portable carrier such as a memory card |
US4795893A (en) * | 1986-07-11 | 1989-01-03 | Bull, Cp8 | Security device prohibiting the function of an electronic data processing unit after a first cutoff of its electrical power |
US4907272A (en) * | 1986-07-11 | 1990-03-06 | Bull Cp8 | Method for authenticating an external authorizing datum by a portable object, such as a memory card |
US4907270A (en) * | 1986-07-11 | 1990-03-06 | Bull Cp8 | Method for certifying the authenticity of a datum exchanged between two devices connected locally or remotely by a transmission line |
US4910774A (en) * | 1987-07-10 | 1990-03-20 | Schlumberger Industries | Method and system for suthenticating electronic memory cards |
US5007082A (en) * | 1988-08-03 | 1991-04-09 | Kelly Services, Inc. | Computer software encryption apparatus |
US5079737A (en) * | 1988-10-25 | 1992-01-07 | United Technologies Corporation | Memory management unit for the MIL-STD 1750 bus |
US5434999A (en) * | 1988-11-09 | 1995-07-18 | Bull Cp8 | Safeguarded remote loading of service programs by authorizing loading in protected memory zones in a terminal |
US5566323A (en) * | 1988-12-20 | 1996-10-15 | Bull Cp8 | Data processing system including programming voltage inhibitor for an electrically erasable reprogrammable nonvolatile memory |
US5139760A (en) * | 1989-02-28 | 1992-08-18 | Mizusawa Industrial Chemicals, Ltd. | Amorphous silica-alumina spherical particles and process for preparation thereof |
US5442645A (en) * | 1989-06-06 | 1995-08-15 | Bull Cp8 | Method for checking the integrity of a program or data, and apparatus for implementing this method |
US5504922A (en) * | 1989-06-30 | 1996-04-02 | Hitachi, Ltd. | Virtual machine with hardware display controllers for base and target machines |
US5022077A (en) * | 1989-08-25 | 1991-06-04 | International Business Machines Corp. | Apparatus and method for preventing unauthorized access to BIOS in a personal computer system |
US5459867A (en) * | 1989-10-20 | 1995-10-17 | Iomega Corporation | Kernels, description tables, and device drivers |
US5737604A (en) * | 1989-11-03 | 1998-04-07 | Compaq Computer Corporation | Method and apparatus for independently resetting processors and cache controllers in multiple processor systems |
US5075842A (en) * | 1989-12-22 | 1991-12-24 | Intel Corporation | Disabling tag bit recognition and allowing privileged operations to occur in an object-oriented memory protection mechanism |
US5317705A (en) * | 1990-10-24 | 1994-05-31 | International Business Machines Corporation | Apparatus and method for TLB purge reduction in a multi-level machine system |
US5437033A (en) * | 1990-11-16 | 1995-07-25 | Hitachi, Ltd. | System for recovery from a virtual machine monitor failure with a continuous guest dispatched to a nonguest mode |
US5255379A (en) * | 1990-12-28 | 1993-10-19 | Sun Microsystems, Inc. | Method for automatically transitioning from V86 mode to protected mode in a computer system using an Intel 80386 or 80486 processor |
US5720609A (en) * | 1991-01-09 | 1998-02-24 | Pfefferle; William Charles | Catalytic method |
US5522075A (en) * | 1991-06-28 | 1996-05-28 | Digital Equipment Corporation | Protection ring extension for computers having distinct virtual machine monitor and virtual machine address spaces |
US5319760A (en) * | 1991-06-28 | 1994-06-07 | Digital Equipment Corporation | Translation buffer for virtual machines with address space match |
US5455909A (en) * | 1991-07-05 | 1995-10-03 | Chips And Technologies Inc. | Microprocessor with operation capture facility |
US5386552A (en) * | 1991-10-21 | 1995-01-31 | Intel Corporation | Preservation of a computer system processing state in a mass storage device |
US5890189A (en) * | 1991-11-29 | 1999-03-30 | Kabushiki Kaisha Toshiba | Memory management and protection system for virtual memory in computer system |
US5721222A (en) * | 1992-04-16 | 1998-02-24 | Zeneca Limited | Heterocyclic ketones |
US5421006A (en) * | 1992-05-07 | 1995-05-30 | Compaq Computer Corp. | Method and apparatus for assessing integrity of computer system software |
US5293424A (en) * | 1992-10-14 | 1994-03-08 | Bull Hn Information Systems Inc. | Secure memory card |
US5796835A (en) * | 1992-10-27 | 1998-08-18 | Bull Cp8 | Method and system for writing information in a data carrier making it possible to later certify the originality of this information |
US5511217A (en) * | 1992-11-30 | 1996-04-23 | Hitachi, Ltd. | Computer system of virtual machines sharing a vector processor |
US5469557A (en) * | 1993-03-05 | 1995-11-21 | Microchip Technology Incorporated | Code protection in microcontroller with EEPROM fuses |
US5479509A (en) * | 1993-04-06 | 1995-12-26 | Bull Cp8 | Method for signature of an information processing file, and apparatus for implementing it |
US5533126A (en) * | 1993-04-22 | 1996-07-02 | Bull Cp8 | Key protection device for smart cards |
US5628022A (en) * | 1993-06-04 | 1997-05-06 | Hitachi, Ltd. | Microcomputer with programmable ROM |
US5528231A (en) * | 1993-06-08 | 1996-06-18 | Bull Cp8 | Method for the authentication of a portable object by an offline terminal, and apparatus for implementing the process |
US5459869A (en) * | 1994-02-17 | 1995-10-17 | Spilo; Michael L. | Method for providing protected mode services for device drivers and other resident software |
US5604805A (en) * | 1994-02-28 | 1997-02-18 | Brands; Stefanus A. | Privacy-protected transfer of electronic information |
US5867577A (en) * | 1994-03-09 | 1999-02-02 | Bull Cp8 | Method and apparatus for authenticating a data carrier intended to enable a transaction or access to a service or a location, and corresponding carrier |
US5796845A (en) * | 1994-05-23 | 1998-08-18 | Matsushita Electric Industrial Co., Ltd. | Sound field and sound image control apparatus and method |
US5805712A (en) * | 1994-05-31 | 1998-09-08 | Intel Corporation | Apparatus and method for providing secured communications |
US5978481A (en) * | 1994-08-16 | 1999-11-02 | Intel Corporation | Modem compatible method and apparatus for encrypting data that is transparent to software applications |
US5568552A (en) * | 1994-09-07 | 1996-10-22 | Intel Corporation | Method for providing a roving software license from one node to another node |
US5473692A (en) * | 1994-09-07 | 1995-12-05 | Intel Corporation | Roving software license for a hardware agent |
US5956408A (en) * | 1994-09-15 | 1999-09-21 | International Business Machines Corporation | Apparatus and method for secure distribution of data |
US6058478A (en) * | 1994-09-30 | 2000-05-02 | Intel Corporation | Apparatus and method for a vetted field upgrade |
US5825875A (en) * | 1994-10-11 | 1998-10-20 | Cp8 Transac | Process for loading a protected storage zone of an information processing device, and associated device |
US5903752A (en) * | 1994-10-13 | 1999-05-11 | Intel Corporation | Method and apparatus for embedding a real-time multi-tasking kernel in a non-real-time operating system |
US5606617A (en) * | 1994-10-14 | 1997-02-25 | Brands; Stefanus A. | Secret-key certificates |
US5615263A (en) * | 1995-01-06 | 1997-03-25 | Vlsi Technology, Inc. | Dual purpose security architecture with protected internal operating system |
US5764969A (en) * | 1995-02-10 | 1998-06-09 | International Business Machines Corporation | Method and system for enhanced management operation utilizing intermixed user level and supervisory level instructions with partial concept synchronization |
US5900606A (en) * | 1995-03-10 | 1999-05-04 | Schlumberger Industries, S.A. | Method of writing information securely in a portable medium |
US5717903A (en) * | 1995-05-15 | 1998-02-10 | Compaq Computer Corporation | Method and appartus for emulating a peripheral device to allow device driver development before availability of the peripheral device |
US5854913A (en) * | 1995-06-07 | 1998-12-29 | International Business Machines Corporation | Microprocessor with an architecture mode control capable of supporting extensions of two distinct instruction-set architectures |
US5633929A (en) * | 1995-09-15 | 1997-05-27 | Rsa Data Security, Inc | Cryptographic key escrow system having reduced vulnerability to harvesting attacks |
US5737760A (en) * | 1995-10-06 | 1998-04-07 | Motorola Inc. | Microcontroller with security logic circuit which prevents reading of internal memory by external program |
US6093213A (en) * | 1995-10-06 | 2000-07-25 | Advanced Micro Devices, Inc. | Flexible implementation of a system management mode (SMM) in a processor |
US5872994A (en) * | 1995-11-10 | 1999-02-16 | Nec Corporation | Flash memory incorporating microcomputer having on-board writing function |
US6092095A (en) * | 1996-01-08 | 2000-07-18 | Smart Link Ltd. | Real-time task manager for a personal computer |
US5657445A (en) * | 1996-01-26 | 1997-08-12 | Dell Usa, L.P. | Apparatus and method for limiting access to mass storage devices in a computer system |
US5835594A (en) * | 1996-02-09 | 1998-11-10 | Intel Corporation | Methods and apparatus for preventing unauthorized write access to a protected non-volatile storage |
US6125430A (en) * | 1996-05-03 | 2000-09-26 | Compaq Computer Corporation | Virtual memory allocation in a virtual address space having an inaccessible gap |
US5729760A (en) * | 1996-06-21 | 1998-03-17 | Intel Corporation | System for providing first type access to register if processor in first mode and second type access to register if processor not in first mode |
US6055637A (en) * | 1996-09-27 | 2000-04-25 | Electronic Data Systems Corporation | System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential |
US5937063A (en) * | 1996-09-30 | 1999-08-10 | Intel Corporation | Secure boot |
US5844986A (en) * | 1996-09-30 | 1998-12-01 | Intel Corporation | Secure BIOS |
US6101584A (en) * | 1996-11-05 | 2000-08-08 | Mitsubishi Denki Kabushiki Kaisha | Computer system and semiconductor device on one chip including a memory and central processing unit for making interlock access to the memory |
US5852717A (en) * | 1996-11-20 | 1998-12-22 | Shiva Corporation | Performance optimizations for computer networks utilizing HTTP |
US5901225A (en) * | 1996-12-05 | 1999-05-04 | Advanced Micro Devices, Inc. | System and method for performing software patches in embedded systems |
US5757919A (en) * | 1996-12-12 | 1998-05-26 | Intel Corporation | Cryptographically protected paging subsystem |
US6115816A (en) * | 1996-12-18 | 2000-09-05 | Intel Corporation | Optimized security functionality in an electronic system |
US5953502A (en) * | 1997-02-13 | 1999-09-14 | Helbig, Sr.; Walter A | Method and apparatus for enhancing computer system security |
US6088262A (en) * | 1997-02-27 | 2000-07-11 | Seiko Epson Corporation | Semiconductor device and electronic equipment having a non-volatile memory with a security function |
US6674536B2 (en) * | 1997-04-30 | 2004-01-06 | Canon Kabushiki Kaisha | Multi-instruction stream processor |
US6044478A (en) * | 1997-05-30 | 2000-03-28 | National Semiconductor Corporation | Cache with finely granular locked-down regions |
US6075938A (en) * | 1997-06-10 | 2000-06-13 | The Board Of Trustees Of The Leland Stanford Junior University | Virtual machine monitors for scalable multiprocessors |
US5987557A (en) * | 1997-06-19 | 1999-11-16 | Sun Microsystems, Inc. | Method and apparatus for implementing hardware protection domains in a system with no memory management unit (MMU) |
US6014745A (en) * | 1997-07-17 | 2000-01-11 | Silicon Systems Design Ltd. | Protection for customer programs (EPROM) |
US5978475A (en) * | 1997-07-18 | 1999-11-02 | Counterpane Internet Security, Inc. | Event auditing system |
US5935247A (en) * | 1997-09-18 | 1999-08-10 | Geneticware Co., Ltd. | Computer system having a genetic code that cannot be directly accessed and a method of maintaining the same |
US6148379A (en) * | 1997-09-19 | 2000-11-14 | Silicon Graphics, Inc. | System, method and computer program product for page sharing between fault-isolated cells in a distributed shared memory system |
US6061794A (en) * | 1997-09-30 | 2000-05-09 | Compaq Computer Corp. | System and method for performing secure device communications in a peer-to-peer bus architecture |
US5970147A (en) * | 1997-09-30 | 1999-10-19 | Intel Corporation | System and method for configuring and registering a cryptographic device |
US6085296A (en) * | 1997-11-12 | 2000-07-04 | Digital Equipment Corporation | Sharing memory pages and page tables among computer processes |
US6158546A (en) * | 1999-06-25 | 2000-12-12 | Tenneco Automotive Inc. | Straight through muffler with conically-ended output passage |
US6839813B2 (en) * | 2000-08-21 | 2005-01-04 | Texas Instruments Incorporated | TLB operations based on shared bit |
Cited By (55)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050044408A1 (en) * | 2003-08-18 | 2005-02-24 | Bajikar Sundeep M. | Low pin count docking architecture for a trusted platform |
US20120330640A1 (en) * | 2004-08-30 | 2012-12-27 | International Business Machines Corporation | Simplifying the deployment and serviceability of commercial software environments |
US8762965B2 (en) * | 2004-08-30 | 2014-06-24 | International Business Machines Corporation | Simplifying the deployment and serviceability of commercial software environments |
US20060069899A1 (en) * | 2004-09-30 | 2006-03-30 | Ioannis Schoinas | Performance enhancement of address translation using translation tables covering large address spaces |
US20100011187A1 (en) * | 2004-09-30 | 2010-01-14 | Ioannis Schoinas | Performance enhancement of address translation using translation tables covering large address spaces |
US8843727B2 (en) * | 2004-09-30 | 2014-09-23 | Intel Corporation | Performance enhancement of address translation using translation tables covering large address spaces |
US7363463B2 (en) * | 2005-05-13 | 2008-04-22 | Microsoft Corporation | Method and system for caching address translations from multiple address spaces in virtual machines |
US20080215848A1 (en) * | 2005-05-13 | 2008-09-04 | John Te-Jui Sheu | Method and System For Caching Address Translations From Multiple Address Spaces In Virtual Machines |
US20060259734A1 (en) * | 2005-05-13 | 2006-11-16 | Microsoft Corporation | Method and system for caching address translations from multiple address spaces in virtual machines |
US8095771B2 (en) | 2005-05-13 | 2012-01-10 | Microsoft Corporation | Method and system for caching address translations from multiple address spaces in virtual machines |
US7644258B2 (en) | 2005-08-29 | 2010-01-05 | Searete, Llc | Hybrid branch predictor using component predictors each having confidence and override signals |
US9176741B2 (en) | 2005-08-29 | 2015-11-03 | Invention Science Fund I, Llc | Method and apparatus for segmented sequential storage |
US20080133889A1 (en) * | 2005-08-29 | 2008-06-05 | Centaurus Data Llc | Hierarchical instruction scheduler |
US20080133883A1 (en) * | 2005-08-29 | 2008-06-05 | Centaurus Data Llc | Hierarchical store buffer |
US20070083739A1 (en) * | 2005-08-29 | 2007-04-12 | Glew Andrew F | Processor with branch predictor |
US8028152B2 (en) | 2005-08-29 | 2011-09-27 | The Invention Science Fund I, Llc | Hierarchical multi-threading processor for executing virtual threads in a time-multiplexed fashion |
US8037288B2 (en) | 2005-08-29 | 2011-10-11 | The Invention Science Fund I, Llc | Hybrid branch predictor having negative ovedrride signals |
US20080133893A1 (en) * | 2005-08-29 | 2008-06-05 | Centaurus Data Llc | Hierarchical register file |
US8266412B2 (en) | 2005-08-29 | 2012-09-11 | The Invention Science Fund I, Llc | Hierarchical store buffer having segmented partitions |
US8275976B2 (en) | 2005-08-29 | 2012-09-25 | The Invention Science Fund I, Llc | Hierarchical instruction scheduler facilitating instruction replay |
US8296550B2 (en) | 2005-08-29 | 2012-10-23 | The Invention Science Fund I, Llc | Hierarchical register file with operand capture ports |
US20080133885A1 (en) * | 2005-08-29 | 2008-06-05 | Centaurus Data Llc | Hierarchical multi-threading processor |
US8909946B2 (en) | 2005-11-15 | 2014-12-09 | Microsoft Corporation | Efficient power management of a system with virtual machines |
US9218047B2 (en) | 2005-11-15 | 2015-12-22 | Microsoft Technology Licensing, Llc | Efficient power management of a system with virtual machines |
US9772860B2 (en) | 2005-11-15 | 2017-09-26 | Microsoft Technology Licensing, Llc | Efficient power management of a system with virtual machines |
US9489035B2 (en) | 2005-11-15 | 2016-11-08 | Microsoft Technology Licensing, Llc | Efficient power management of a system with virtual machines |
US20070112999A1 (en) * | 2005-11-15 | 2007-05-17 | Microsoft Corporation | Efficient power management of a system with virtual machines |
US20080134174A1 (en) * | 2006-12-05 | 2008-06-05 | Microsoft Corporation | Reduction of operational costs of virtual TLBs |
US8694712B2 (en) | 2006-12-05 | 2014-04-08 | Microsoft Corporation | Reduction of operational costs of virtual TLBs |
US8645666B2 (en) | 2006-12-28 | 2014-02-04 | Intel Corporation | Means to share translation lookaside buffer (TLB) entries between different contexts |
US20080162868A1 (en) * | 2006-12-28 | 2008-07-03 | Andy Glew | Means to share translation lookaside buffer (TLB) entries between different contexts |
US9612857B2 (en) | 2014-04-24 | 2017-04-04 | International Business Machines Corporation | Administering virtual machines in a distributed computing environment |
US9678777B2 (en) * | 2014-04-24 | 2017-06-13 | International Business Machines Corporation | Administering virtual machines in a distributed computing environment |
US10255097B2 (en) | 2014-04-24 | 2019-04-09 | International Business Machines Corporation | Administering virtual machines in a distributed computing environment |
US20150309823A1 (en) * | 2014-04-24 | 2015-10-29 | International Buisness Machines Corporation | Administering virtual machines in a distributed computing environment |
US9503515B2 (en) | 2014-04-24 | 2016-11-22 | International Business Machines Corporation | Administering virtual machines in a distributed computing environment |
US9503514B2 (en) | 2014-04-24 | 2016-11-22 | International Business Machines Corporation | Administering virtual machines in a distributed computing environment |
US9606824B2 (en) | 2014-04-24 | 2017-03-28 | International Business Machines Corporation | Administering virtual machines in a distributed computing environment |
US9612856B2 (en) | 2014-04-24 | 2017-04-04 | International Business Machines Corporation | Administering virtual machines in a distributed computing environment |
US20150312109A1 (en) * | 2014-04-24 | 2015-10-29 | International Business Machines Corporation | Administering virtual machines in a distributed computing environment |
US9612858B2 (en) | 2014-04-24 | 2017-04-04 | International Business Machines Corporation | Administering virtual machines in a distributed computing environment |
US10255098B2 (en) | 2014-04-24 | 2019-04-09 | International Business Machines Corporation | Administering virtual machines in a distributed computing environment |
US9864622B2 (en) | 2014-04-24 | 2018-01-09 | International Business Machines Corporation | Administering virtual machines in a distributed computing environment |
US9858099B2 (en) | 2014-04-24 | 2018-01-02 | International Business Machines Corporation | Administering virtual machines in a distributed computing environment |
US9703587B2 (en) * | 2014-04-24 | 2017-07-11 | International Business Machines Corporation | Administering virtual machines in a distributed computing environment |
CN104050017A (en) * | 2014-07-01 | 2014-09-17 | 龙芯中科技术有限公司 | Method and device for controlling operating virtual machine |
US9697137B2 (en) * | 2014-11-14 | 2017-07-04 | Cavium, Inc. | Filtering translation lookaside buffer invalidations |
US9684606B2 (en) * | 2014-11-14 | 2017-06-20 | Cavium, Inc. | Translation lookaside buffer invalidation suppression |
US20160140051A1 (en) * | 2014-11-14 | 2016-05-19 | Cavium, Inc. | Translation lookaside buffer invalidation suppression |
US20160140040A1 (en) * | 2014-11-14 | 2016-05-19 | Cavium, Inc. | Filtering translation lookaside buffer invalidations |
US9672159B2 (en) * | 2015-07-02 | 2017-06-06 | Arm Limited | Translation buffer unit management |
US20180067866A1 (en) * | 2016-09-08 | 2018-03-08 | Intel Corporation | Translate on virtual machine entry |
WO2018048564A1 (en) * | 2016-09-08 | 2018-03-15 | Intel Corporation | Translate on virtual machine entry |
EP3333699A1 (en) * | 2016-12-12 | 2018-06-13 | INTEL Corporation | System and method to improve nested virtual machine monitor performance |
US10922114B2 (en) | 2016-12-12 | 2021-02-16 | Intel Corporation | System and method to improve nested virtual machine monitor performance |
Also Published As
Publication number | Publication date |
---|---|
US20130212313A1 (en) | 2013-08-15 |
US8751752B2 (en) | 2014-06-10 |
US20050080937A1 (en) | 2005-04-14 |
US8543772B2 (en) | 2013-09-24 |
US20120117300A1 (en) | 2012-05-10 |
US7865670B2 (en) | 2011-01-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8751752B2 (en) | Invalidating translation lookaside buffer entries in a virtual machine system | |
US10114767B2 (en) | Virtualizing physical memory in a virtual machine system using a hierarchy of extended page tables to translate guest-physical addresses to host-physical addresses | |
US7418584B1 (en) | Executing system management mode code as virtual machine guest | |
US9335943B2 (en) | Method and apparatus for fine grain memory protection | |
KR101770496B1 (en) | Efficient address translation caching in a processor that supports a large number of different address spaces | |
TWI471727B (en) | Method and apparatus for caching of page translations for virtual machines | |
US8607228B2 (en) | Virtualizing performance counters | |
US8296546B2 (en) | Synchronizing a translation lookaside buffer with an extended paging table | |
US7370160B2 (en) | Virtualizing memory type | |
US9684605B2 (en) | Translation lookaside buffer for guest physical addresses in a virtual machine | |
US11720356B2 (en) | Range checking instruction for setting a status value indicative of whether a first address and second address identified by the instruction correspond to the same memory attribute entry | |
KR20070047845A (en) | Fault processing for direct memory access address translation | |
EP3649550A1 (en) | An apparatus and method for controlling execution of instructions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: INTEL CORPORATION, CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:COTA-ROBLES, ERIK C.;GLEW, ANDY;JEYASINGH, STALINSELVARAJ;AND OTHERS;REEL/FRAME:016508/0126;SIGNING DATES FROM 20030929 TO 20041006 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |