Technique for protecting guest processes using a layered virtualization architecture
US-10447728-B1 · Oct 15, 2019 · US
Faster computer memory access by reducing SLAT fragmentation
US10901911B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10901911-B2 |
| Application number | US-201816198620-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 21, 2018 |
| Priority date | Nov 21, 2018 |
| Publication date | Jan 26, 2021 |
| Grant date | Jan 26, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
To increase the speed with which a Second Layer Address Table (SLAT) is traversed, memory having the same access permissions is contiguously arranged such that one or more hierarchical levels of the SLAT need not be referenced, thereby resulting in more efficient SLAT traversal. “Slabs” of memory are established whose memory range is sufficiently large that reference to a hierarchically lower level table can be skipped and a hierarchically higher level table's entries can directly identify relevant memory addresses. Such slabs are aligned to avoid smaller intermediate memory ranges. The loading of code or data into memory is performed based on a next available memory location within a slab having equivalent access permissions, or, if such a slab is not available, or if an existing slab does not have a sufficient quantity of available memory remaining, a new slab with the proper access permissions is established.
First claim
Opening claim text (preview).
We claim: 1. A method of increasing a speed of access of computer memory, the method comprising: receiving a request to load a first data into memory, wherein the first data comprises at least one of: executable code or readable data; determining first memory access permissions that are expected to be set for a first memory into which the first data is stored; allocating a first memory slab, into which to load only executable code, readable data, or a combination of executable code and readable data that are expected to have the first memory access permissions, if either a memory slab associated with the first memory access permissions has not already been created or if all previously created memory slabs associated with the first memory access permissions do not have a quantity of available memory sufficient to accommodate the first data; identifying a first available memory in the first memory slab, if the first memory slab has already been created and has the quantity of available memory sufficient to accommodate the first data; and loading the first data into the identified first available memory; wherein, within a page table correlating memory addresses in a first memory addressing scheme to memory addresses in a second, different memory addressing scheme, a first range of memory encompassed by the first slab is identified by reference to a single table entry of a table that is at least one hierarchical level above a hierarchically lowest level of tables in the page table, the first range of memory being identified without reference to any table in the hierarchically lowest level of tables. 2. The method of claim 1 , wherein the page table is a Second Layer Access Table (SLAT) maintained by a hypervisor. 3. The method of claim 2 , further comprising: providing access to the first data, as loaded into the identified first available memory, to an operating system process; wherein the operating system process verifies the data, as loaded into the identified first available memory and, if properly verified, instructs the hypervisor to set the first memory access permissions for the identified first available memory in the SLAT. 4. The method of claim 1 , wherein the first memory access permissions are non-default memory access permissions that comprise one of: (1) only read and execute permissions, (2) only read permissions or (3) no access permissions. 5. The method of claim 1 , wherein the first range of memory is 2 MB. 6. The method of claim 1 , wherein the first range of memory encompassed by the first slab is identified by reference to a single table entry of a table that is two hierarchical levels above the hierarchically lowest level of tables in the page table, the first range of memory being identified without reference to any table in the hierarchically lowest level of tables and without reference to any table in a hierarchically second-lowest level of tables that is one hierarchical level above the hierarchically lowest level of tables. 7. The method of claim 6 , wherein the first range of memory is 1 GB. 8. The method of claim 1 , wherein the allocating the first memory slab comprises establishing a starting address of the first range of memory to be spaced apart from an ending address of a second range of memory encompassed by a prior slab such that an intermediate range of memory between the ending address of the second range and the starting address of the first range can be identified utilizing either one large memory page or one huge memory page. 9. The method of claim 1 , further comprising preventing demand-paging for the first range of memory. 10. The method of claim 1 , further comprising: writing a known safe pattern of data to remaining available memory in the first memory slab. 11. The method of claim 1 , further comprising: determining that the identified first memory into which the first data was loaded has a second memory access permissions that differ from the first memory access permissions; allocating a second memory slab, into which to load only executable code, readable data, or a combination of executable code and readable data that are expected to have the second memory access permissions, if either a memory slab associated with the second memory access permissions has not already been created or if all previously created memory slabs associated with the second memory access permissions do not have the quantity of available memory sufficient to accommodate the first data; identifying a second available memory in the second memory slab, if the second memory slab has already been created and has the quantity of available memory sufficient to accommodate the first data; loading the first data into the identified second available memory; and removing the first data from the first identified memory, the first identified memory being part of the first slab. 12. The method of claim 1 , further comprising: pre-allocating at least one slab of memory corresponding to at least some non-default sets of memory access permissions; wherein the non-default sets of memory access permissions comprise: (1) only read and execute permissions, (2) only read permissions and (3) no access permissions. 13. One or more computer-readable storage media comprising computer-executable instructions, which when executed, cause a computing device to: receive a request to load a first data into memory, wherein the first data comprises at least one of: executable code or readable data; determine first memory access permissions that are expected to be set for a first memory into which the first data is stored; allocate a first memory slab, into which to load only executable code, readable data, or a combination of executable code and readable data that are expected to have the first memory access permissions, if either a memory slab associated with the first access permissions has not already been created or if all previously created memory slabs associated with the first access permissions do not have a quantity of available memory sufficient to accommodate the first data; identify a first available memory in the first memory slab, if the first memory slab has already been created and has the quantity of available memory sufficient to accommodate the first; and load the first data into the identified first available memory; wherein, within a page table correlating memory addresses in a first memory addressing scheme to memory addresses in a second, different memory addressing scheme, a first range of memory encompassed by the first slab is identified by reference to a single table entry of a table that is at least one hierarchical level above a hierarchically lowest level of tables in the page table, the first range of memory being identified without reference to any table in the hierarchically lowest level of tables. 14. The computer-readable storage media of claim 13 , wherein the first range of memory encompassed by the first slab is identified by reference to a single table entry of a table that is two hierarchical levels above the hierarchically lowest level of tables in the page table, the first range of memory being identified without reference to any table in the hierarchically lowest level of tables and without reference to any table in a hierarchically second-lowest level of tables that is one hierarchical level above the hierarchically lowest level of tables. 15. The computer-readable storage media of claim 13 , wherein the computer-executable instructions for allocating the first memory slab comprise computer-executable instructions for establishing a starting address of the first range
Assignees
Inventors
Classifications
Latency reduction · CPC title
for multiple virtual address spaces, e.g. segmentation (G06F12/1036 takes precedence) · CPC title
- G06F9/45558Primary
Hypervisor-specific management and integration aspects · CPC title
Memory management, e.g. access or allocation · CPC title
in a hierarchical protection system, e.g. privilege levels, memory rings · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10901911B2 cover?
- To increase the speed with which a Second Layer Address Table (SLAT) is traversed, memory having the same access permissions is contiguously arranged such that one or more hierarchical levels of the SLAT need not be referenced, thereby resulting in more efficient SLAT traversal. “Slabs” of memory are established whose memory range is sufficiently large that reference to a hierarchically lower l…
- Who is the assignee on this patent?
- Microsoft Technology Licensing Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F9/45558. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jan 26 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).