Virtualization Technology A first look at some aspects of Intel s Vanderpool initiative What is a Virtual Machine application software user task system software hardware resources user task user task user task operating system software CPU main memory I O devices What is a Virtual Machine Virtual machine 1 application software user task user task operating system 1 system software CPU main memory I O devices Virtual machine 1 user task user task operating system 2 CPU main memory I O devices Virtual Machine Manager hardware resources CPU main memory I O devices Background The Virtual Machine concept isn t new IBM mainframes implemented it in 1960s Features of Classical Virtualization FIDELITY software s execution on the virtual machine is identical except for timing to its execution on actual hardware PERFORMANCE the vast majority of a guest s instructions are executed without any intervention SAFETY all hardware resources are controlled by the Virtual Machine Manager x86 poses some problems Certain x86 instructions were impossible to truly virtualize in that classical sense For example the smsw instruction can be executed at any privilege level and in any processor mode revealing to software the current hardware status e g PE PG ET Intel s Vanderpool Project endeavored to remedy this using new processor modes VT x Virtualization Technology for x86 CPUs Two new processor execution modes VMX root mode for VM Managers VMX non root mode for VM Guests Ten new hardware instructions A six part VMCS data structure A variety of control options for VMs Interaction of VMs and VMM VM 1 Guest VM 2 Guest VM Exit VM Exit VM Entry VM Entry VMXON VM Monitor Host VMXOFF VMCS Virtual Machine Control Structure A six part data structure fits in a page frame One VMCS for each VM one for the Monitor CPU is told physical address of each VMCS Software must first initialize each VMCS Then no further direct access to a VMCS Access is indirect via VMX instructions One VMCS is active others are inactive Six logical groups Organization of contents in the VMCS The Guest State area The Host State area The VM execution Control fields The VM exit Control fields The VM entry Control fields The VM exit Information fields The ten VMX instructions VMXON and VMXOFF VMPTRLD and VMPTRST VMCLEAR VMWRITE and VMREAD VMLAUNCH and VMRESUME VMCALL Capabilities are model specific Intel s Virtualization Technology is under continuing development experimentation Each iteration is identified by a version ID Example Pentium D 900 series ver 0x3 Example Core 2 Duo ver 0x07 Software can discover the processor s VMX capabilities by reading from MSRs But the rdmsr instruction is privileged Types of files UNIX systems implement ordinary files for semi permanent storage of programs data But UNIX systems also implement several kinds of special files such as device files and symbolic links which enable users to employ familiar commands and functions e g open read write and close when working with other kinds of objects virtual files Among the various types of special files are the so called pseudo files Unlike ordinary files which hold information that is static the pseudo files don t store any information at all but they produce information that is created dynamically at the moment when they are being read Traditionally they re known as proc files Text in proc files Usually the data produced by reading from a proc file consists of pure ASCII text a few exceptions exist however This means you can view the contents of a proc file without having to write a special application program just use cat For example cat proc version More proc examples cat proc cpuinfo cat proc modules cat proc meminfo cat proc iomem cat proc devices cat proc self maps Read the man page for details man proc Create your own pseudo files You can use our newinfo cpp wizard to create boilerplate code for a module that will create a new pseudo file when you install the module into a running kernel The module s payload is a function that will get called by the operating system if an application tries to read from that file The get info function has full privileges The asm construct When using C C for systems programs we sometimes need to employ processorspecific instructions e g to access CPU registers or the current stack area Because our high level languages strive for portability across different hardware platforms these languages don t provide direct access to CPU registers or stack gcc g extensions The GNU compilers support an extension to the language which allows us to insert assembler code into our instruction stream Operands in registers or global variables can directly appear in assembly language like this as can immediate operands int count 4 global variable asm movl count eax asm imull 5 eax ecx Local variables Variables defined as local to a function are more awkward to reference by name with the asm construct because they reside on the stack and require the generation of offsets from the ebp register contents A special syntax is available for handling such situations in a manner that gcc g can decipher Template The general construct format is as follows asm instruction template output operand input operand clobber list Loop to read VMX MSRs This assembly language loop executing at ring0 reads the eleven VMX Capability MSRs Model Specific Registers and stores their values in a memory array consisting of eleven 64 bit array entries text xor mov rbx rbx 0x480 ecx rdmsr mov mov inc inc cmp jb read Model Specific Register eax msr0x480 0 rbx 8 bits 31 0 edx msr0x480 4 rbx 8 bits 63 32 ecx next MSR register index rbx increment the array index 11 rbx index exceeds array size nxmsr no then read another MSR initialize the array index initial MSR register index nxmsr data msr0x480 space 88 enough for 11 quadwords Using the asm construct Here we use inline assembly language and the asm construct to include a loop to read those MSRs within a C language module define MSR EFER unsigned long asm 0x480 msr0x480 11 initial MSR register index declared as a global array xor rbx rbx mov 0 ecx nxmsr rdmsr mov eax msr0x480 0 rbx 8 mov edx msr0x480 4 rbx 8 inc ecx inc rbx cmp 11 rbx jb nxmsr i MSR EFER ax bx cx dx n n n n n n n n n Our vmxmsrs c LKM We created a Linux Kernel Module that lets users see the values in the eleven VMX Capability Model Specific Registers Our module implements a pseudo file in the proc directory You can view that file s contents by using the cat