CN120011001A - A lightweight virtualization implementation method and device - Google Patents
A lightweight virtualization implementation method and device Download PDFInfo
- Publication number
- CN120011001A CN120011001A CN202510486671.1A CN202510486671A CN120011001A CN 120011001 A CN120011001 A CN 120011001A CN 202510486671 A CN202510486671 A CN 202510486671A CN 120011001 A CN120011001 A CN 120011001A
- Authority
- CN
- China
- Prior art keywords
- client
- virtual machine
- virtualization
- machine management
- management firmware
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/544—Buffers; Shared memory; Pipes
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
本发明提供了一种轻量化的虚拟化实现方法及装置,其属于虚拟化技术领域,所述方案通过复用现有操作系统来减少对于硬件资源的依赖,简化了虚拟化的复杂性,通过硬件隔离出的硬件供虚拟机直接使用,保证了各个虚拟机的高实时性;从用户角度来看,所述方案将整个虚拟化过程作为当前操作系统的一个应用程序,启动虚拟化之后没有增加任何资源的消耗,从而做到足够轻量化,同时也降低了性能需求;同时,所述方案通过硬件隔离直接供客户机使用硬件资源,从而可以保证客户机的实时性要求,并且可以直接运行各种实时操作系统。
The present invention provides a lightweight virtualization implementation method and device, which belongs to the field of virtualization technology. The scheme reduces the dependence on hardware resources by reusing the existing operating system, simplifies the complexity of virtualization, and directly uses the hardware isolated by the hardware for the virtual machine, thereby ensuring the high real-time performance of each virtual machine; from the user's perspective, the scheme regards the entire virtualization process as an application of the current operating system, and does not increase the consumption of any resources after starting the virtualization, thereby achieving sufficient lightweight and reducing performance requirements; at the same time, the scheme directly uses the hardware resources for the client through hardware isolation, thereby ensuring the real-time requirements of the client, and can directly run various real-time operating systems.
Description
Technical Field
The invention belongs to the technical field of virtualization, and particularly relates to a lightweight virtualization implementation method and device.
Background
The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art.
The traditional virtualization scheme is born in an x86 architecture of Intel, can be divided into two architecture types of Type I (bare metal architecture) and Type II (host architecture), and is mainly applied to the fields of personal computers, servers and the like with higher computing performance and high-performance computing.
The traditional virtualization scheme has the following defects that the traditional virtualization scheme has high requirements on equipment performance, is difficult to apply to an embedded environment with limited resources, even cannot completely realize the traditional virtualization architecture scheme in the limited resource environment, a client system (namely an operating system running inside a virtual machine) cannot directly use hardware resources, communication with hardware can be realized only through a VMM (Virtual Machine Monitor: virtualization management program) in the traditional virtualization scheme, and particularly, the Type II architecture also needs to realize communication with the hardware through a main client on the basis of the VMM, so that the real-time performance of each virtual machine cannot be ensured, the traditional virtualization scheme is difficult to apply to the environment with the requirements on the real-time performance, and the client is generally difficult to directly run various real-time operating systems or bare computer programs.
Disclosure of Invention
The embodiment of the invention provides a light-weight virtualization implementation method and device, which are used for solving the problems that the existing virtualization scheme cannot be applied in a resource-limited environment, the real-time performance of a virtual machine cannot be ensured, and a real-time operating system or a bare computer program cannot be directly operated.
According to a first aspect of an embodiment of the present invention, there is provided a lightweight virtualization implementation method applied to an apparatus deployed with a pre-built user interaction tool, a system driver, and virtual machine management firmware, including:
Loading a client configuration file through a pre-built user interaction tool in response to the enabling of the virtualization function, wherein the user interaction tool runs in a host client operating system;
Based on the configuration information in the client configuration file, the virtual machine management firmware is controlled to isolate physical hardware resources of each client through system call, and a shared memory for communication between the clients is provided for each client to realize the creation of the clients and communication between the clients;
When the virtualization function is enabled, the main client and the sub client are virtual machines, and when the virtualization function is disabled, the main client is an independent operating system.
Further, the method directly provides hardware resources used by the client through hardware isolation.
The system call is performed through a user interaction tool, the system call generates a super call through a system driver, the virtual machine management firmware is loaded to the memory for running through the super call, and the loaded virtual machine management firmware isolates the physical hardware to different clients.
Further, the shared memory adopts a one-to-one model, and an independent shared memory is commonly declared for communication between any two clients.
Further, the virtual machine management firmware operates at a particular processor privilege level, for x86 architecture, the virtual machine management firmware operates at a kernel mode privilege level of the root mode, for ARM architecture, the virtual machine management firmware operates at a virtualization mode privilege level, for RISC-V architecture, the virtual machine management firmware operates at a virtual machine monitor mode privilege level.
Further, the virtual machine management firmware specifically executes the following processing procedures that configuration information and commands from a driver are received, and then the processing is performed according to the command types, wherein:
for enabling and creating commands, initializing the state of a corresponding CPU according to the received configuration information, creating a corresponding memory page table, realizing the resource allocation and hardware isolation of memories and CPUs of different clients, and managing the configuration information of each client through a linked list;
and for disabling, deleting, modifying and inquiring commands, carrying out corresponding processing by inquiring the configuration information of the corresponding client, and returning a processing result.
Further, the user interaction tool specifically performs the following processing procedures:
receiving command input of a user;
When the command is input as an enabling or creating command, reading and analyzing a preset configuration file, sending an analysis result and a corresponding command to a system driver to execute corresponding processing, and receiving and displaying a processing result;
When the command is input as disable, delete or view, the command is directly sent to the system driver to execute corresponding processing, and the processing result is received and displayed.
Further, the system driver specifically executes the following processing procedures of receiving configuration information and commands from a user interaction tool, copying the content of the configuration information from a user space to a system space for enabling and creating commands, after verification processing, sending the verified configuration information and corresponding commands to virtual machine management firmware for processing and returning results, creating corresponding maintenance nodes in a pre-built management linked list after hardware resources are successfully isolated, mapping the maintenance nodes back to a host client machine so that the host client machine can maintain other clients, and for inquiring commands, finding corresponding client machine information by directly traversing the existing management linked list and then returning to the user interaction tool.
Further, the client running operating system types include Linux, android, windows, real-time operating system, and bare metal programs.
According to a second aspect of the embodiment of the invention, a lightweight virtualization device is provided, which comprises a hardware module and a software module, wherein the hardware module comprises a CPU, a memory and an IO device, the software module comprises a main client operating system, a user interaction tool, a system driver and a virtual machine management firmware, and the lightweight virtualization implementation method is executed based on the software module.
The one or more of the above technical solutions have the following beneficial effects:
The invention provides a light-weight virtualization implementation method and device, wherein the scheme reduces dependence on hardware resources by multiplexing an existing operating system (namely a main client operating system), simplifies virtualization complexity, directly uses hardware isolated by hardware for a virtual machine, and ensures high real-time performance of each client (namely the virtual machine). From the perspective of a user, the scheme of the invention takes the whole virtualization process as an application program of the current operating system, and does not increase any resource consumption after the virtualization is started, so that the method is light enough and the performance requirement is reduced. The scheme of the invention directly provides hardware resources for the client through hardware isolation, thereby ensuring the real-time requirement of the client and directly running various real-time operating systems. Additional aspects of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention.
FIG. 1 is a schematic diagram of an overall framework of a lightweight virtualization implementation method according to an embodiment of the present invention;
FIG. 2 is a basic flow diagram of a lightweight virtualization implementation method according to an embodiment of the present invention;
FIG. 3 is a schematic diagram illustrating an example of a virtualization method according to an embodiment of the present invention;
FIG. 4 illustrates privilege levels corresponding to different hardware platform virtual machine management firmware according to an embodiment of the invention.
Detailed Description
It should be noted that the following detailed description is exemplary and is intended to provide further explanation of the invention. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the present invention.
Embodiments of the invention and features of the embodiments may be combined with each other without conflict.
As shown in fig. 1 and 2, an object of the present embodiment is to provide a lightweight virtualization implementation method, where implementation of the method is based on a user interaction tool, a system driver and virtual management firmware, which are built in advance, and specifically includes the following processing procedures:
The method comprises the steps of 1, responding to the enabling of a virtualization function, loading a client configuration file through a pre-built user interaction tool, wherein the user interaction tool runs in a host client operating system, and the client configuration file comprises hardware resources distributed to a host client and a plurality of sub clients and shared memory declarations used for communication among the clients;
The user interaction tool is used as a man-machine interaction interface for a user to manage the virtual machine (namely, the client machine), and the functions of checking the state of the existing virtual machine, creating a new virtual machine, deleting the existing virtual machine and the like are realized through the user interaction tool.
The user interaction tool is essentially a common application in the host client operating system for loading client configuration files given by the user, and most of its commands need to be sent to the system driver via system calls, taking into account the permission constraints of the operating system.
In a specific implementation, as shown in fig. 3, a user executes a specific command in the host client operating system by using a user interaction tool to enable or disable the virtualization function, and after the user enables the virtualization function, the virtual machine management firmware automatically isolates the current system into a virtualization environment, and after the user closes the virtualization function, the user can restore to the original system.
In the virtualization result of the solution in this embodiment, the virtual machine includes a main client and a plurality of sub-clients, where the main client is used as a virtualization management center, and its overall architecture is shown in fig. 1, and when virtualization is not enabled, only the main client is operated, and becomes an independent operating system, as shown in fig. 3, and when virtualization needs to be enabled, the relevant operation shown in fig. 2 needs to be executed in the main client.
In contrast to Type II, in the solution described in this embodiment, the Host client is also essentially a virtual machine, but the Host OS Host client of Type II is not a virtual machine, and in contrast to Type I, both the Host client and the sub-client of the solution described in this embodiment can directly access hardware resources, and the client of Type I needs to go through the VMM to access hardware.
The user interaction tool, the system driver and the virtual machine management firmware are all executable programs which can be independently used. Due to the design of modern CPU instruction set architecture, various operations are classified into different authority levels, and thus, the operations of different authorities are processed by the executable program respectively.
In a specific implementation, the virtual machine management is performed by the host client for the entire virtualization management, and therefore, user interaction tools, system drivers, and virtual machine management firmware need to be installed in the host client, as shown in fig. 2.
It should be noted here that the virtualization management may be performed on any client, but in order to reduce complexity, the solution described in this embodiment limits the management operations in the sub-clients. It will be appreciated that in further embodiments, the virtualization management may be performed on sub-clients other than the main client, which is not described herein.
In one or more embodiments, the virtualization implementation described in this embodiment supports three mainstream chip instruction set architectures of x86, ARM, RISC-V, where the working positions of the user interaction tool, the system driver, and the virtual machine management firmware in the three chip instruction set architectures of x86, ARM, RISC-V are shown in fig. 4. It should be noted that, in the three chip instruction set architecture, the user interaction tool, the system driver, and the virtual machine management firmware only run at the corresponding privilege level have the right to execute the corresponding operation.
The virtualization method can be directly deployed on the hardware device, and also supports the existing operating system of the multiplexing device.
After the virtualization is started, the user performs operations such as creating a new client, checking the state of an existing client, or deleting an unnecessary client through a command corresponding to a user interaction tool in the main client operating system, as shown in fig. 4, which illustrates a specific example after creating the new client.
In the solution described in this embodiment, the whole virtualization implementation uses the existing operating system of the device as a core, and management of all clients is performed in the master client.
In a specific implementation, the user interaction tool specifically performs the following processing procedures:
receiving command input of a user;
When the command is input as an enabling or creating command, reading and analyzing a preset configuration file, sending an analysis result and a corresponding command to a system driver to execute corresponding processing, and receiving and displaying a processing result;
When the command is input as disable, delete or view, the command is directly sent to the system driver to execute corresponding processing, and the processing result is received and displayed.
Specifically, the user interaction tool is an executable program for man-machine interaction in the user space, and provides commands such as enabling, disabling, creating, deleting, viewing and the like for carrying out virtualization management.
And for the enabling and creating command, the contents of the configuration file are read and analyzed, the format of the analyzed contents, the validity of the configuration item and the like are preliminarily checked, the checked contents are sent to the system driver, a return result of the system driver is received, and the return result is displayed to a user. The configuration file is essentially a text file which is convenient for a user to read and write, and the memory, the CPU, various peripheral hardware resources and the like which are needed to be used by the virtual machine and the shared memory statement for communication among different virtual machines are recorded.
For sub-commands such as disabling, deleting, checking and the like, the method directly sends the corresponding command to the driver, waits for the driver to return the corresponding result, and then displays the returned result to the user;
It should be noted that, since the virtualization operation belongs to a privileged operation, and the user interaction tool is essentially a user-state tool, which does not have virtualization rights (the rights of different architectures are classified as shown in fig. 4), all operations thereof need to be processed by the system call routing system driver. The reason is that the chip instruction set architecture design does not allow the user space privilege level to be directly switched to the virtual machine management privilege level, as shown in fig. 4, the user interaction tool, the system driver, and the virtual machine management firmware in the scheme described in this embodiment correspond to three different privilege levels of the user privilege level, the system privilege level, and the virtual machine privilege level, respectively.
Step 2, based on the configuration information in the client configuration file, controlling the virtual machine management firmware to isolate physical hardware resources of each client through system call, and providing a shared memory for communication among clients for each client to realize creation of the clients and communication among the clients, wherein the virtual machine management firmware runs in the memory;
When the virtualization function is enabled, the main client and the sub client are virtual machines, and when the virtualization function is disabled, the main client is an independent operating system.
In a specific implementation, the virtual machine management firmware is controlled to isolate physical hardware resources of different clients through system call, specifically, the system call is generated by a system driver through system call, the virtual machine management firmware is loaded to a memory for running through the super call, and the loaded virtual machine management firmware isolates the physical hardware to different clients.
The system driver is used for loading the virtual machine management firmware and responding to the interaction command from the user interaction tool, and also manages and maintains the basic information of each client, and is a kernel module of the operating system, loaded into the kernel of the operating system by a user, and requires a special privilege level for the virtualization related processing, so that partial commands need to be sent to the virtual machine management firmware through super call to be realized.
Further, the system driver specifically executes the following processing procedures:
Receiving configuration information and commands from a user interaction tool;
And for the enabling and creating commands, copying the content of the configuration information from the user space to the system space, and after verification processing, sending the verified configuration information and the corresponding commands to the virtual machine management firmware.
Specifically, checking processing is performed on the received configuration information or command from the user interaction tool;
after the verification is finished, copying the content of the configuration information from the user space to the system space for the enabling and creating command, then further verifying the version, the identifier, the availability of description resources and the like of the configuration information, and after the verification is finished, managing the configuration information of each client in a linked list form;
The configuration information after verification is sent to the virtual machine management firmware, and the virtual machine management firmware performs the allocation of hardware resources of each client and the hardware isolation operation according to the configuration information, wherein the description needs higher authority for the creation, the enabling and the disabling of commands (the authority grading of different architectures is shown in fig. 4), so that a driver can load the virtual machine management firmware into a memory for execution, and then send certain privileged operations to the virtual machine management firmware for processing through super-calling and return the result.
After successfully isolating the hardware resources, the system driver also needs to create corresponding maintenance nodes and map the maintenance nodes back to the host client to facilitate maintenance of other clients by the host client.
For the inquiry command, the existing management linked list can be traversed directly, corresponding client information is found, and then the client information is returned to the user interaction tool.
In a specific implementation, the virtual machine management firmware is used for isolating physical hardware resources to different clients, so that the different clients only use the visible hardware resources, and the virtual machine management firmware is essentially a section of special binary code which is loaded into a memory by a system driver for running.
In a specific implementation, the hardware isolation function of the virtual machine management firmware is the core of the whole virtualization scheme, and the hardware isolation function is realized by using the hardware virtualization characteristics provided by the processor, so that the implementation method is different for different hardware platforms, specifically as shown in fig. 4, the virtual machine management firmware operates at a specific processor privilege level, the virtual machine management firmware operates at a kernel Mode Ring0 privilege level of a Root Mode for an x86 architecture, the virtual machine management firmware operates at a virtualization Mode EL2 privilege level for an ARM architecture, and the virtual machine management firmware operates at a Hypervisor Mode privilege level for a RISC-V architecture.
In specific implementation, the virtual machine management firmware is used for receiving configuration information and commands from a system driver, carrying out allocation and hardware isolation of hardware resources of different clients according to the configuration information for enabling and creating commands, wherein the configuration information of each client is managed in a linked list form;
Specifically, the virtual machine management firmware is essentially an executable program that receives configuration information and commands from a driver and then processes the commands according to the command types, respectively, wherein:
for enabling and creating commands, initializing the state of a corresponding CPU according to the received configuration information, creating a corresponding memory page table, realizing the resource allocation and hardware isolation of memories and CPUs of different clients, and managing the configuration information of each client through a linked list;
For example, by taking memory isolation as an example, through the extended page table or nested page table technology supported by the hardware virtualization characteristics of the processor, the virtual machine management firmware can directly set the memory mapping of the virtual machine, so as to ensure that each virtual machine can only access the own memory space without passing through a system driver.
It will be appreciated that the allocation of hardware resources and hardware isolation may include other hardware devices such as I/O devices, storage devices, graphics cards, etc., in addition to memory and CPU.
It should be noted that when a new client is created or deleted, the virtual machine management firmware will update synchronization between all existing virtual machines because the virtual machine management firmware needs to suspend all other clients while performing hardware quarantine to ensure security and reliability.
For commands such as disabling, deleting, modifying and inquiring, the virtual machine management firmware inquires the configuration information of the corresponding client machine by traversing the linked list, carries out corresponding processing, and returns a processing result.
In further embodiments, the virtual machine management firmware is further configured to manage shared memory between clients for communication between clients. Wherein the shared memory is defined in the configuration file of each client.
Further, when creating a client, the virtual machine management firmware initializes the resources that can be used by the client only according to the configuration information in the configuration file, and when the client accesses the non-isolated resources, an exception is generated.
In an implementation, the virtual machine management firmware also provides a shared memory for communication between different clients, where the shared memory adopts a one-to-one model, i.e., a shared memory for communication needs to be declared together when any two clients communicate.
Specifically, the shared memory in the scheme described in this embodiment is defined by the configuration files corresponding to each client, and when two clients define the same shared memory in the configuration files, the two clients can communicate through the shared memory.
It should be noted here that, although there is shared memory in both Type I and Type II architectures, their shared memory is directly defined by the VMM, and the user needs to implement the shared memory by configuring the VMM.
The setting of the shared memory according to the scheme of the embodiment can meet the following application requirements:
The host client is typically a non-real time operating system, while the other clients are real time operating systems, in which application the host client acts as a user interaction interface to handle most tasks, whereas for real time tasks the host client is presented with real time operating system information and results of the processing, in this case via communication between the clients. For example, in industrial control, a host client provides a UI interface, while a client with a real-time operating system is responsible for handling various industrial controls with high real-time requirements, and parameters and control results of the controls need to be shared to the host client, so as to be convenient for a user to view.
Furthermore, the setting of the shared memory in this embodiment also allows different clients to share the same device.
In one or more embodiments, the system operated by the client may be a system such as a traditional Linux, android system or various real-time operating systems, and meanwhile, since the scheme in this embodiment is direct physical resource isolation, the bare metal program may also be directly operated.
In one or more embodiments, a lightweight virtualization apparatus is provided, including a hardware module and a software module, where the hardware module includes a CPU, a memory, and an IO device, the software module includes a main guest operating system, a user interaction tool, a system driver, and a virtual machine management firmware, and a lightweight virtualization implementation method as described above is performed based on the software module.
In a specific implementation, when an operating system exists on a certain device, the existing operating system can be selected to be directly multiplexed as a main client, and the user interaction tool, the driver and the virtual mechanism management firmware are installed into the existing operating system as a tool kit for use.
When the device has no operating system, the pre-constructed user interaction tool, driver, virtual machine management firmware and client configuration files can be packaged in the device, then the current virtualization scheme is directly deployed through the system installation tool, and after deployment, the structure of a main client and a plurality of client systems is formed.
In this embodiment, whether deployed directly or with an existing operating system, the user needs to manage (including adding, deleting, modifying, looking up) all clients in the host client and enable or disable the virtualization functionality.
Those of ordinary skill in the art will appreciate that the elements of the various examples described in connection with the present embodiments, i.e., the algorithm steps, can be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A method for implementing lightweight virtualization, which is applied to an apparatus deployed with a pre-built user interaction tool, a system driver, and virtual machine management firmware, comprising:
Loading a client configuration file through a pre-built user interaction tool in response to the enabling of the virtualization function, wherein the user interaction tool runs in a host client operating system;
Based on the configuration information in the client configuration file, the virtual machine management firmware is controlled to isolate physical hardware resources of each client through system call, and a shared memory for communication between the clients is provided for each client to realize the creation of the clients and communication between the clients;
When the virtualization function is enabled, the main client and the sub client are virtual machines, and when the virtualization function is disabled, the main client is an independent operating system.
2. A method for implementing lightweight virtualization as recited in claim 1, wherein the method directly provides hardware resources used by the client through hardware isolation.
3. The method for implementing lightweight virtualization according to claim 1, wherein the isolation of physical hardware resources is performed on each client by the system call control virtual machine management firmware, specifically, the system call is performed by the user interaction tool, the system call generates a super call through the system driver, the virtual machine management firmware is loaded to the memory for running through the super call, and the physical hardware is isolated to different clients through the loaded virtual machine management firmware.
4. The method of claim 1, wherein the shared memory is a one-to-one model, and wherein a separate shared memory is declared for communication between any two clients.
5. The method of claim 1, wherein the virtual machine management firmware operates at a particular processor privilege level, the virtual machine management firmware operates at a kernel mode privilege level of a root mode for an x86 architecture, a virtualization mode privilege level for an ARM architecture, and a virtual machine monitor mode privilege level for a RISC-V architecture.
6. The method for implementing lightweight virtualization according to claim 1, wherein the virtual machine management firmware specifically performs the following processing steps of receiving configuration information and commands from a driver, and then performing processing according to the command types, respectively, wherein:
for enabling and creating commands, initializing the state of a corresponding CPU according to the received configuration information, creating a corresponding memory page table, realizing the resource allocation and hardware isolation of memories and CPUs of different clients, and managing the configuration information of each client through a linked list;
and for disabling, deleting, modifying and inquiring commands, carrying out corresponding processing by inquiring the configuration information of the corresponding client, and returning a processing result.
7. The method for implementing lightweight virtualization according to claim 1, wherein the user interaction tool specifically performs the following processing procedures:
receiving command input of a user;
When the command is input as an enabling or creating command, reading and analyzing a preset configuration file, sending an analysis result and a corresponding command to a system driver to execute corresponding processing, and receiving and displaying a processing result;
When the command is input as disable, delete or view, the command is directly sent to the system driver to execute corresponding processing, and the processing result is received and displayed.
8. The method of claim 1, wherein the system driver specifically performs the processing of receiving configuration information and commands from the user interaction tool, copying the content of the configuration information from the user space to the system space for enabling and creating commands, after verification processing, sending the verified configuration information and corresponding commands to the virtual machine management firmware for processing and returning results, and after successfully isolating hardware resources, creating corresponding maintenance nodes in a pre-built management linked list and mapping the maintenance nodes back to the host client to facilitate maintenance of other clients by the host client, and for querying commands, finding corresponding client information by directly traversing the existing management linked list and then returning to the user interaction tool.
9. The method of claim 1, wherein the client running operating system types include Linux, android, windows, a real-time operating system, and a bare metal program.
10. A lightweight virtualization device, comprising a hardware module and a software module, wherein the hardware module comprises a CPU, a memory and an IO device, the software module comprises a main client operating system, a user interaction tool, a system driver and a virtual machine management firmware, and the lightweight virtualization implementation method according to any one of claims 1-9 is executed based on the software module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202510486671.1A CN120011001B (en) | 2025-04-18 | 2025-04-18 | Light-weight virtualization implementation method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202510486671.1A CN120011001B (en) | 2025-04-18 | 2025-04-18 | Light-weight virtualization implementation method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN120011001A true CN120011001A (en) | 2025-05-16 |
| CN120011001B CN120011001B (en) | 2025-08-15 |
Family
ID=95677610
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202510486671.1A Active CN120011001B (en) | 2025-04-18 | 2025-04-18 | Light-weight virtualization implementation method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN120011001B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101398768A (en) * | 2008-10-28 | 2009-04-01 | 北京航空航天大学 | Construct method of distributed virtual machine monitor system |
| CN106844007A (en) * | 2016-12-29 | 2017-06-13 | 中国科学院计算技术研究所 | A kind of virtual method and system based on spatial reuse |
| US10108446B1 (en) * | 2015-12-11 | 2018-10-23 | Fireeye, Inc. | Late load technique for deploying a virtualization layer underneath a running operating system |
| CN109522087A (en) * | 2018-09-13 | 2019-03-26 | 上海交通大学 | Processor-based Imaginary Mechanism construction method and system |
| CN117742889A (en) * | 2023-12-14 | 2024-03-22 | 深圳市汇川技术股份有限公司 | Virtualization system, working methods, working equipment and readable storage media |
-
2025
- 2025-04-18 CN CN202510486671.1A patent/CN120011001B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101398768A (en) * | 2008-10-28 | 2009-04-01 | 北京航空航天大学 | Construct method of distributed virtual machine monitor system |
| US10108446B1 (en) * | 2015-12-11 | 2018-10-23 | Fireeye, Inc. | Late load technique for deploying a virtualization layer underneath a running operating system |
| CN106844007A (en) * | 2016-12-29 | 2017-06-13 | 中国科学院计算技术研究所 | A kind of virtual method and system based on spatial reuse |
| CN109522087A (en) * | 2018-09-13 | 2019-03-26 | 上海交通大学 | Processor-based Imaginary Mechanism construction method and system |
| CN117742889A (en) * | 2023-12-14 | 2024-03-22 | 深圳市汇川技术股份有限公司 | Virtualization system, working methods, working equipment and readable storage media |
Non-Patent Citations (1)
| Title |
|---|
| 董耀祖;张献涛;田坤;徐雪飞;: "安腾架构硬件辅助完全虚拟化设计与实现", 系统仿真学报, no. 18, 20 September 2008 (2008-09-20) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN120011001B (en) | 2025-08-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP5323897B2 (en) | Method, apparatus and system for bi-directional communication between a virtual machine monitor and an ACPI compliant guest operating system | |
| JP5042848B2 (en) | System and method for depriving components of virtual machine monitor | |
| US7257811B2 (en) | System, method and program to migrate a virtual machine | |
| EP2513789B1 (en) | A secure virtualization environment bootable from an external media device | |
| US9384060B2 (en) | Dynamic allocation and assignment of virtual functions within fabric | |
| US10592434B2 (en) | Hypervisor-enforced self encrypting memory in computing fabric | |
| US10635499B2 (en) | Multifunction option virtualization for single root I/O virtualization | |
| US20050216920A1 (en) | Use of a virtual machine to emulate a hardware device | |
| US20150169346A1 (en) | Method for controlling a virtual machine and a virtual machine system | |
| KR20190038065A (en) | Linux based android container platform, device equipped with the same and method for apply security system in linux based android container environment | |
| US10162657B2 (en) | Device and method for address translation setting in nested virtualization environment | |
| JP2009506462A (en) | Hierarchical virtualization using a multi-layered virtualization mechanism | |
| EP3701373B1 (en) | Virtualization operations for directly assigned devices | |
| KR20070100367A (en) | Methods, devices, and systems for dynamically reallocating memory from one virtual machine to another | |
| CN107423619A (en) | A kind of method during the structure intelligent terminal WEB operations based on virtualization technology | |
| US20160077858A1 (en) | Reset of single root pci manager and physical functions within a fabric | |
| US20160077847A1 (en) | Synchronization of physical functions and virtual functions within a fabric | |
| US20070011444A1 (en) | Method, apparatus and system for bundling virtualized and non-virtualized components in a single binary | |
| JP7465046B2 (en) | Injecting interrupts and exceptions into the secure virtual machine | |
| US20160321116A1 (en) | Translating operating system processes | |
| Xu et al. | Condroid: a container-based virtualization solution adapted for android devices | |
| CN120011001A (en) | A lightweight virtualization implementation method and device | |
| Kanda et al. | SIGMA system: A multi-OS environment for embedded systems | |
| US8402191B2 (en) | Computing element virtualization | |
| CN113557498B (en) | Means for forwarding a coordination request to a processing circuit in response to a configuration request |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |