READ-ONLY VM FUNCTION CHAINING FOR SECURE HYPERVISOR ACCESS

摘要

A hypervisor configures a first VM function component for execution on behalf of a virtual machine, the first VM function component to execute a second VM function component. The hypervisor then configures the second VM function for execution on behalf of the first VM function component, the second VM function component to execute at least one privileged instruction. The hypervisor receives a request from the virtual machine to execute the first VM function component, and executes the first VM function component. The hypervisor then receives a request from the first VM function component to execute the second VM function component and executes the second VM function component.

主权项

1. A method comprising:
configuring, by a processing device executing a hypervisor, a first VM function component for execution on behalf of a virtual machine, the first VM function component to execute a second VM function component; configuring, by the hypervisor, the second VM function for execution on behalf of the first VM function component, the second VM function component to execute at least one privileged instruction; receiving, by the hypervisor, a request from the virtual machine to execute the first VM function component; executing, by the hypervisor, the first VM function component on behalf of the virtual machine; receiving, by the hypervisor, a request from the first VM function component to execute the second VM function component; and executing, by the hypervisor, the second VM function component.