 |
|
|
|
|
|
 Title: |
EP0187603B1:
Computer with virtual machine mode and multiple protection rings[German][French]
[ Derwent Title ]
|
Country:
Kind: |
EP European Patent Office (EPO)
B1 PATENT SPECIFICATION i
(See also:
EP0187603A2,
EP0187603A3 )
|
| |
| Inventor: |
Karger, Paul A.;
Leonard, Timothy E.;
Mason, Andrew H.;
|
| Assignee: |
DIGITAL EQUIPMENT CORPORATION
News, Profiles, Stocks and More about this company
|
| Published / Filed: |
1993-01-27
/ 1985-12-26
|
| Application Number: |
EP1985000402639
|
| IPC Code: |
Advanced:
G06F 9/455;
G06F 12/14;
Core:
more...
IPC-7:
G06F 12/14;
|
| Priority Number: |
|
| Abstract: |
[From equivalent
EP0187603A2]
A computer system including a processor and memory, the processor having a virtual mode of operation in which it uses a virtual machine monitor which allows it to service a plurality of users contemporaneously in a multiplexed manner, and a non-virtual, or real, mode of operation. The computer system has a set of at least three operation mode protection rings representing a hierarchy of access privilege levels in both the real and virtual modes, with the number of privilege levels in both the real and virtual modes being the same. The privilege levels govern the accessibility of memory locations to programs and the executability of certain privileged instructions, which cause control to be transferred to the virtual machine monitor when the processor is in a virtual mode. The two most privileged levels in the virtual mode are both treated as corresponding to the second most privileged level in the real mode, whereby if the processor is in the most privileged virtual operating mode, access to memory locations is permitted only if the location is accessible to the second most privileged mode. When an instruction is retrieved, the processor first performs a probe operation to determine whether it can access any required memory locations in response to its current privilege level, and then determines whether it is in a privilege level which allows it to process the instruction.
|
| Attorney, Agent or Firm: |
Mongrédien, André et al ;
|
| INPADOC Legal Status: |
Show legal status actions
Family Legal Status Report
|
| Designated Country: |
DE FR GB IT NL SE
|
| Family: |
Show 13 known family members
|
First Claim:
Show all claims |
1. A processor comprising (a) a CPU which operates in a real mode or a virtual mode, said CPU having in both real and virtual modes a set of operating modes forming protection rings defining a hierarchy of privilege levels, said protection rings preventing processes in an outer, less privileged, ring from interfering with processes in a relatively inner, more privileged, ring; (b) a virtual machine monitor system (VVM); (c) memory means including a plurality of addressable storage locations for storing instructions requiring access to the memory locations, said memory means further including plural groups of memory locations, wherein the number of memory locations in each memory group may vary, each memory group having an associated privilege means for identifying the protection ring operating modes in which said processor can access any memory location in the group; (d) means connected to said CPU and said memory means for iteratively retrieving instructions from said memory means; (e) virtual mode indicating means for indicating whether or not said CPU is operating in virtual mode; (f) operating mode indicating means for identifying the privilege level of the current protection ring operating mode of said CPU; and (g) means for enabling access to said memory means depending on information from said virtual mode indicating means, from said operating mode indicating means; said processor further comprising:
- (A) said CPU for processing instructions in at least three protection ring operating modes each associated with one of said hierarchy of privilege levels;
- (B) compression means connected to said operating mode indicating means for identifying a virtual mode operating mode in response to the current protection ring indicating means, said compression means operating in accordance with a compression function "F" which maps a set A = (0, 1, ..., N) into a second set B = (0, 1, ..., N), each element in the set A identifying one of the privilege levels when the processor is operating in the virtual mode and each element of the set B identifying one of privilege levels when the processor is not operating in the virtual mode, the successive elements of each set corresponding to protection rings of progressively lower privilege, such that in each set "0" identifies the most privileged level the compression function F mapping at least the Ø level of set A to a non-zero level of set B;
- (C) selection means connected to said operating mode indicating means, said virtual mode indicating means and said compression means for selectively transmitting as an output the privilege level identified by said compression means in response to said virtual mode indicating means indicating that said processor is operating in a virtual mode, and otherwise transmitting the privilege level identified by said operating mode indicating means;
- (D) comparison means for comparing the output of said selection means to the privilege means of the location in memory to which the processor requires access to determine whether the processor can access the required memory location;
- (E) means responsive to a successful comparison by said comparison means for enabling the processing means to access the required memory location and execute the instruction.
[German]
[French]
|
Description
Expand description |
+ Background of the Invention
+ 1. Field of the Invention
The invention relates generally to the field of digital data processing (computer) systems, and more specifically to computer systems which operate in a virtual mode to provide one or more virtual machines and which have more than two protection rings arranged in a hierarchy and regulating access to locations in memory and the executability of certain instructions. It is desirable to have the computer preserve the most privileged protection ring for the real mode to allow an orderly transition and allocation of resources of the computer system among users in the virtual mode. By means of the invention, at least two of the protection rings of the virtual mode are compressed, that is, they are made to correspond to a single protection ring used by the processor while processing in a real (non-virtual) mode. The compression is such that at least the most privileged ring of the machine operating in the real mode has no corresponding ring in the virtual mode. Otherwise stated, the most privileged ring of the processor operating in the virtual mode corresponds to a less than maximally privileged ring of the processor when it operates in the real mode, and two of the rings of the virtual mode correspond to one of the rings of the real mode. Accordingly, compression allows the computer to appear to have at least as many protection rings in the virtual mode as is provided in the real mode.
+ 2. Description of the Prior Art
+ Summary of the Invention
+ Brief Description of the Drawings
+ Detailed Description of an Illustrative Embodiment
+ 1. General Description
+ 2. Protection Rings and Operating Modes
+ 3. Specific Illustrations of Systems
+ 5. Probing Operands And Instructions
+ 6. Privileged Instruction Execution
+ HALT Instruction
+ MOVE PROCESSOR STATUS LONGWORD to (Destination)
+ RETURN FROM EXCEPTION OR INTERRUPT
+ CHANGE OPERATING MODE Instruction
+ Probe Accessibility of Memory Location
+ Other Instructions
|
|
