資工系網媒所 NEWS實驗室/451

What is Virtualization ?

etcetc

VirtualizationVirtualization

RunningApplications(x-platform)

RunningApplications(x-platform)

SecuritySecurity

SharingHardwareResource

SharingHardwareResource

Virtual Machine !

FullyUtilizingHardware

FullyUtilizingHardware

資工系網媒所 NEWS實驗室2

Why Virtualization is Difficult ? (1/2)

OS is moved to ring1/3

On x86Some instructions

Sensitive Instructions

Cannot be trapped

0/1/3 Ring, e.g. x86_32

0/3/3 Ring, e.g. x86_64, ARM

OS

OS

Critical Instructions

Instructions

Sensitive Register

Instructions

SGDT, SIDT, SLDT

SMSW

PUSHF(D), POPF(D)

Protection System

Instructions

LAR, LSL, VERR, VERW

PUSH, POP

CALL, JMP, INT, RET

STR

MOV

資工系網媒所 NEWS實驗室3

Why Virtualization is Difficult ? (2/2) - Examples

SGDT, SIDT and SLDTSGDT m // save gdtr to memory

SIDT m // save idtr to memory

SLDT r/m16 // save ldtr to memory

Only one gdtr, idtr and ldtr on a cpu !

POPPOP ss // need to satisfy RPL=CPL=DPL

CPL changes to 1 or 3 !

資工系網媒所 NEWS實驗室4

Binary translation Hypercall

How to Virtualize ? (1/2)

Full Virtualization Para Virtualization Hardware Assisted VirtualizationIntel VT-x & AMD SVM

資工系網媒所 NEWS實驗室

資工系網媒所 NEWS實驗室6

How to Virtualize ? (2/2)

Hypervisor (VMM) TypeType I + Microkernel

Xen (open source, citrix),Microsoft Hyper-V

Type I + Integrated kernel VMware ESX, KVM (kernel-base VM)

Type II (Host OS + Guest OS)VMware GSX, workstation,Microsoft virtual PC, Microsoft virtual server, Sun Virtual Box

Type I

Type II

資工系網媒所 NEWS實驗室7

Xen Architecture (1/2)

資工系網媒所 NEWS實驗室8

Xen Architecture (2/2)

Linux Xen

System Calls Hyper Calls

Signals Events

Interrupts Physical + Virtual Interrupts

CPU PCPU + VCPU

Filesystem XenStore

POSIX Shared Memory Grant Tables/Shared Pages

Compare to common Linux

資工系網媒所 NEWS實驗室

KVM Architecture