Virtualization TechnologyWhat is a Virtual Machine?Slide 3Backgroundx86 poses some problemsVT-xInteraction of VMs and VMMVMCSSix logical groupsThe ten VMX instructionsCapabilities are model-specificTypes of files‘virtual’ filesText in ‘/proc’ filesMore ‘/proc’ examplesCreate your own pseudo-filesThe ‘asm’ constructgcc/g++ extensionsLocal variablesTemplateLoop to read VMX MSRsUsing the ‘asm’ constructOur ‘vmxmsrs.c’ LKMUsing the LKMVMX Basic MSRPin-based execution controlsCPU-based execution controlsIn-class exerciseVirtualization TechnologyA first look at some aspects of Intel’s ‘Vanderpool’ initiativeWhat is a Virtual Machine?CPU main memoryI/Odevices hardware‘resources’operating system softwareusertaskusertaskusertaskusertask ‘system’ software ‘application’ softwareWhat is a Virtual Machine?CPU main memoryI/Odevices hardware‘resources’operating system #1usertaskusertaskusertaskusertask ‘system’ software ‘application’ softwareoperating system #2Virtual Machine ManagerCPUmainmemoryI/OdevicesCPUmainmemoryI/OdevicesVirtual machine #1 Virtual machine #1Background•The ‘Virtual Machine’ concept isn’t new – IBM mainframes implemented it in 1960s•Features of ‘Classical Virtualization’:•FIDELITY: software’s execution on the ‘virtual’ machine is identical -- except for timing -- to its execution on actual hardware •PERFORMANCE: the vast majority of a guest’s instructions are executed without any intervention•SAFETY: all hardware resources are controlled by the Virtual Machine Managerx86 poses some problems•Certain x86 instructions were impossible to truly ‘virtualize’ in that classical sense•For example, the ‘smsw’ instruction can be executed at any privilege-level, and in any processor mode, revealing to software the current hardware status (e.g., PE, PG, ET)•Intel’s Vanderpool Project endeavored to remedy this (using new processor modes)VT-x•Virtualization Technology for x86 CPUs•Two new processor execution-modes–VMX ‘root’ mode (for VM Managers)–VMX ‘non-root’ mode (for VM Guests)•Ten new hardware instructions•A six-part VMCS data-structure•A variety of control-options for VMsInteraction of VMs and VMMVM Monitor(Host)VM #1(Guest)VM #2(Guest)VMXONVMXOFFVM EntryVM ExitVM EntryVM ExitVMCS•Virtual Machine Control Structure –A six-part data-structure (fits in a page-frame)–One VMCS for each VM, one for the Monitor–CPU is told physical address of each VMCS–Software must first “initialize” each VMCS –Then no further direct access to a VMCS–Access is indirect (via VMX instructions)–One VMCS is “active”, others are “inactive”Six logical groups•Organization of contents in the VMCS:–The ‘Guest-State’ area–The ‘Host-State’ area–The VM-execution Control fields–The VM-exit Control fields–The VM-entry Control fields–The VM-exit Information fieldsThe ten VMX instructions•VMXON and VMXOFF•VMPTRLD and VMPTRST•VMCLEAR•VMWRITE and VMREAD•VMLAUNCH and VMRESUME•VMCALLCapabilities are model-specific•Intel’s Virtualization Technology is under continuing development (experimentation)•Each iteration is identified by a version-ID–Example: Pentium-D 900-series (ver 0x3)–Example: Core-2 Duo (ver 0x07)•Software can discover the processor’s VMX capabilities by reading from MSRs •But the rdmsr instruction is ‘privileged’Types of files•UNIX systems implement ordinary files for semi-permanent storage of programs/data•But UNIX systems also implement several kinds of ‘special’ files (such as device-files and symbolic links) which enable users to employ familiar commands and functions (e.g., open(), read(), write(), and close()) when working with other kinds of objects‘virtual’ files•Among the various types of ‘special’ files are the so-called ‘pseudo’ files•Unlike ordinary files which hold information that is ‘static’, the pseudo-files don’t ‘store’ any information at all – but they ‘produce’ information that is created dynamically at the moment when they are being read •Traditionally they’re known as ‘/proc’ filesText in ‘/proc’ files •Usually the data produced by reading from a ‘/proc’ file consists of pure ASCII text (a few exceptions exist, however)•This means you can view the contents of a ‘/proc’ file without having to write a special application program – just use ‘cat’!•For example:$ cat /proc/versionMore ‘/proc’ examples•$ cat /proc/cpuinfo•$ cat /proc/modules•$ cat /proc/meminfo•$ cat /proc/iomem•$ cat /proc/devices•$ cat /proc/self/maps[Read the ‘man-page’ for details: $ man proc ]Create your own pseudo-files•You can use our ‘newinfo.cpp’ wizard to create ‘boilerplate’ code for a module that will create a new pseudo-file when you ‘install’ the module into a running kernel •The module’s ‘payload’ is a function that will get called by the operating system if an application tries to ‘read’ from that file•The ‘get_info()’ function has full privileges!The ‘asm’ construct•When using C/C++ for systems programs, we sometimes need to employ processor-specific instructions (e.g., to access CPU registers or the current stack area)•Because our high-level languages strive for ‘portability’ across different hardware platforms, these languages don’t provide direct access to CPU registers or stackgcc/g++ extensions•The GNU compilers support an extension to the language which allows us to insert assembler code into our instruction-stream•Operands in registers or global variables can directly appear in assembly language, like this (as can immediate operands):int count = 4; // global variableasm(“ movl count , %eax “); asm(“ imull $5, %eax, %ecx “);Local variables•Variables defined as local to a function are more awkward to reference by name with the ‘asm’ construct, because they reside on the stack and require the generation of offsets from the %ebp register-contents•A special syntax is available for handling such situations in a manner that gcc/g++ can decipherTemplate•The general construct-format is as follows:asm( instruction-template: output-operand: input-operand: clobber-list );Loop to read VMX MSRs# This assembly language loop, executing at ring0, reads the eleven # VMX-Capability MSRs (Model-Specific Registers) and stores their# values in a
View Full Document
Unlocking...