Hypervisor seminar
Upcoming SlideShare
Loading in...5
×
 

Hypervisor seminar

on

  • 524 views

 

Statistics

Views

Total Views
524
Views on SlideShare
499
Embed Views
25

Actions

Likes
1
Downloads
23
Comments
0

3 Embeds 25

http://amanaksu.tistory.com 18
http://www.slideee.com 6
https://twitter.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • system utilization <br /> 시스템의 사용률을 높임 <br /> 하나의 시스템에서 통합(consolidation) 할 수 있고, 관리부하를 줄일 수 있음 <br /> <br /> isolation <br /> 물리자원을 직접 사용하지 않고, 에뮬레이션 된 자원을 이용하므로 <br /> 결함 제거/전파 저지/보안향상 <br /> 안전하고, 깨끗한 컴퓨팅 환경 제공 <br /> <br /> resource aggregation <br /> 디스크, CPU 같은 분산된 여러 물리자원을 단일 자원으로 집합시킬 수 있음 <br /> 동일한 인터페이스로 통합 <br /> <br /> mobility <br /> system 의 이동/마이그레이션을 쉽게 가능하게 해줌 <br /> fast suspend/resume 등 <br /> <br /> emulation <br /> - 존재하지 않는 환경, 하드웨어등을 모의 시험할 수 있게 함

Hypervisor seminar Hypervisor seminar Presentation Transcript

  • Hardware-assisted Virtual Machine 노용환 (a.k.a. somma) fixbrain@gmail.com
  • Virtualization… system utilization management cost consolidation isolation trusted environment resource aggregation GRID system MPP (Massively Parallel Processing)resource access control mobility emulation
  • History… 1960 1970 1999 2006 현재 CP-40, IBM, Cambridge Scientific Center full virtualization System/370, IBM x86 virtualization, VMWare application virtualization (application streaming) x86,x64, ARM, … Storage, Network … VMWare, Virtual Box, Xen… … OpenStack, CloudStack,… … Amazon, Google…
  • Virtualization techniques Shared Device Memory and I/O Virtualization VMM CPU CPU MEMORY Physical H/W Control Guest OS Guest OS physical h/w virtualized h/w VMM must … - support same hardware interface - can control guest OS when accessing H/W resources.
  • Virtualization techniques Full Virtualization - No OS modification - Binary translation, Trace cache,… - VMware ESX server Para Virtualization - Need OS modification - Hypercall - Xen Direct execution eflags, control registers, MSR registers, port I/O, privileged instructions, …
  • HVM (Hardware-assisted Virtual Machine) Virtualize… CPU - AMD-V , VT-x IOMMU - AMD-Vi, VT-d Network - VT-c VMX operation VMX root operation VMX non-root operation
  • HVM (Hardware-assisted Virtual Machine)
  • HVM – new instructions
  • HVM – instruction execution order VMXON VMCLEAR VMPTRLD VMWRITE VMLAUNCH GUEST Exit VMREAD VMRESUME VMXOFF
  • HVM – data… VMXON Region - created per logical processor - used by VMX instructions VMCS Region - created per virtual CPU for guest OS - used by CPU and VMM - 4Kb aligned - PHYSICAL_ADDRESS == typedef LARGE_INTEGER - …
  • HVM – VMM programming summary check VMX support allocate VMXON region execute VMXON allocate VMCS regionexecute VMCLEARexecute VMPTRLD initialize VMCS data host-state area fields VM-exit control fields VM-entry control fields VM-execution control fields guest-state area fields execute VMLAUNCH handling various VM-exits
  • HVM – VMCS data organization #1 Guest state fields - saved on VM exits, loaded on VM entries #2 Host state fields - loaded on VM exits #3 Execution control fields - control VMX-non root operations #4 Exit control fields - control VM exits #5 Entry control fields - control VM entries #6 VM Exit info - saved VM exits information on VM exits pin-based controls processor-based controls exception-bitmap address I/O bitmap address Timestamp counter offset CR0/CR4 guest/host masks CR3 targets MSR bitmaps
  • HVM – VMCS data organization
  • HVM – accessing VMCS data VMWRITE VMREAD virtual address / physical address READ virtual address / physical address WRITE
  • HVM – accessing VMCS data
  • HVM – accessing VMCS data
  • HVM – initialize and run VMM
  • HVM – handling VM exits #6 VM Exit info
  • HVM – handling VM exits
  • Q & A
  • HVM – Blue Pill
  • HVM – related works Hypersight - Northsecuritylabs( http://northsecuritylabs.com/ ) - 2011 년 이후 업데이트 없음… McAfee DeepSAFE Microsoft - Countering Kernel Rootkits with Lightweight Hook Protection
  • HVM – related works HyperDbg - SoftIce 와 유사 - HVM 을 이용한 커널디버거
  • DEMO & Q & A