Upload
morgan-hill
View
214
Download
0
Embed Size (px)
Citation preview
資工系網媒所 NEWS實驗室/451
What is Virtualization ?
etcetc
VirtualizationVirtualization
RunningApplications(x-platform)
RunningApplications(x-platform)
SecuritySecurity
SharingHardwareResource
SharingHardwareResource
Virtual Machine !
FullyUtilizingHardware
FullyUtilizingHardware
資工系網媒所 NEWS實驗室2
Why Virtualization is Difficult ? (1/2)
OS is moved to ring1/3
On x86Some instructions
Sensitive Instructions
Cannot be trapped
0/1/3 Ring, e.g. x86_32
0/3/3 Ring, e.g. x86_64, ARM
OS
OS
Critical Instructions
Instructions
Sensitive Register
Instructions
SGDT, SIDT, SLDT
SMSW
PUSHF(D), POPF(D)
Protection System
Instructions
LAR, LSL, VERR, VERW
PUSH, POP
CALL, JMP, INT, RET
STR
MOV
資工系網媒所 NEWS實驗室3
Why Virtualization is Difficult ? (2/2) - Examples
SGDT, SIDT and SLDTSGDT m // save gdtr to memory
SIDT m // save idtr to memory
SLDT r/m16 // save ldtr to memory
Only one gdtr, idtr and ldtr on a cpu !
POPPOP ss // need to satisfy RPL=CPL=DPL
CPL changes to 1 or 3 !
資工系網媒所 NEWS實驗室4
Binary translation Hypercall
How to Virtualize ? (1/2)
Full Virtualization Para Virtualization Hardware Assisted VirtualizationIntel VT-x & AMD SVM
資工系網媒所 NEWS實驗室
資工系網媒所 NEWS實驗室6
How to Virtualize ? (2/2)
Hypervisor (VMM) TypeType I + Microkernel
Xen (open source, citrix),Microsoft Hyper-V
Type I + Integrated kernel VMware ESX, KVM (kernel-base VM)
Type II (Host OS + Guest OS)VMware GSX, workstation,Microsoft virtual PC, Microsoft virtual server, Sun Virtual Box
Type I
Type II
資工系網媒所 NEWS實驗室7
Xen Architecture (1/2)
資工系網媒所 NEWS實驗室8
Xen Architecture (2/2)
Linux Xen
System Calls Hyper Calls
Signals Events
Interrupts Physical + Virtual Interrupts
CPU PCPU + VCPU
Filesystem XenStore
POSIX Shared Memory Grant Tables/Shared Pages
Compare to common Linux
資工系網媒所 NEWS實驗室
KVM Architecture