hypervisor seminar
DESCRIPTION
TRANSCRIPT
- 1. Hardware-assisted Virtual Machine (a.k.a. somma) [email protected]
- 2. Virtualization system utilization management cost consolidation isolation trusted environment resource aggregation GRID system MPP (Massively Parallel Processing)resource access control mobility emulation
- 3. History 1960 1970 1999 2006 CP-40, IBM, Cambridge Scientific Center full virtualization System/370, IBM x86 virtualization, VMWare application virtualization (application streaming) x86,x64, ARM, Storage, Network VMWare, Virtual Box, Xen OpenStack, CloudStack, Amazon, Google
- 4. Virtualization techniques Shared Device Memory and I/O Virtualization VMM CPU CPU MEMORY Physical H/W Control Guest OS Guest OS physical h/w virtualized h/w VMM must - support same hardware interface - can control guest OS when accessing H/W resources.
- 5. Virtualization techniques Full Virtualization - No OS modification - Binary translation, Trace cache, - VMware ESX server Para Virtualization - Need OS modification - Hypercall - Xen Direct execution eflags, control registers, MSR registers, port I/O, privileged instructions,
- 6. HVM (Hardware-assisted Virtual Machine) Virtualize CPU - AMD-V , VT-x IOMMU - AMD-Vi, VT-d Network - VT-c VMX operation VMX root operation VMX non-root operation
- 7. HVM (Hardware-assisted Virtual Machine)
- 8. HVM new instructions
- 9. HVM instruction execution order VMXON VMCLEAR VMPTRLD VMWRITE VMLAUNCH GUEST Exit VMREAD VMRESUME VMXOFF
- 10. HVM data VMXON Region - created per logical processor - used by VMX instructions VMCS Region - created per virtual CPU for guest OS - used by CPU and VMM - 4Kb aligned - PHYSICAL_ADDRESS == typedef LARGE_INTEGER -
- 11. HVM VMM programming summary check VMX support allocate VMXON region execute VMXON allocate VMCS regionexecute VMCLEARexecute VMPTRLD initialize VMCS data host-state area fields VM-exit control fields VM-entry control fields VM-execution control fields guest-state area fields execute VMLAUNCH handling various VM-exits
- 12. HVM VMCS data organization #1 Guest state fields - saved on VM exits, loaded on VM entries #2 Host state fields - loaded on VM exits #3 Execution control fields - control VMX-non root operations #4 Exit control fields - control VM exits #5 Entry control fields - control VM entries #6 VM Exit info - saved VM exits information on VM exits pin-based controls processor-based controls exception-bitmap address I/O bitmap address Timestamp counter offset CR0/CR4 guest/host masks CR3 targets MSR bitmaps
- 13. HVM VMCS data organization
- 14. HVM accessing VMCS data VMWRITE VMREAD virtual address / physical address READ virtual address / physical address WRITE
- 15. HVM accessing VMCS data
- 16. HVM accessing VMCS data
- 17. HVM initialize and run VMM
- 18. HVM handling VM exits #6 VM Exit info
- 19. HVM handling VM exits
- 20. Q & A
- 21. HVM Blue Pill
- 22. HVM related works Hypersight - Northsecuritylabs( http://northsecuritylabs.com/ ) - 2011 McAfee DeepSAFE Microsoft - Countering Kernel Rootkits with Lightweight Hook Protection
- 23. HVM related works HyperDbg - SoftIce - HVM
- 24. DEMO & Q & A