WO2009113571A1 - Dispositif et procédé de traitement d'informations susceptibles de faire fonctionner une pluralité de programmes logiciels basiques - Google Patents

Dispositif et procédé de traitement d'informations susceptibles de faire fonctionner une pluralité de programmes logiciels basiques Download PDF

Info

Publication number
WO2009113571A1
WO2009113571A1 PCT/JP2009/054643 JP2009054643W WO2009113571A1 WO 2009113571 A1 WO2009113571 A1 WO 2009113571A1 JP 2009054643 W JP2009054643 W JP 2009054643W WO 2009113571 A1 WO2009113571 A1 WO 2009113571A1
Authority
WO
WIPO (PCT)
Prior art keywords
execution environment
semiconductor integrated
division control
integrated circuit
environment division
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2009/054643
Other languages
English (en)
Japanese (ja)
Inventor
淳嗣 酒井
正人 枝廣
浩明 井上
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEC Corp
Original Assignee
NEC Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEC Corp filed Critical NEC Corp
Priority to JP2010502849A priority Critical patent/JPWO2009113571A1/ja
Publication of WO2009113571A1 publication Critical patent/WO2009113571A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine

Definitions

  • the present invention relates to a semiconductor integrated circuit having a plurality of CPUs connected by an interconnection network, and more particularly, to an information processing apparatus and method capable of safely operating infrastructure software in consideration of reliability and versatility.
  • the reliability of the system operation depends on the reliability of the base software.
  • FIG. 15 is a diagram schematically illustrating an example of a typical configuration of an information processing apparatus in which the base software is executed.
  • the base software 70P1 manages the arithmetic circuits 10P1-1 to 10P1-m, and executes application groups 50P1-1 to 50P1-j and OSs 60P1-1 to 60P1-j on the base software 70P1.
  • a plurality of pieces of base software can be operated independently in the plurality of arithmetic circuits 10P1-1 to 10P1-m.
  • the information processing apparatus shown in FIG. 15 can easily destroy other execution environments when there is a bug in the base software, or when the base software itself is attacked and taken by malicious software. There was a problem such as.
  • FIG. 16 is a diagram schematically illustrating an example of the configuration of an information communication terminal device that executes a downloaded additional process (see Patent Document 2).
  • a plurality of CPUs 10010AP1 and 10010BP1 are divided into a plurality of domains 10020AP1 and 10020BP1 according to the reliability of the program (process) to be executed.
  • the CPU 10010BP1 that includes a plurality of CPUs and belongs to a domain that executes low-security processing such as additional processing accesses the memory 31 and the input / output device (I / O) 41 of the domain that executes high-security processing
  • the access request is configured such that access permission / non-permission is determined by the access control unit 10030P1, and only permitted access is performed. With this configuration, it is possible to construct a highly reliable security system based on hardware control.
  • JP-T-2004-5000666 International Publication Number WO2006 / 022161 A1
  • the area used by the OS can be fixed in advance.
  • FIG. 16 In an information processing apparatus that assumes various execution environments such as a data center, a resource area to be used cannot be determined in advance. Therefore, the configuration of FIG. 16 has room for improvement in terms of versatility when applied to a data center or the like.
  • an object of the present invention is to prevent an information processing apparatus having a plurality of execution environments from propagating the influence due to the operation to other effective environments even if there is a malfunction in the operation of certain basic software.
  • An object of the present invention is to provide an apparatus and a method that enable a highly reliable information processing apparatus to be realized.
  • Another object of the present invention is to provide an apparatus and method that can realize a highly reliable information processing apparatus at low cost.
  • Still another object of the present invention is to provide an apparatus and method that enable dynamic resource allocation with high reliability between unreliable infrastructure software.
  • a plurality of arithmetic circuits, a plurality of base software executed by the plurality of arithmetic circuits, and access from the arithmetic circuits are restricted, and separation control between the arithmetic circuits is performed.
  • An interconnection network having filter means for performing, an arithmetic circuit different from the arithmetic circuit for executing each of the plurality of infrastructure software, and an execution environment division control means executed by the different arithmetic circuit,
  • One environment division control means is provided for a plurality of the base software, and a semiconductor integrated circuit or an information processing apparatus is provided for changing the access restriction setting of the filter means of the interconnection network.
  • the plurality of base software have the same or equivalent reliability.
  • a plurality of arithmetic circuits, a plurality of basic software programs respectively executed by the plurality of arithmetic circuits, and access from the arithmetic circuits are restricted, and separation control between the arithmetic circuits is performed.
  • An information processing apparatus control method comprising an interconnection network having filter means for performing execution environment division control means in an arithmetic circuit different from the arithmetic circuit for executing each of the plurality of infrastructure software, One execution environment division control unit is provided for a plurality of the base software, and a method for changing the access restriction setting of the filter unit of the interconnection network is provided.
  • FIG. 1 is a diagram showing an overall configuration of a semiconductor integrated circuit according to an embodiment of the present invention. It is a figure which shows the division
  • an arithmetic circuit 10P1-Pn such as a CPU
  • a memory control circuit 30 connected to an external memory 31
  • the I / O control circuit 40 connected to the I / O 41 and the arithmetic circuits 10P1-Pn, the memory control circuit 30, and the I / O control circuit 40 are interconnected, and the arithmetic circuits 10P1-Pn are connected to each other while maintaining consistency.
  • description will be made in accordance with examples.
  • FIG. 1 is a diagram showing an overall configuration of an information processing apparatus according to an embodiment of the present invention.
  • a semiconductor integrated circuit 100 in addition to an arithmetic circuit 10P1-Pn such as a CPU, a memory control circuit 30 connected to an external memory 31, and an I / O control circuit 40 connected to an external I / O 41.
  • an interconnection network 1000 including a filter device 1010 capable of interconnecting them and performing control of separation between arithmetic circuits while maintaining consistency is provided.
  • the arithmetic circuit 10, the memory control circuit 30, the memory 31, the I / O control circuit 40, the I / O 41, and the interconnection network 1000 each have not only a separate package configuration but also a SoC (System-on-Chip).
  • SoC System-on-Chip
  • An internal circuit configuration, a SiP (System-in-Package) configuration with another chip, a three-dimensional LSI configuration, or a combination thereof may be used.
  • the arithmetic circuits 10P1-Pn may be any arithmetic device capable of performing a program operation, such as a signal processing processor, a VLIW (Very Long Instruction Word) processor, or a configurable processor.
  • a signal processing processor such as a signal processing processor, a VLIW (Very Long Instruction Word) processor, or a configurable processor.
  • VLIW Very Long Instruction Word
  • the filter device 1010 is a filter device disclosed in Patent Document 2 (International Publication No. WO2006 / 022161, A1) and the like that can perform separation control between arithmetic circuits while maintaining consistency. Anything is fine.
  • FIG. 2 is a diagram showing an overall configuration of the semiconductor integrated circuit 100 according to an embodiment of the present invention.
  • the plurality of arithmetic circuit groups 11, the execution environment division control means 200 executed on the plurality of arithmetic circuit groups 11, and the base software 70P1 are executed on the arithmetic circuits 10P1-1 to 10P1-m.
  • a plurality of execution environments 90P1 to 90Pk are provided on which the application groups 50P1-1 to 50P1-j and the OS 60P1-60P1-j are respectively executed.
  • an interconnection network 1000 including a filter device 1010 capable of interconnecting arithmetic circuits and performing separation control between arithmetic circuits while maintaining consistency is provided.
  • the base software 70P1 to 70Pk in the plurality of execution environments 90P1 to 90Pk have the same or equivalent reliability.
  • a plurality of execution environments 90P1 to 90Pk may be represented by the execution environment 90.
  • the basic software means basic software that supports execution of the OS, such as virtualization software and firmware. Of course, if the OS is allowed to be modified, the OS itself may include the base software.
  • the setting of the filter device 1010 can be changed only by the execution environment division control unit 200. All requests from the execution environment division control unit 200 and the arithmetic circuit group 11 may be permitted, or the filter device 1010 may set its own access range.
  • the execution environment 90 is a hardware / software environment for executing an application assigned to each user of the data center. That is, one execution environment includes a plurality of domains shown in FIG.
  • the execution environment division control means 200 is executed by the arithmetic circuit group 11 independent of the arithmetic circuits that execute the execution environments 90P1 to 90Pk.
  • the minimum arithmetic circuit group 11 (one CPU or a plurality of CPUs) is newly added to the information processing apparatus, and the functions of the division of the execution environment and the resource arbitration between the execution environments are shared from the execution environment. It can be said that it is cut out as a term and separately cut out as execution environment division control means 200 that can be shared between execution environments. This is because it is difficult to cut out the basic process in the execution environment, and by setting the reliability of the basic process low, the entire execution environment can be regarded as a process with low reliability. As a result, instead of performing filter control within each execution environment, it is possible to extract the execution environment dividing means 200 that performs filter control shared by the entire apparatus. Thereby, extremely low-cost filter control is possible.
  • An information processing apparatus provider such as a data center cannot know in advance (before the apparatus is shipped) what kind of software the user can operate in the execution environment. Since the provider cannot guarantee that the entire execution environment is 100% bug-free and completely prevents malicious viruses, the reliability of the entire execution environment is determined for the information processing apparatus. Can be considered low.
  • the information processing apparatus provider can guarantee the operations of the arithmetic circuit group 11 and the execution environment division control means 200 in advance (before the apparatus is shipped). In this respect, it can be said that the execution environment division control unit 200 is more reliable for the information processing apparatus than the entire execution environment.
  • the arithmetic circuit group 11 does not execute the basic functions of the information processing apparatus.
  • Basic functions indispensable for each user are included in each execution environment.
  • the highly reliable execution environment division control means 200 and the calculation are executed in a situation where an execution environment that is not reliable for each user is operating on the semiconductor integrated circuit 100 shared by a plurality of users.
  • the mutual interference between the unreliable execution environments is performed at low cost via the filter device 1010 in terms of hardware.
  • the configuration is one of the features.
  • the execution environment division control means 200 can cooperate with the basic software group 70 to perform resource arbitration between execution environments safely and at low cost.
  • the reason why this is possible is that, in the present embodiment, although the basic software group is not reliable, it is through a forced setting change of the filter device 1010 or a circuit-based forced control such as a reset. This is because the execution environment belonging to the user can avoid monopolizing the CPU resources and the like in terms of hardware.
  • FIG. 3 is a diagram showing the division information 201 set in the filter device 1010 according to an embodiment of the present invention.
  • the arithmetic circuit # 1-10 is permitted to read (R) the area from 0x00000000 to 0x10000000 and read / write (R, W) to the area from 0x1000000 to 0x20000000. Are all rejected.
  • the arithmetic circuit # 11-50 is permitted to read (R) the area from 0x20000000 to 0x30000000 and read / write (R, W) from the area from 0x3000000 to 0x40000000, and to read / write to the other areas (R, W) Are all rejected.
  • access control to the memory or I / O area can be performed for each arithmetic circuit managed by each base software, so that the reliability between the base software can be improved.
  • FIG. 4 is a diagram for explaining an example of the operation of the semiconductor integrated circuit 100 of FIG.
  • the sign consisting of S and a number beside the arrow represents a step number.
  • a method for determining the memory / I / O area that can be executed by each of the arithmetic circuits 10P1-1 to 10P1-m to 10Pk-1 to 10Pk-n will be described.
  • FIG. 5 is a diagram for explaining an example of the operation of the semiconductor integrated circuit 100 of FIG.
  • the sign consisting of S and a number beside the arrow represents a step number.
  • a method of starting the base software 70P1 to 70Pk for the arithmetic circuits 10P1-1 to 10P1-m to 10Pk-1 to 10Pk-n will be described.
  • Step 3 (S3) The execution environment division control unit 200 provides information about the allocated area to the base software 70P1 to 70Pk.
  • FIG. 6 is a diagram for explaining an example of the operation of the semiconductor integrated circuit 100 of FIG.
  • a sign consisting of S and a number beside the arrow represents a step number.
  • a description will be given of a method in which the base software 70P1 to 70Pk starts the OSs of the respective execution environments 90P1 to 90Pk.
  • resource virtualization includes, for example, memory virtualization such as where to set an address assigned to address 0, and virtualization for I / O and interrupt processing.
  • FIG. 7 is a diagram for explaining an example of the operation of the semiconductor integrated circuit 100 of FIG.
  • the sign consisting of S and a number beside the arrow represents a step number.
  • a case where an access permitted by the filter device 1010 is issued from the execution environment 90P1 will be described.
  • FIG. 8 is a diagram for explaining an example of the operation of the semiconductor integrated circuit 100 of FIG.
  • the sign consisting of S and a number beside the arrow represents a step number.
  • the filter device 1010 is issued from the execution environment 90P1 .
  • FIG. 9 is a diagram for explaining an example of the operation of the semiconductor integrated circuit 100 of FIG.
  • the sign consisting of S and a number beside the arrow represents a step number.
  • the execution environment division control unit 200 dynamically adjusts resources in a specific execution environment based on information given from the system.
  • the information given from the system means that, for example, an arithmetic circuit or a memory is newly added to the system, or the use of the arithmetic circuit or memory in a specific virtual environment is stopped for maintenance. Means that.
  • the base software 70P1 waits for a response from the execution environment division control means 200. Of course, when waiting for a response, the base software 70P1 may proceed with processing not related to the given information.
  • the base software 70P1 of the execution environment 90P1 starts operation based on the new information.
  • the base software may be notified to the system side or reset.
  • the setting may be forcibly changed. This makes it possible to control the base software with high reliability.
  • FIG. 10 is a diagram for explaining an example of the operation of the semiconductor integrated circuit 100 of FIG.
  • the sign consisting of S and a number beside the arrow represents a step number.
  • a description will be given of a method in which the execution environment division control unit 200 dynamically adjusts resources between execution environments based on information given from a system or infrastructure software.
  • the information given from the system means, for example, distribution according to the load state of the arithmetic circuit or the memory.
  • Step 1 (S1) The execution environment division control means 200 receives information from the base software 70P1 of the system or the execution environment 90P1.
  • the base software 70P1 of the execution environment 90P1 may start the operation based on the new information, and may notify the system side when there is no response from the base software, or reset the system. May be.
  • the setting may be forcibly changed. This makes it possible to control the base software with high reliability.
  • FIG. 11 is a diagram showing an overall configuration of an information processing apparatus according to another embodiment of the present invention. Referring to FIG. 11, there is shown a configuration in which a memory 31 and an I / O 41 are shared among a plurality of semiconductor integrated circuits 100C1 to Ct.
  • the semiconductor integrated circuit 100C1 includes an execution environment division control unit 200C1 and an interconnection network 1000C1 including a filter device 1010C1.
  • the semiconductor integrated circuit 100Ct includes an execution environment division control unit 200Ct and an interconnection network 1000Ct including a filter device 1010Ct. That is, an information processing apparatus including a plurality of semiconductor integrated circuits provided with a shared memory / I / O is assumed.
  • FIG. 12 is a diagram for explaining an example of the operation of the information processing apparatus of FIG.
  • the sign consisting of S and a number beside the arrow represents a step number.
  • a description will be given of a method in which a plurality of execution environment division control means dynamically adjust resources between execution environments based on information given from a system or infrastructure software.
  • Step 1 (S1) The execution environment division control means 200C1 receives information from the system or the base software.
  • the system side may be notified, or the entire semiconductor integrated circuit may be reset.
  • the setting may be forcibly changed. This makes it possible to control the base software with high reliability.
  • FIG. 13 is a diagram showing an overall configuration of an information processing apparatus according to still another embodiment of the present invention.
  • the semiconductor integrated circuit 100C1 includes an execution environment division control unit 200C1 and an interconnection network 1000C1 including a filter device 1010C1.
  • the semiconductor integrated circuit 100Ct includes an execution environment division control unit 200Ct and an interconnection network 1000Ct including a filter device 1010Ct. That is, an information processing apparatus including a plurality of semiconductor integrated circuits provided with a distributed memory / I / O is assumed.
  • FIG. 14 is a diagram for explaining an example of the operation of the information processing apparatus of FIG.
  • a symbol consisting of S and a number beside the arrow represents a step number.
  • a description will be given of a method in which a plurality of execution environment division control means dynamically exchanges an OS between execution environments based on information given from a system or base software.
  • Step 1 (S1) The execution environment division control means 200C1 receives information from the system or the base software.
  • Step 7 (S7) The execution environment division control means 200Ct requests the execution environment to execute the OS.
  • Step 8 (S8) The execution environment division control means 200Ct obtains an OS execution response from the execution environment.
  • the copy of the memory it is possible to make it appear that the movement is completed instantaneously from the application by repeating the incremental copy.
  • the information processing apparatus and method capable of operating a plurality of pieces of base software have been described as examples.
  • the present embodiment is not limited to such an information processing apparatus and method, and any information Applicable to processing apparatus and method.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un dispositif et un procédé susceptibles de réaliser de manière peu coûteuse un processeur d'informations très fiable dans un dispositif de traitement d'informations ayant une pluralité d'environnements d'exécution. Le dispositif comprend une pluralité de circuits arithmétiques (10P1-1, 10P1-m), une pluralité de programmes logiciels basiques (70P1 à 70Pk) exécutée dans la pluralité de circuits arithmétiques et ayant la même fiabilité, un réseau de couplage mutuel (1000) ayant un moyen de filtre (1010) pour limiter les accès depuis la pluralité de circuits arithmétiques, un dispositif arithmétique (11) indépendant des circuits arithmétiques qui exécutent respectivement la pluralité de programmes logiciels, et un moyen de commande de division d'environnements d'exécution (200) exécuté par le circuit arithmétique (11). Le moyen de commande de division d'environnements d'exécution est partagé parmi la pluralité de programmes logiciels basiques, il est plus fiable que les programmes et modifie le paramétrage pour limiter les accès du moyen de filtre du réseau de couplage mutuel en coopération avec les programmes logiciels.
PCT/JP2009/054643 2008-03-11 2009-03-11 Dispositif et procédé de traitement d'informations susceptibles de faire fonctionner une pluralité de programmes logiciels basiques Ceased WO2009113571A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2010502849A JPWO2009113571A1 (ja) 2008-03-11 2009-03-11 複数の基盤ソフトウェアを動作可能な情報処理装置および方法

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2008-061588 2008-03-11
JP2008061588 2008-03-11

Publications (1)

Publication Number Publication Date
WO2009113571A1 true WO2009113571A1 (fr) 2009-09-17

Family

ID=41065232

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2009/054643 Ceased WO2009113571A1 (fr) 2008-03-11 2009-03-11 Dispositif et procédé de traitement d'informations susceptibles de faire fonctionner une pluralité de programmes logiciels basiques

Country Status (2)

Country Link
JP (1) JPWO2009113571A1 (fr)
WO (1) WO2009113571A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230388379A1 (en) * 2014-11-25 2023-11-30 Auth0, Inc. Multi-tenancy via code encapsulated in server requests

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH08287021A (ja) * 1995-02-14 1996-11-01 Fujitsu Ltd 共用メモリに結合される複数の計算機システム及び共用メモリに結合される複数の計算機システムの制御方法
JP2002140202A (ja) * 2000-11-01 2002-05-17 Hitachi Ltd 情報配信システムおよびその負荷分散方法
US6496847B1 (en) * 1998-05-15 2002-12-17 Vmware, Inc. System and method for virtualizing computer systems
JP2004062911A (ja) * 2002-07-26 2004-02-26 Hewlett-Packard Development Co Lp コンピュータ資源の割り当てを管理するシステム
JP2004252591A (ja) * 2003-02-18 2004-09-09 Hitachi Ltd 計算機システム、i/oデバイス及びi/oデバイスの仮想共有方法
JP2007035045A (ja) * 2005-07-27 2007-02-08 Intel Corp 階層化された仮想化アーキテクチャにおける仮想化イベント処理
WO2007027739A1 (fr) * 2005-08-30 2007-03-08 Microsoft Corporation Virtualisation hierarchique au moyen d'un mecanisme de virtualisation multiniveau
JP2007505402A (ja) * 2003-09-15 2007-03-08 インテル コーポレイション 特権イベントを処理するための複数のバーチャルマシーンモニタの利用

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH08287021A (ja) * 1995-02-14 1996-11-01 Fujitsu Ltd 共用メモリに結合される複数の計算機システム及び共用メモリに結合される複数の計算機システムの制御方法
US6496847B1 (en) * 1998-05-15 2002-12-17 Vmware, Inc. System and method for virtualizing computer systems
JP2002140202A (ja) * 2000-11-01 2002-05-17 Hitachi Ltd 情報配信システムおよびその負荷分散方法
JP2004062911A (ja) * 2002-07-26 2004-02-26 Hewlett-Packard Development Co Lp コンピュータ資源の割り当てを管理するシステム
JP2004252591A (ja) * 2003-02-18 2004-09-09 Hitachi Ltd 計算機システム、i/oデバイス及びi/oデバイスの仮想共有方法
JP2007505402A (ja) * 2003-09-15 2007-03-08 インテル コーポレイション 特権イベントを処理するための複数のバーチャルマシーンモニタの利用
JP2007035045A (ja) * 2005-07-27 2007-02-08 Intel Corp 階層化された仮想化アーキテクチャにおける仮想化イベント処理
WO2007027739A1 (fr) * 2005-08-30 2007-03-08 Microsoft Corporation Virtualisation hierarchique au moyen d'un mecanisme de virtualisation multiniveau

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230388379A1 (en) * 2014-11-25 2023-11-30 Auth0, Inc. Multi-tenancy via code encapsulated in server requests
US12170709B2 (en) * 2014-11-25 2024-12-17 Auth0, Inc. Multi-tenancy via code encapsulated in server requests

Also Published As

Publication number Publication date
JPWO2009113571A1 (ja) 2011-07-21

Similar Documents

Publication Publication Date Title
US10235515B2 (en) Method and apparatus for on-demand isolated I/O channels for secure applications
CN114816664B (zh) Gpu虚拟化
US9734096B2 (en) Method and system for single root input/output virtualization virtual functions sharing on multi-hosts
US9122515B2 (en) Completion notification for a storage device
JP5122597B2 (ja) 仮想プロセッサへの直接的なインタラプトの送信
US11983136B2 (en) PCIe device and operating method thereof
JP2008503015A (ja) 複数クライアントによる単一物理デバイスの共有
US11995019B2 (en) PCIe device with changeable function types and operating method thereof
CN105335227B (zh) 一种节点内的数据处理方法、装置和系统
CN113391881B (zh) 中断的管理方法、装置、电子设备及计算机存储介质
JP4980416B2 (ja) 物理デバイスコントローラから割り込みをリダイレクトすることによる複数の仮想デバイスコントローラの提供
WO2014120113A1 (fr) Affectation de processeurs à une configuration à topographie mémoire
US10853259B2 (en) Exitless extended page table switching for nested hypervisors
CN116583840A (zh) 快速外围部件互连保护控制器
US10698713B2 (en) Virtual processor state switching virtual machine functions
CN112099903A (zh) 一种虚拟机的内存管理方法、装置、cpu芯片及服务器
US9875131B2 (en) Virtual PCI device based hypervisor bypass using a bridge virtual machine
US20110161644A1 (en) Information processor
CN101470596A (zh) 虚拟化环境中的音频子系统共享
CN116611053A (zh) 可信执行环境实现方法及装置、终端设备
WO2013189180A1 (fr) Procédé et dispositif pour interdire une interruption dans un système de virtualisation
WO2009113571A1 (fr) Dispositif et procédé de traitement d'informations susceptibles de faire fonctionner une pluralité de programmes logiciels basiques
US20220222340A1 (en) Security and support for trust domain operation
EP3255544B1 (fr) Contrôleur d'interruption
KR20230152394A (ko) PCIe 장치 및 이의 동작 방법

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09720868

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2010502849

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09720868

Country of ref document: EP

Kind code of ref document: A1