ARMvisor, more details
Upcoming SlideShare
Loading in...5
×
 

ARMvisor, more details

on

  • 4,601 views

 

Statistics

Views

Total Views
4,601
Views on SlideShare
4,601
Embed Views
0

Actions

Likes
4
Downloads
375
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

ARMvisor, more details ARMvisor, more details Presentation Transcript

  • ARMvisor Peter Chang This side is licensed under CC-BY-NC-SA 姓名標示─非商業性─相同方式分享(http://creativecommons.org/licenses/by-nc-sa/3.0/tw/legalcode)
  • Who am I?
  • Who am I?• Peter Chang
  • Who am I?• Peter Chang• One of the current developers of ARMvisor
  • Who am I?• Peter Chang• One of the current developers of ARMvisor• http://tw.linkedin.com/in/peterchangtw
  • What is ARMvisor?
  • ARM
  • ARM
  • ARM
  • What is KVM?
  • What is KVM?• A.k.a. Kernel-based Virtual Machine
  • What is KVM?• A.k.a. Kernel-based Virtual Machine• Type-II Virtual Machine Monitor
  • What is KVM?• A.k.a. Kernel-based Virtual Machine• Type-II Virtual Machine Monitor• A module of Linux kernel
  • What is KVM?
  • What is KVM?• Officially support x86/x64, PowerPC, S390
  • What is KVM?• Officially support x86/x64, PowerPC, S390 • No official support for ARM architecture
  • What is ARMvisor?
  • What is ARMvisor?• ARM架構上的KVM
  • What is ARMvisor?• ARM架構上的KVM• Para-virtualization
  • What is ARMvisor?• ARM架構上的KVM• Para-virtualization• Trap & Emulation
  • What is ARMvisor?• ARM架構上的KVM• Para-virtualization• Trap & Emulation• Dynamic Memory Allocation
  • What is ARMvisor?• ARM架構上的KVM• Para-virtualization• Trap & Emulation• Dynamic Memory Allocation• virtio & IRQchip-in-kernel
  • Guest OS: Linux 2.6.35 QEMU 0.14 Driver DeviceDriver ARMvisor Host OS: Linux 2.6.38 Hardware: ARM Cortex-A8
  • 2012 20112010 2009
  • 2012 20112010 2009
  • 2012 2011 2010Starting Point 2009
  • 2012 2011 2010Starting Point 2009
  • 2012 2011 ARMvisor Prototype 2010Starting Point 2009
  • 2012 2011 ARMvisor Prototype 2010Starting Point 2009
  • 2012CPU Opt & Mem Opt 2011 ARMvisor Prototype 2010 Starting Point 2009
  • 2012CPU Opt & Mem Opt 2011 ARMvisor Prototype 2010 Starting Point 2009
  • I/O Opt 2012CPU Opt & Mem Opt 2011 ARMvisor Prototype 2010 Starting Point 2009
  • Supported Hardware ARM Realview-eb ARM11 ARMv6 ISA
  • Supported Hardware TI BeagleBoard Cortex-A8 ARMv7 ISA
  • Supported Software• Patched Host OS: • Linaro Linux 2.6.38• Host Root Filesystem • Ubuntu/Debian RFS (CLI or GUI)• QEMU 0.14
  • Supported Software• Patched Guest OS: • Linux 2.6.35 (running on ARMv6 ISA)• Guest Root Filesystem: • Ubuntu/Debian RFS (CLI or GUI)
  • System model of ARMvisor
  • CPU virtualization
  • CPU virtualization• ARM is non-virtualizable CPU • Patch guest OS• “Trap and emulation”
  • ARMv6 ISA1.Branch instructions2.Data-processing instructions3.Multiply instructions4.Parallel addition and subtraction instructions5.Extend instructions6.Miscellaneous arithmetic instructions7.Other miscellaneous instructions8.Status register access instructions9.Load and store instructions10.Load and Store Multiple instructions11.Semaphore instructions12.Exception-generating instructions13.Coprocessor instructions
  • ARMv6 ISA1.Branch instructions Sensitive2.Data-processing instructions Instructions ?3.Multiply instructions4.Parallel addition and subtraction instructions5.Extend instructions6.Miscellaneous arithmetic instructions7.Other miscellaneous instructions8.Status register access instructions9.Load and store instructions10.Load and Store Multiple instructions11.Semaphore instructions12.Exception-generating instructions13.Coprocessor instructions
  • ARMv6 ISA1.Branch instructions2.Data-processing instructions3.Multiply instructions4.Parallel addition and subtraction instructions5.Extend instructions6.Miscellaneous arithmetic instructions7.Other miscellaneous instructions8.Status register access instructions9.Load and store instructions10.Load and Store Multiple instructions11.Semaphore instructions12.Exception-generating instructions13.Coprocessor instructions
  • Sensitive Instructions Data-processing instructions S-BIT: MOVS, ...Status register access instructions MRS, MSR, CPS, SETEND Load and store instructions T-BIT: LDRT, STRT, ... Load and Store Multiple instructions LDM(2), LDM(3), STM(2)Exception-generating instructions SWI, BKPT Coprocessor instructions MCR, MRC, MCRR, ...
  • Observation fromGuest Linux Code• MOVS• (MRS, MSR, CPS)• (LDRBT, LDRT, STRBT, STRT)• (LDM(2), LDM(3), STM(2))• SWI• (MCR, MRC, MCRR) 15 sensitive instructions used in the guest linux code
  • “Trap & emulation” Guest%OS User%space% trap %Kernel%space VMM
  • How to “trap”?…mov r0, r0add sp, spmovs pc, lr…
  • How to “trap”?…mov r0, r0add sp, spvirt_svc_movs “movs pc, lr”…
  • How to “trap”?…mov r0, r0add sp, spvirt_svc_movs “movs pc, lr”…
  • How to “trap”? .macro virt_svc_movs, inst SWI 0x190 inst… .endmmov r0, r0add sp, spvirt_svc_movs “movs pc, lr”…
  • How to “emulate”?
  • oxffff10000xffff001c Kernel Vectoroxffff0000
  • oxffff10000xffff001c Kernel Vectoroxffff0000
  • The KVM trap Interfaceoxffff10000xffff001c Kernel Vectoroxffff0000
  • UND ABORT SWI IRQ/FIQ KVM  Trap  Entry KVM/Guest Host  Trap  Handler  Context  Switch   Unit KVM  Trap  DispatcherInstruction   MMU   Exception/Interrupt   QEMU  I/OEmulation Emulation Emulation Emulation
  • User space Kernel space Guest Mode QEMU KVM Guest OS
  • User space Kernel space Guest Mode 1. VM initialization QEMU KVM Guest OS
  • User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU QEMU KVM Guest OS
  • User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM QEMU KVM Guest OS
  • User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest QEMU KVM Guest OS
  • User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest 5. Exit Guest QEMU KVM Guest OS
  • User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest 5. Exit Guest Lightweight trap QEMU KVM Guest OS
  • User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest 5. Exit Guest Lightweight trap 6. Enter Guest QEMU KVM Guest OS
  • User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest 5. Exit Guest Lightweight trap 6. Enter Guest 7. Exit Guest QEMU KVM Guest OS
  • User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest 5. Exit Guest Lightweight trap 6. Enter Guest 7. Exit Guest 8. Return to QEMU QEMU KVM Guest OS
  • User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest 5. Exit Guest Lightweight trap 6. Enter Guest Heavyweight trap 7. Exit Guest 8. Return to QEMU QEMU KVM Guest OS
  • User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest 5. Exit Guest Lightweight trap 6. Enter Guest Heavyweight trap 7. Exit Guest 8. Return to QEMU 9. Run VM QEMU KVM Guest OS
  • User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest 5. Exit Guest Lightweight trap 6. Enter Guest Heavyweight trap 7. Exit Guest 8. Return to QEMU 9. Run VM 10. Enter Guest QEMU KVM Guest OS
  • VCPU   oxffff2000Register   Sync File The KVM trap Interface oxffff1000 0xffff001c Kernel Vector oxffff0000
  • VCPU   oxffff2000Register   Shadow  Register  File Sync File The KVM trap Interface oxffff1000 0xffff001c Kernel Vector oxffff0000
  • mcr  cpsr,  r1 VCPU   oxffff2000Register   Shadow  Register  File Sync File The KVM trap Interface oxffff1000 0xffff001c Kernel Vector oxffff0000
  • mcr  cpsr,  r1 VCPU   oxffff2000Register   Shadow  Register  File Sync File The KVM trap Interface oxffff1000 0xffff001c Kernel Vector oxffff0000
  • mcr  cpsr,  r1 VCPU   oxffff2000 Read/WriteRegister   Shadow  Register  File Sync Instructions File The KVM trap Interface oxffff1000 0xffff001c Kernel Vector oxffff0000
  • mcr  cpsr,  r1 VCPU   oxffff2000 Read/WriteRegister   Shadow  Register  File Sync Instructions File The KVM trap Interface oxffff1000 0xffff001c Kernel Vector oxffff0000
  • Memory virtualization
  • PTB Virtual  Address Physical  Address
  • GVAGPAHVAHPA
  • Guest  PTB GVA GPA HVA HPA
  • Guest  PTB GVA GPA HVA HPA
  • Guest  PTB GVA GPA Host  PTB HVA HPA
  • Guest  PTB GVA GPA Host  PTB HVA New  SPTE  !!! HPA
  • PABT/DABT  trap
  • PABT/DABT  trap guest   page  table   walker
  • PABT/DABT  trap guest   page  table   walkerTrue  Translation  fault
  • PABT/DABT  trap guest   Guest   page  table   permission   walker checkerTrue  Translation  fault
  • PABT/DABT  trap guest   Guest   page  table   permission   walker checker True  permission  faultTrue  Translation  fault
  • PABT/DABT  trap guest   Guest   MMIO  access   page  table   permission   checker walker checker True  permission  faultTrue  Translation  fault
  • PABT/DABT  trap guest   Guest   MMIO  access   page  table   permission   checker walker checker True  permission  faultTrue  Translation  fault MMIO  emulation
  • PABT/DABT  trap guest   Guest   Shadow  page   MMIO  access   page  table   permission   table   checker walker checker mapping True  permission  faultTrue  Translation  fault MMIO  emulation
  • Hidden  protection  fault PABT/DABT  trap guest   Guest   Shadow  page   MMIO  access   page  table   permission   table   checker walker checker mapping True  permission  faultTrue  Translation  fault MMIO  emulation
  • Hidden  protection  fault PABT/DABT  trap guest   Guest   Shadow  page   MMIO  access   page  table   permission   table   checker walker checker mapping True  permission  fault Hidden  translation  faultTrue  Translation  fault MMIO  emulation
  • Hidden  protection  fault PABT/DABT  trap guest   Guest   Shadow  page   MMIO  access   Shadow  page   page  table   permission   table   checker table  update walker checker mapping True  permission  fault Hidden  translation  faultTrue  Translation  fault MMIO  emulation
  • I/O virtualization
  • I/O virtualization• Emulation by QEMU• virtio• IRQ chip in kernel
  • Emulate by QEMU
  • Guest OS: Linux 2.6.35 QEMU 0.14 Driver Device ARMvisorDriver Host OS: Linux 2.6.38 Hardware: ARM Cortex-A8
  • Guest OS: Linux 2.6.35 1 QEMU 0.14 Driver Device ARMvisorDriver Host OS: Linux 2.6.38 Hardware: ARM Cortex-A8
  • Guest OS: Linux 2.6.35 1 QEMU 0.14 Driver Device 2 ARMvisorDriver Host OS: Linux 2.6.38 Hardware: ARM Cortex-A8
  • Guest OS: Linux 2.6.35 1 QEMU 0.14 Driver Device 3 2 ARMvisorDriver Host OS: Linux 2.6.38 Hardware: ARM Cortex-A8
  • Guest OS: Linux 2.6.35 1 QEMU 0.14 Driver Device 3 2 ARMvisorDriver Host OS: Linux 2.6.384 Hardware: ARM Cortex-A8
  • Guest OS: Linux 2.6.35 QEMU 0.14 Driver Device ARMvisorDriver Host OS: Linux 2.6.38 Hardware: ARM Cortex-A8
  • Guest OS: Linux 2.6.35 QEMU 0.14 Driver Device ARMvisor Driver Host OS: Linux 2.6.385 Hardware: ARM Cortex-A8
  • Guest OS: Linux 2.6.35 QEMU 0.14 Driver Device 6 ARMvisor Driver Host OS: Linux 2.6.385 Hardware: ARM Cortex-A8
  • Guest OS: Linux 2.6.35 QEMU 0.14 Driver Device 7 6 ARMvisor Driver Host OS: Linux 2.6.385 Hardware: ARM Cortex-A8
  • Guest OS: Linux 2.6.35 8 QEMU 0.14 Driver Device 7 6 ARMvisor Driver Host OS: Linux 2.6.385 Hardware: ARM Cortex-A8
  • virtio
  • virtio Vir,o  Driver GuestVir,o  AMBA  Controller Vring TransportVir,o  AMBA  Controller QEMU Vir,o  Device
  • irq_chip in kernel
  • Opera,ng  System Interrupt  Controller Deliver  Interrupt Get  IRQ  number 1 Ack  IRQ  number Mask  IRQ 2 End  of  IRQ 3 Unmask  IRQ 4
  • irq_chip in kernel Guest Deliver7 GIC QEMU IRQ7 Control7 GIC7Device Device Device IOCTL7 ARMvisor
  • irq_chip in kernel Guest Deliver$ IRQ$ QEMUDevice Device Device Control$ GIC$ GIC$in$Kernel KVM
  • Future Works
  • Future Works
  • Future Works• Support for ARM’s Virtualization extension
  • Future Works• Support for ARM’s Virtualization extension • Cortex-A15 and beyond
  • Future Works• Support for ARM’s Virtualization extension • Cortex-A15 and beyond• SMP for host and guest
  • Future Works• Support for ARM’s Virtualization extension • Cortex-A15 and beyond• SMP for host and guest• AArch64 Support
  • Future Works• Support for ARM’s Virtualization extension • Cortex-A15 and beyond• SMP for host and guest• AArch64 Support • ARMv8
  • By the way, ...
  • OpenSource
  • OpenSource• We HAVE opened source in late August, 2012.
  • OpenSource• We HAVE opened source in late August, 2012.• GNU GPLv2
  • OpenSource• We HAVE opened source in late August, 2012.• GNU GPLv2• Source code of Host and Guest OS
  • OpenSource• We HAVE opened source in late August, 2012.• GNU GPLv2• Source code of Host and Guest OS• https://github.com/SSLab-NTHU
  • Q &A