Hypervisor seminar

  • 474 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
474
On Slideshare
0
From Embeds
0
Number of Embeds
3

Actions

Shares
Downloads
27
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • system utilization
    시스템의 사용률을 높임
    하나의 시스템에서 통합(consolidation) 할 수 있고, 관리부하를 줄일 수 있음

    isolation
    물리자원을 직접 사용하지 않고, 에뮬레이션 된 자원을 이용하므로
    결함 제거/전파 저지/보안향상
    안전하고, 깨끗한 컴퓨팅 환경 제공

    resource aggregation
    디스크, CPU 같은 분산된 여러 물리자원을 단일 자원으로 집합시킬 수 있음
    동일한 인터페이스로 통합

    mobility
    system 의 이동/마이그레이션을 쉽게 가능하게 해줌
    fast suspend/resume 등

    emulation
    - 존재하지 않는 환경, 하드웨어등을 모의 시험할 수 있게 함

Transcript

  • 1. Hardware-assisted Virtual Machine 노용환 (a.k.a. somma) fixbrain@gmail.com
  • 2. Virtualization… system utilization management cost consolidation isolation trusted environment resource aggregation GRID system MPP (Massively Parallel Processing)resource access control mobility emulation
  • 3. History… 1960 1970 1999 2006 현재 CP-40, IBM, Cambridge Scientific Center full virtualization System/370, IBM x86 virtualization, VMWare application virtualization (application streaming) x86,x64, ARM, … Storage, Network … VMWare, Virtual Box, Xen… … OpenStack, CloudStack,… … Amazon, Google…
  • 4. Virtualization techniques Shared Device Memory and I/O Virtualization VMM CPU CPU MEMORY Physical H/W Control Guest OS Guest OS physical h/w virtualized h/w VMM must … - support same hardware interface - can control guest OS when accessing H/W resources.
  • 5. Virtualization techniques Full Virtualization - No OS modification - Binary translation, Trace cache,… - VMware ESX server Para Virtualization - Need OS modification - Hypercall - Xen Direct execution eflags, control registers, MSR registers, port I/O, privileged instructions, …
  • 6. HVM (Hardware-assisted Virtual Machine) Virtualize… CPU - AMD-V , VT-x IOMMU - AMD-Vi, VT-d Network - VT-c VMX operation VMX root operation VMX non-root operation
  • 7. HVM (Hardware-assisted Virtual Machine)
  • 8. HVM – new instructions
  • 9. HVM – instruction execution order VMXON VMCLEAR VMPTRLD VMWRITE VMLAUNCH GUEST Exit VMREAD VMRESUME VMXOFF
  • 10. HVM – data… VMXON Region - created per logical processor - used by VMX instructions VMCS Region - created per virtual CPU for guest OS - used by CPU and VMM - 4Kb aligned - PHYSICAL_ADDRESS == typedef LARGE_INTEGER - …
  • 11. HVM – VMM programming summary check VMX support allocate VMXON region execute VMXON allocate VMCS regionexecute VMCLEARexecute VMPTRLD initialize VMCS data host-state area fields VM-exit control fields VM-entry control fields VM-execution control fields guest-state area fields execute VMLAUNCH handling various VM-exits
  • 12. HVM – VMCS data organization #1 Guest state fields - saved on VM exits, loaded on VM entries #2 Host state fields - loaded on VM exits #3 Execution control fields - control VMX-non root operations #4 Exit control fields - control VM exits #5 Entry control fields - control VM entries #6 VM Exit info - saved VM exits information on VM exits pin-based controls processor-based controls exception-bitmap address I/O bitmap address Timestamp counter offset CR0/CR4 guest/host masks CR3 targets MSR bitmaps
  • 13. HVM – VMCS data organization
  • 14. HVM – accessing VMCS data VMWRITE VMREAD virtual address / physical address READ virtual address / physical address WRITE
  • 15. HVM – accessing VMCS data
  • 16. HVM – accessing VMCS data
  • 17. HVM – initialize and run VMM
  • 18. HVM – handling VM exits #6 VM Exit info
  • 19. HVM – handling VM exits
  • 20. Q & A
  • 21. HVM – Blue Pill
  • 22. HVM – related works Hypersight - Northsecuritylabs( http://northsecuritylabs.com/ ) - 2011 년 이후 업데이트 없음… McAfee DeepSAFE Microsoft - Countering Kernel Rootkits with Lightweight Hook Protection
  • 23. HVM – related works HyperDbg - SoftIce 와 유사 - HVM 을 이용한 커널디버거
  • 24. DEMO & Q & A