DOC PREVIEW
USF CS 686 - Constructing a VMX Demo

This preview shows page 1-2-21-22 out of 22 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 22 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 22 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 22 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 22 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 22 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Constructing a VMX DemoGuest and HostThe ten VMX instructionsStep-by-stepOur ‘guest’ and ‘host’ modes‘Virtual-8086’What will our ‘guest’ do?The UART issuesOur guest’s codeCan ring3 code do I/O?Slide 11I/O permission bitmapThe ‘hlt’ instructionOur exception-handlerThe stack-frame layoutError-Code’s formatSegment-descriptorsPage-mapping TablesPage-mapping alternativesDirectory-entry formatsSummaryIn-class exerciseConstructing a VMX DemoA “hands-on” exploration of Intel’s Virtual Machine ExtensionsGuest and HostVirtual Machine Manager(Host)Virtual Machine(Guest)VMXON VMXOFFVM EntryVM Exit= Execution in “root” mode= Execution in “non-root” mode•These nine execute in “root” mode: –VMXON and VMXOFF–VMPTRLD and VMPTRST–VMCLEAR–VMWRITE and VMREAD–VMLAUNCH and VMRESUME•This one executes in “non-root” mode:–VMCALLThe ten VMX instructionsStep-by-step•To become familiar with x86 Virtualization Technology, we propose to build a simple Guest example, with accompanying Host as well as appropriate VMX controls •Each of these elements (Guest, Host, and Controls) will require us to construct some supporting data-structures ahead of time•We can proceed in a step-by-step mannerOur ‘guest’ and ‘host’ modes•Let’s arrange for our guest to operate as if it were a ‘virtual’ 8086 processor executing ‘real-mode’ code in a 1-MB address-space•Let’s have our host execute 64-bit code in Intel’s advanced IA-32e protected-mode•This plan should serve to demonstrate a useful aspect of VT -- since otherwise we couldn’t run real-mode code under IA-32e‘Virtual-8086’•We can’t execute ‘real-mode’ code in its ‘native’ processor-mode, but we can use the so-called virtual-8086 emulation-mode (it’s available as a sub-mode under 32-bit legacy protected-mode) if we use ‘paging’•We will need supporting data-structures:•Page-mapping tables and Descriptor Tables•A 32-bit Task-State Segment•Stack-areas for ring-3 and for ring-0What will our ‘guest’ do?•We want to keep things simple, but we do need for our guest task to do something that has a perceptible effect – so we will know that it did, in fact, work as intended•Drawing a message onscreen won’t work because we can’t see the actual display using our ‘remote’ Core-2 Duo machines•Idea: transmit a message via the UARTThe UART issues•To keep things simple, let’s have our guest employ ‘polling’ rather than use ‘interrupts’Read the Line Status RegisterWrite byte to the Transmitter Data RegisterTransmit Holding Registeris Empty?NOYESDONEOur guest’s code# This loop uses ‘polling’ to transmit a message via the serial UART .code16 # for x86 ‘real-mode’ instructionsmov $0x1000, %ax # ‘real-mode’ segment-address mov %ax, %ds # loaded into the DS registerxor %si, %si # initialize message array-index nxbyte: mov $UART+5, %dx # i/o port for UART’s Line-Statusin %dx, %al # input the current line-status test $0x20, %al # Tx-Holding Register Empty?jz nxbyte # not yet, check status againmov msg(%si), %al # else fetch the next characteror %al, %al # is it the final null-byte?jz done # yes, this loop is concludedmov $UART+0, %dx # else setup i/o port for Tx-Dataout %al, %dx # and transmit that characterinc %si # then advance the array-indexjmp nxbyte # and go back for another bytedone: hlt # else exit from the guest task#----------------------------------------------------------------------------------------------msg: .asciz “ Hello from our 8086 Virtual Machine guest “Can ring3 code do I/O?•Execution in ‘virtual-8086’ mode occurs at privilege-level 3, so input/output to devices is subject to ‘protected-mode’ restrictions•It is ‘allowed’ on a port-by-port basis by a data-structure in the Task-State Segment known as the “I/O Permission Bitmap” •We will need to build a TSS that includes that ‘bitmap’ data-structureThe 80386 TSS formatlinkesp0ss0esp1ss1esp2ss2PTDBEIPss0 ss0ss0 ss0ss0 ss0ss0 ss0ss0 ss0ss0 ss0ss0 ss0ss0 ss0ss0 ss0ESCSSSDSFSGSLDTRIOMAPTRAPEFLAGSEAXECXEDXEBXESPEBPESIEDII/O permission bitmap= field is ‘static’= field is ‘volatile’= field is ‘reserved’0481216202428323640444852566064687276808488929610026 longwords32-bits We w ill need to initialize the SS0 and ESP0 fields (for our ‘hlt’ instruction) We w ill need to initialize the IOMAP field and the I/O permission bitmap (for use of ‘in’ and ‘out’) We won’t have to initialize most of these fields (since our guest doesn’t do ‘task-switching’)I/O permission bitmap•There is potentially one bit for every I/O port-address (thus, up to 65536 bits!)•Our ‘guest’ only needs to use UART ports To encompass all the i/o ports, the bitmap needs 8K bytes! 0655350x03FF0x03F800000000Legend: ‘0’ means I/O is allowed, ‘1’ means I/O is trappedThe ‘hlt’ instruction•In ‘native’ real-mode the ‘hlt’ instruction is used to halt the CPU’s fetch-execute cycle•But in a multiuser/multitasking system, it wouldn’t be appropriate to allow one task to stop the processor from doing any work•So in protected-mode the ‘hlt’ instruction is ‘privileged’ – it will trigger an exception if the CPU isn’t executing at ring-0Our exception-handler•When our guest-task encounters the ‘hlt’ instruction, it won’t be executed – instead the CPU will switch from ring3 to ring 0 to execute an exception-handling procedure•We need to write that handler’s code, we need to install an interrupt-gate that will direct the CPU to that code, and we need to put a ring0 stack-address in the TSSThe stack-frame layoutEFLAGSGSFSDSESSSIPCSSPerror-codeSS:ESPring0 stackframe32-bitsWhen a general protection exception occurs in Virtual-8086 mode, the CPUautomatically switches stacks, then itpushes nine register-values, plus an‘error-code’, onto the new ring0 stackand transfers control to a procedurewhose address it finds in the IDT’s‘gate’ descriptor for Interrupt-0x0D We can write an exception-handler that will perform a ‘VM Exit’ from ourGuest-task to our Host VM Manager(for example, by using ‘VMCALL’)Error-Code’s format•Normally the ‘error-code’ contains useful information about what caused the ‘fault’ •But when a privileged instruction was the fault’s cause, this error-code will be zero (as the instruction’s address will be there)selector-indexEXTIDTTI15


View Full Document

USF CS 686 - Constructing a VMX Demo

Documents in this Course
Load more
Download Constructing a VMX Demo
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Constructing a VMX Demo and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Constructing a VMX Demo 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?