The present invention relates to computing systems, and more specifically, to safely extending trusted hypervisor functions with existing device drivers.
Device drivers (also referred to drivers) are hardware-specific software which controls the operation of hardware devices connected to computing systems. To support new types of hardware devices in virtualized systems, operating system code and hypervisor code must be tailored to and enhanced for the particular type of hardware device and its driver. Without these modifications, the hardware device may not operate correctly in the system, and many system-specific functions (such as management, resource monitoring, and maintenance platforms) may not be supported. Often times, the device driver must be rewritten from scratch to add the device to a new environment.
These factors make the development of a common device driver that can be used across many environments impractical. The programmer skills, hardware details, and testing efforts required to create a properly functioning device driver conventionally require a significant investment of institutional resources and time. In many cases, without sufficiently detailed specifications for the hardware, the creation of a working device driver is practically impossible.
Existing device drivers, such as vendor-provided device drivers, control a device in the environment in which the driver is intended to operate in. However, using existing device drivers in environments other than those the device drivers were intended to operate in may have unwanted consequences, such as rendering the device unusable, causing system errors, exposing security vulnerabilities on the system, and undermining the stability of hardened services provided by a system.
In virtualized environments, multiple virtual machines (also referred to as logical partitions (LPARs)) may use the same physical I/O device, such as a network adapter. The hypervisor may isolate virtual machines, allowing a single virtual machine to access the physical I/O device at a time. To allow each virtual machine to use the same physical I/O device, the hypervisor may present a virtual device to each virtual machine. When a virtual machine performs I/O operations on the virtual device, the hypervisor can intercept (and queue) I/O requests by the virtual machine and pass the requested commands to the physical I/O device.
In some virtualized environments, a physical I/O device may allow multiple virtual machines to use the device concurrently through single root I/O virtualization (SR-IOV). In SR-IOV, a physical device may have physical functions (PFs) that allow for input/output and device configuration, as well as one or more virtual functions (VFs) that allow for data input/output. For example, an n-port network adapter may expose m VFs (e.g., one or more VFs for each port) that may be used by the virtual machines hosted on a computing system. A hypervisor on the host computing system may interact with the physical I/O device using the PFs, while each virtual machine can directly communicate with a portion of the physical I/O device using one or more VFs.