capabilities virtual machines
play

capabilities / virtual machines 1 Changelog Changes not seen in - PowerPoint PPT Presentation

Aug 31, 2022 •496 likes •1.71k views

capabilities / virtual machines 1 Changelog Changes not seen in fjrst lecture: 23 April 2020: add index slides re: cases for priviliged instruction handling and introduction explaining syscalls as special case 1 last time (1) network fjle

  1. hypervisor basic fmow guest OS operations trigger exceptions e.g. try to talk to device: page or protection fault e.g. try to disable interrupts: protection fault e.g. try to make system call: system call exception hypervisor exception handler tries to do what processor would “normally” do talk to device on guest OS’s behalf change “interrupt disabled” fmag for hypervisor to check later invoke the guest OS’s system call exception handler 18

  2. virtual machine execution pieces making IO and kernel-mode-related instructions work solution: trap-and-emulate force instruction to cause fault make fault handler do what instruction would do might require reading machine code to emulate instruction making exceptions/interrupts work ‘refmect’ exceptions/interrupts into guest OS same setup processor would do … but do setup on guest OS registers + memory making page tables work it’s own topic 19

  3. trap-and-emulate (1) normally: privileged/special instructions trigger fault e.g. accessing device memory directly (page fault) e.g. changing the exception table (protection fault) normal OS: crash the program hypervisor: pretend it did the right thing pretend kernel mode: the actual privileged operation pretend user mode: invoke guest’s exception handler 20

  4. trap-and-emulate (1) normally: privileged/special instructions trigger fault e.g. accessing device memory directly (page fault) e.g. changing the exception table (protection fault) normal OS: crash the program hypervisor: pretend it did the right thing pretend user mode: invoke guest’s exception handler 21 pretend kernel mode: the actual privileged operation

  5. privileged I/O fmow kernel … then switch back update guest OS state actually talk to device fault protection access device try to mode real program mode kernel pretend mode user pretend conceptual layering hardware hypervisor ‘guest’ OS 22

  6. privileged I/O fmow kernel … then switch back update guest OS state actually talk to device fault protection access device try to mode real program mode kernel pretend mode user pretend conceptual layering hardware hypervisor ‘guest’ OS 22

  7. privileged I/O fmow kernel … then switch back update guest OS state actually talk to device fault protection access device try to mode real program mode kernel pretend mode user pretend conceptual layering hardware hypervisor ‘guest’ OS 22

  8. privileged I/O fmow kernel … then switch back update guest OS state actually talk to device fault protection access device try to mode real program mode kernel pretend mode user pretend conceptual layering hardware hypervisor ‘guest’ OS 22

  9. trap-and-emulate: psuedocode trap(...) { ... do_read_system_call_based_on(tf); } ... } idea: translate privileged instructions into system-call-like operations usually: need to deal with reading arguments, etc. 23 if (is_read_from_keyboard(tf − >pc)) {

  10. recall: xv6 keyboard I/O ... data = inb(KBDATAP); mov $0x60, %edx in %dx, %al <-- FAULT IN USER MODE */ ... in user mode: triggers a fault in instruction — read from special ‘I/O address’ but same idea applies to mov from special memory address + page fault 24 /* compiles to:

  11. more complete pseudocode (1) trap(...) { } ... } } } ... break ; char c = do_syscall_to_read_keyboard(); case KBDATAP: ... switch (src_address) { int src_address = get_instr_address(instrution); ... // interpret machine code! if (is_in_instr(pc)) { && guest OS in kernel mode) { else if (exception_type == PROTECTION_FAULT ... // tf = saved context (like xv6 trapframe) 25 char *pc = tf − >pc; tf − >registers[get_instr_dest(pc)] = c; tf − >pc += get_instr_length(pc);

  12. more complete pseudocode (1) trap(...) { } ... } } } ... break ; char c = do_syscall_to_read_keyboard(); case KBDATAP: ... switch (src_address) { int src_address = get_instr_address(instrution); ... // interpret machine code! if (is_in_instr(pc)) { && guest OS in kernel mode) { else if (exception_type == PROTECTION_FAULT ... // tf = saved context (like xv6 trapframe) 25 char *pc = tf − >pc; tf − >registers[get_instr_dest(pc)] = c; tf − >pc += get_instr_length(pc);

  13. more complete pseudocode (1) trap(...) { } ... } } } ... break ; char c = do_syscall_to_read_keyboard(); case KBDATAP: ... switch (src_address) { int src_address = get_instr_address(instrution); ... // interpret machine code! if (is_in_instr(pc)) { && guest OS in kernel mode) { else if (exception_type == PROTECTION_FAULT ... // tf = saved context (like xv6 trapframe) 25 char *pc = tf − >pc; tf − >registers[get_instr_dest(pc)] = c; tf − >pc += get_instr_length(pc);

  14. trap-and-emulate (1) normally: privileged/special instructions trigger fault e.g. accessing device memory directly (page fault) e.g. changing the exception table (protection fault) normal OS: crash the program hypervisor: pretend it did the right thing pretend kernel mode: the actual privileged operation 26 pretend user mode: invoke guest’s exception handler

  15. trap and emulate (2) guest OS should still handle exceptions for its programs most exceptions — just “refmect” them in the guest OS look up exception handler, kernel stack pointer, etc. saved by previous privilege instruction trap 27

  16. refmecting exceptions trap(...) { ... && guest OS in user mode) { ... } 28 else if ( exception_type == /* most exception types */ tf − >in_kernel_mode = TRUE; tf − >stack_pointer = /* guest OS kernel stack */ ; tf − >pc = /* guest OS trap handler */ ;

  17. trap-and-emulate: system calls system calls special case of privileged instruction: system call exception: pretend user mode: execute guest OS’s system call handler pretend kernel mode: execute guest OS’s system call handler returning from system call? priviliged operation to emulate 29

  18. system call/exception fmow (part 1) hardware invokes hypervisor’s system call handler switch to user mode to run it setup guest OS to run its exception handler (this case: could defer updates till page fault) in user v. kernel mode difgerent guest OS pages accessible change guest PC to addr. from guest exception table software marks guest as as in “fake kernel mode” “real” syscall handler program return from exec. page table update exception handler (exception) system call hardware hypervisor ‘guest’ OS 30

  19. system call/exception fmow (part 1) hardware invokes hypervisor’s system call handler switch to user mode to run it setup guest OS to run its exception handler (this case: could defer updates till page fault) in user v. kernel mode difgerent guest OS pages accessible change guest PC to addr. from guest exception table software marks guest as as in “fake kernel mode” “real” syscall handler program return from exec. page table update exception handler (exception) system call hardware hypervisor ‘guest’ OS 30

  20. system call/exception fmow (part 1) hardware invokes hypervisor’s system call handler switch to user mode to run it setup guest OS to run its exception handler (this case: could defer updates till page fault) in user v. kernel mode difgerent guest OS pages accessible change guest PC to addr. from guest exception table software marks guest as as in “fake kernel mode” “real” syscall handler program return from exec. page table update exception handler (exception) system call hardware hypervisor ‘guest’ OS 30

  21. system call/exception fmow (part 1) hardware invokes hypervisor’s system call handler switch to user mode to run it setup guest OS to run its exception handler (this case: could defer updates till page fault) in user v. kernel mode difgerent guest OS pages accessible change guest PC to addr. from guest exception table software marks guest as as in “fake kernel mode” “real” syscall handler program return from exec. page table update exception handler (exception) system call hardware hypervisor ‘guest’ OS 30

  22. system call/exception fmow (part 1) hardware invokes hypervisor’s system call handler switch to user mode to run it setup guest OS to run its exception handler (this case: could defer updates till page fault) in user v. kernel mode difgerent guest OS pages accessible change guest PC to addr. from guest exception table software marks guest as as in “fake kernel mode” “real” syscall handler program return from exec. page table update exception handler (exception) system call hardware hypervisor ‘guest’ OS 30

  23. system call/exception fmow (part 1) hardware invokes hypervisor’s system call handler switch to user mode to run it setup guest OS to run its exception handler (this case: could defer updates till page fault) in user v. kernel mode difgerent guest OS pages accessible change guest PC to addr. from guest exception table software marks guest as as in “fake kernel mode” “real” syscall handler program return from exec. page table update exception handler (exception) system call hardware hypervisor ‘guest’ OS 30

  24. system call/exception fmow (part 2) program ‘guest’ OS hypervisor hardware return from exception (in “real” syscall handler) in user mode, can’t do that exception handler for protection fault page table update return from exec. 31

  25. system call/exception fmow (part 2) program ‘guest’ OS hypervisor hardware return from exception (in “real” syscall handler) in user mode, can’t do that exception handler for protection fault page table update return from exec. 31

  26. system call/exception fmow (part 2) program ‘guest’ OS hypervisor hardware return from exception (in “real” syscall handler) in user mode, can’t do that exception handler for protection fault page table update return from exec. 31

  27. system call/exception fmow (part 2) program ‘guest’ OS hypervisor hardware return from exception (in “real” syscall handler) in user mode, can’t do that exception handler for protection fault page table update return from exec. 31

  28. system call/exception fmow (part 2) program ‘guest’ OS hypervisor hardware return from exception (in “real” syscall handler) in user mode, can’t do that exception handler for protection fault page table update return from exec. 31

  29. (at least) two types of page faults for hypervisor trap and emulate (3) what about memory mapped I/O? when guest OS tries to access “magic” device address, get page fault need to emulate any memory writing instruction! guest OS trying to access device memory — emulate it guest OS trying to access memory not in its page table — run exception handler in guest (and some more types — next topic) 32

  30. trap and emulate (3) what about memory mapped I/O? when guest OS tries to access “magic” device address, get page fault need to emulate any memory writing instruction! (at least) two types of page faults for hypervisor guest OS trying to access device memory — emulate it guest OS trying to access memory not in its page table — run exception handler in guest (and some more types — next topic) 32

  31. exercise guest OS running user program makes system call write system call to write 4 characters to screen write system call implementation does write by writing character at a time to memory mapped I/O address how many exceptions occur on the real hardware? 33

  32. trap and emulate not enough trap and emulate assumption: can cause fault priviliged instruction not in kernel memory access not in hypervisor-set page table … until ISA extensions, on x86, not always possible if time, (pretty hard-to-implement) workarounds later 34

  33. terms for this lecture virtual address — virtual address for guest OS physical address — physical address for guest OS machine address — physical address for hypervisor/host OS 35

  34. three page tables run multiple guests in same memory only this PT guest OS knows about only this PT hardware knows about hypervisor conversion page table shadow must be in some actual page table when running normal user code the translation the processor needs normally: use page table for this dynamically allocate memory need to allow OS to use any address virtual hypervisor records on protection fault (x86: mov …, %cr3 ) set with privileged instruction page table pointer guest page table? hypervisor page table guest address machine address physical address 36

  35. three page tables run multiple guests in same memory only this PT guest OS knows about only this PT hardware knows about hypervisor conversion page table shadow must be in some actual page table when running normal user code the translation the processor needs normally: use page table for this dynamically allocate memory need to allow OS to use any address virtual hypervisor records on protection fault (x86: mov …, %cr3 ) set with privileged instruction page table pointer guest page table? hypervisor page table guest address machine address physical address 36

  36. three page tables run multiple guests in same memory only this PT guest OS knows about only this PT hardware knows about hypervisor conversion page table shadow must be in some actual page table when running normal user code the translation the processor needs normally: use page table for this dynamically allocate memory need to allow OS to use any address virtual hypervisor records on protection fault (x86: mov …, %cr3 ) set with privileged instruction page table pointer guest page table? hypervisor page table guest address machine address physical address 36

  37. three page tables run multiple guests in same memory only this PT guest OS knows about only this PT hardware knows about hypervisor conversion page table shadow must be in some actual page table when running normal user code the translation the processor needs normally: use page table for this dynamically allocate memory need to allow OS to use any address virtual hypervisor records on protection fault (x86: mov …, %cr3 ) set with privileged instruction page table pointer guest page table? hypervisor page table guest address machine address physical address 36

  38. three page tables run multiple guests in same memory only this PT guest OS knows about only this PT hardware knows about hypervisor conversion page table shadow must be in some actual page table when running normal user code the translation the processor needs normally: use page table for this dynamically allocate memory need to allow OS to use any address virtual hypervisor records on protection fault (x86: mov …, %cr3 ) set with privileged instruction page table pointer guest page table? hypervisor page table guest address machine address physical address 36

  39. three page tables run multiple guests in same memory only this PT guest OS knows about only this PT hardware knows about hypervisor conversion page table shadow must be in some actual page table when running normal user code the translation the processor needs normally: use page table for this dynamically allocate memory need to allow OS to use any address virtual hypervisor records on protection fault (x86: mov …, %cr3 ) set with privileged instruction page table pointer guest page table? hypervisor page table guest address machine address physical address 36

  40. three page tables run multiple guests in same memory only this PT guest OS knows about only this PT hardware knows about hypervisor conversion page table shadow must be in some actual page table when running normal user code the translation the processor needs normally: use page table for this dynamically allocate memory need to allow OS to use any address virtual hypervisor records on protection fault (x86: mov …, %cr3 ) set with privileged instruction page table pointer guest page table? hypervisor page table guest address machine address physical address 36

  41. page table synthesis question creating new page table = two PT lookups lookup in guest OS page table lookup in hypervisor page table (or equivalent) synthesize new page table from combined info Q: when does the hypervisor update the shadow page table? 37

  42. page table synthesis question creating new page table = two PT lookups lookup in guest OS page table lookup in hypervisor page table (or equivalent) synthesize new page table from combined info Q: when does the hypervisor update the shadow page table? 37

  43. interlude: the TLB T ranslation L ookaside B ufger — cache for page table entries what the processor actually uses to do address translation with normal page tables has the same problem contents synthesized from the ‘normal’ page table processor needs to decide when to update it preview: hypervisor can use same solution 38

  44. 0x78A PPN=0xFF31, … 0x78A PPN=0xFF31, … Interlude: TLB (no virtualization) … VPN PTE 0x1 (invalid) 0x2 PPN=0x329C, … … … 0x234 PPN=0x4298, … PPN=0x1278, … 0x235 … … imitating this to fjll shadow page table (instead of TLB) in hypervisor (instead of CPU) fetch on page fault OS sets page table entry TLB not automatically sync’d OS explicitly invalidates … PPN=0x1278, … virtual PPN=0x1280, … address physical address page table TLB fetch entries on demand addr in VPN 0x234? VPN PTE 0x127 0x367 0x367 PPN=0x1278, … … … 0x234 missing VPN PTE 0x127 PPN=0x1280, … 0x234 PPN=0x4298, … 39

  45. 0x78A PPN=0xFF31, … Interlude: TLB (no virtualization) … VPN PTE 0x1 (invalid) 0x2 PPN=0x329C, … … … 0x234 PPN=0x4298, … 0x235 PPN=0x1278, … … … imitating this to fjll shadow page table (instead of TLB) in hypervisor (instead of CPU) fetch on page fault OS sets page table entry TLB not automatically sync’d OS explicitly invalidates … PPN=0x1278, … virtual PPN=0x1280, … address physical address page table TLB fetch entries on demand addr in VPN 0x234? VPN PTE 0x127 0x367 0x367 PPN=0x1278, … … … 0x234 missing VPN PTE 0x127 PPN=0x1280, … 0x234 PPN=0x4298, … 39 0x78A PPN=0xFF31, …

  46. Interlude: TLB (no virtualization) PPN=0x1278, … VPN PTE 0x1 (invalid) 0x2 PPN=0x329C, … … … 0x234 PPN=0x4298, … 0x235 … … … imitating this to fjll shadow page table (instead of TLB) in hypervisor (instead of CPU) fetch on page fault OS sets page table entry TLB not automatically sync’d OS explicitly invalidates … PPN=0x1278, … virtual 0x367 address physical address page table TLB fetch entries on demand addr in VPN 0x234? VPN PTE 0x127 PPN=0x1280, … PPN=0x1278, … … … 0x234 missing VPN PTE 0x127 PPN=0x1280, … 0x234 PPN=0x4298, … 0x367 39 0x78A PPN=0xFF31, … 0x78A PPN=0xFF31, …

  47. Interlude: TLB (no virtualization) PPN=0x1278, … VPN PTE 0x1 (invalid) 0x2 PPN=0x329C, … … … 0x234 PPN=0x4298, … 0x235 … … … imitating this to fjll shadow page table (instead of TLB) in hypervisor (instead of CPU) fetch on page fault OS sets page table entry TLB not automatically sync’d OS explicitly invalidates … PPN=0x1278, … virtual 0x367 address physical address page table TLB fetch entries on demand addr in VPN 0x234? VPN PTE 0x127 PPN=0x1280, … PPN=0x1278, … … … 0x234 missing VPN PTE 0x127 PPN=0x1280, … 0x234 PPN=0x4298, … 0x367 39 0x78A PPN=0xFF31, … 0x78A PPN=0xFF31, …

  48. Interlude: TLB (no virtualization) PPN=0x1278, … VPN PTE 0x1 (invalid) 0x2 PPN=0x329C, … … … 0x234 PPN=0x4298, … 0x235 … … … imitating this to fjll shadow page table (instead of TLB) in hypervisor (instead of CPU) fetch on page fault OS sets page table entry TLB not automatically sync’d OS explicitly invalidates … PPN=0x1278, … virtual 0x367 address physical address page table TLB fetch entries on demand addr in VPN 0x234? VPN PTE 0x127 PPN=0x1280, … PPN=0x1278, … … … 0x234 missing VPN PTE 0x127 PPN=0x1280, … 0x234 PPN=0x4298, … 0x367 39 0x78A PPN=0xFF31, … 0x78A PPN=0xFF31, …

  49. Interlude: TLB (no virtualization) PPN=0x1278, … VPN PTE 0x1 (invalid) 0x2 PPN=0x329C, … … … 0x234 PPN=0xFFFF, … 0x235 … … … imitating this to fjll shadow page table (instead of TLB) in hypervisor (instead of CPU) fetch on page fault OS sets page table entry TLB not automatically sync’d OS explicitly invalidates … PPN=0x1278, … virtual 0x367 address physical address page table TLB fetch entries on demand addr in VPN 0x234? VPN PTE 0x127 PPN=0x1280, … PPN=0x1278, … … … 0x234 missing VPN PTE 0x127 PPN=0x1280, … 0x234 PPN=0x4298, … 0x367 39 0x78A PPN=0xFF31, … 0x78A PPN=0xFF31, …

  50. Interlude: TLB (no virtualization) PPN=0x1278, … VPN PTE 0x1 (invalid) 0x2 PPN=0x329C, … … … 0x234 PPN=0xFFFF, … 0x235 … … … imitating this to fjll shadow page table (instead of TLB) in hypervisor (instead of CPU) fetch on page fault OS sets page table entry TLB not automatically sync’d OS explicitly invalidates … PPN=0x1278, … virtual 0x367 address physical address page table TLB fetch entries on demand addr in VPN 0x234? VPN PTE 0x127 PPN=0x1280, … PPN=0x1278, … … … 0x234 missing VPN PTE 0x127 PPN=0x1280, … 0x234 PPN=0x4298, … 0x367 39 0x78A PPN=0xFF31, … 0x78A PPN=0xFF31, …

  51. three page tables (revisited) hypervisor conversion TLB-fjxing instruction whenever guest OS runs hypervisor clears (part of) this to fjx up TLB runs privileged instruction when guest OS edits this page table shadow page table? virtual hypervisor page table guest address machine address physical address 40

  52. three page tables (revisited) hypervisor conversion TLB-fjxing instruction whenever guest OS runs hypervisor clears (part of) this to fjx up TLB runs privileged instruction when guest OS edits this page table shadow page table? virtual hypervisor page table guest address machine address physical address 40

  53. three page tables (revisited) hypervisor conversion TLB-fjxing instruction whenever guest OS runs hypervisor clears (part of) this to fjx up TLB runs privileged instruction when guest OS edits this page table shadow page table? virtual hypervisor page table guest address machine address physical address 40

  54. alternate view of shadow page table shadow page table is like a virtual TLB caches commonly used page table entries in guest entries need to be in shadow page table for instructions to run needs to be explicitly cleared by guest OS implicitly fjlled by hypervisor 41

  55. on TLB invalidation two major ways to invalidate TLB: when setting a new page table base pointer e.g. x86: mov ..., %cr3 when running an explicit invalidation instruction e.g. x86: invlpg hopefully, both privileged instructions 42

  56. nit: memory-mapped I/O recall: devices which act as ‘magic memory’ hypervisor needs to emulation keep corresponding pages invalid for trap+emulate page fault triggers instruction emulation instead 43

  57. page tables and kernel mode? guest OS can have kernel-only pages guest OS in pretend kernel mode shadow PTE: marked as user-mode accessible guest OS in pretend user mode shadow PTE: marked inaccessible 44

  58. four page tables? (1) virtual address physical address machine address guest page table hypervisor page table? shadow page table (pretend kernel mode) shadow page table (pretend user mode) 45

  59. four page tables? (2) one solution: pretend kernel and pretend user shadow page table alternative: clear page table on kernel/user switch neither seems great for overhead 46

  60. interlude: VM overhead some things much more expensive in a VM: I/O via priviliged instructions/memory mapping typical strategy: instruction emulation 47

  61. exercise: overhead? guest program makes read() system call guest OS switches to another program guest OS gets interrupt from keyboard guest OS switches back to original program, returns from syscall how many guest page table switches? how many (real/shadow) page table switches (or clearing)? 48

  62. backup slides 49

  63. tagged TLBs hardware sometimes includes “address space ID” in TLB entries helpful for normal OSes — faster context switching useful for hypervisor 50 address space ID ≈ process ID

  64. problem with fjlling on demand many OSes: invalidate entire TLB on context switch assumption: TLB only holds entries from one process so, rebuild shadow page table on each guest OS context switch? this is often unacceptably slow want to cache the shadow page tables problem: OS won’t tell you when it’s writing 51

  65. aside: tagged TLBs some TLBs support holding entries from multiple page tables entries “tagged” with page table they are from …but not x86 until pretty recently allows OSs to not invalidate entire TLB on context switch starting to be used by OSes would be really helpful for our virtual machine proposals lots of page table switches 52

  66. problem with fjlling on demand shadow page table when switching back to pid 1 …and repeat process again problem: slow refjlled as guest pid 2 runs all entries potentially invalid guest OS switches page tables only active page table contains only pid 1 data hypervisor conversion for pid 1 only page table? virtual hypervisor page table guest pid 2 page table guest pid 1 address machine address physical address 53

  67. problem with fjlling on demand shadow page table when switching back to pid 1 …and repeat process again problem: slow refjlled as guest pid 2 runs all entries potentially invalid guest OS switches page tables only active page table contains only pid 1 data hypervisor conversion for pid 1 only page table? virtual hypervisor page table guest pid 2 page table guest pid 1 address machine address physical address 53

  68. problem with fjlling on demand virtual when switching back to pid 1 …and repeat process again problem: slow refjlled as guest pid 2 runs all entries potentially invalid guest OS switches page tables only active page table contains only pid 1 data hypervisor conversion for pid 2 only for pid 1 only 53 shadow page table page table? hypervisor page table guest pid 2 page table guest pid 1 address machine address physical address ✭✭✭✭✭✭✭✭ ❤❤❤❤❤❤❤❤ ✭ ❤

  69. problem with fjlling on demand virtual when switching back to pid 1 …and repeat process again problem: slow refjlled as guest pid 2 runs all entries potentially invalid guest OS switches page tables only active page table contains only pid 1 data hypervisor conversion for pid 2 only for pid 1 only 53 shadow page table page table? hypervisor page table guest pid 2 page table guest pid 1 address machine address physical address ✭✭✭✭✭✭✭✭ ❤❤❤❤❤❤❤❤ ✭ ❤

  70. problem with fjlling on demand for pid 1 only when switching back to pid 1 …and repeat process again problem: slow refjlled as guest pid 2 runs all entries potentially invalid guest OS switches page tables only active page table contains only pid 1 data hypervisor conversion for pid 2 only virtual 53 shadow page table page table? hypervisor page table guest pid 2 page table guest pid 1 address machine address physical address ❤❤❤❤❤❤❤❤ ✭ ✭✭✭✭✭✭✭✭ ❤

  71. proactively maintaining page tables page table? not active hardware PT guest can update while even if not active hardware PT still needs to be updated only one active as hardware page table maintain multiple shadow PTs hypervisor conversion shadow page table for pid 2 shadow page table for pid 1 hypervisor virtual page table guest pid 2 page table guest pid 1 address machine address physical address 54

  72. proactively maintaining page tables page table? not active hardware PT guest can update while even if not active hardware PT still needs to be updated only one active as hardware page table maintain multiple shadow PTs hypervisor conversion shadow page table for pid 2 shadow page table for pid 1 hypervisor virtual page table guest pid 2 page table guest pid 1 address machine address physical address 54

  73. proactively maintaining page tables if tagged TLB: can use TLB invalidation instructions to know when to make changes otherwise, can still do this trick : track physical pages that are part of any page tables update list on page table base register write? update list while fjlling shadow page table on demand make sure marked read-only in shadow page tables (…even if not current active guest page tables) on write to page table: update shadow page table 55 use trap+emulate to handles writes to guest page tables

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines: Virtual machine technology, often just called virtualization , makes one computer behave as several Running several operating systems simultaneously on

254 views • 10 slides
Virtual machines COMP 520 Fall 2012 Virtual machines (2) Compilation and execution modes of

Virtual machines COMP 520 Fall 2012 Virtual machines (2) Compilation and execution modes of

COMP 520 Fall 2012 Virtual machines (1) Virtual machines COMP 520 Fall 2012 Virtual machines (2) Compilation and execution modes of Virtual machines: Abstract syntax trees AOT-compile Interpreter Virtual machine code

662 views • 40 slides
Virtual Machines Tom Goff &amp; David Dufresne We have created virtual machines for both

Virtual Machines Tom Goff &amp; David Dufresne We have created virtual machines for both

Motivation for using Virtual Machines Tom Goff &amp; David Dufresne We have created virtual machines for both VirtualBox and Vmware Player. Both options are supported across several platforms, but experience says that some hardware plays

178 views • 5 slides
Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits?

Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits?

Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits? Virtualization Creation of an isomorphism that maps a virtual guest system to a real host: Maps guest state S to host state V(S) For any

271 views • 26 slides
Introduction to Virtual Machines Introduction Abstraction and interfaces Virtualization

Introduction to Virtual Machines Introduction Abstraction and interfaces Virtualization

Introduction to Virtual Machines Introduction Abstraction and interfaces Virtualization Computer system architecture Process virtual machines System virtual machines 1 EECS 768 Virtual Machines Abstraction Mechanism to

704 views • 31 slides
Virtual machines should be invisible (and might be augmented) Stephen Kell

Virtual machines should be invisible (and might be augmented) Stephen Kell

Virtual machines should be invisible (and might be augmented) Stephen Kell stephen.kell@cs.ox.ac.uk some joint work with Conrad Irwin (University of Cambridge) Virtual machines should be. . . p.1/37 Spot the virtual machine (1) Virtual

963 views • 40 slides
Virtual Machines Disclaimer: some slides are adopted from book authors slides with permission 1

Virtual Machines Disclaimer: some slides are adopted from book authors slides with permission 1

Virtual Machines Disclaimer: some slides are adopted from book authors slides with permission 1 Recap: Virtual Machines Enabling technology of cloud computing Basic idea: Provide machine abstractions 2 Recap: Virtual Machines

465 views • 23 slides
Virtual Machines Should Be Invisible Stephen Kell stephen.kell@cs.ox.ac.uk joint work with

Virtual Machines Should Be Invisible Stephen Kell stephen.kell@cs.ox.ac.uk joint work with

Virtual Machines Should Be Invisible Stephen Kell stephen.kell@cs.ox.ac.uk joint work with Conrad Irwin (University of Cambridge) Virtual machines should be. . . p.1/20 Spot the virtual machine (1) Virtual machines should be. . .

897 views • 20 slides
System Virtual Machines Introduction Key concepts Resource virtualization

System Virtual Machines Introduction Key concepts Resource virtualization

System Virtual Machines Introduction Key concepts Resource virtualization processors memory I/O devices Performance issues Applications EECS 768 Virtual Machines 1 Introduction System virtual machine

621 views • 38 slides
virtual machines 1 last time access control lists user and group IDs in processes set-user-ID

virtual machines 1 last time access control lists user and group IDs in processes set-user-ID

virtual machines 1 last time access control lists user and group IDs in processes set-user-ID programs briefmy: time-of-check-to-time-of-use errors capabilities: token to address = permission token might allow getting other tokens can pass

1.24k views • 105 slides
1 2 The first set of slides will introduce the basics of virtualization and virtual machines.

1 2 The first set of slides will introduce the basics of virtualization and virtual machines.

So we will start the course with an introduction on virtual machines. 1 2 The first set of slides will introduce the basics of virtualization and virtual machines. Many of these concepts should be familiar to students from other classes,

487 views • 47 slides
This is where Virtual System Design starts! Our virtual testing capabilities enable us to deliver

This is where Virtual System Design starts! Our virtual testing capabilities enable us to deliver

This is where Virtual System Design starts! Our virtual testing capabilities enable us to deliver better solutions in less time and to provide fast and strong support in the field. Model based design and virtual testing of software ADC System

84 views • 4 slides
Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives

Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives

Virtual Machines &amp; Security Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives the illusion of a real machine VMM/Hypervisor: host software which provides this capability Pioneered by IBM

75 views • 5 slides
CHAPTER 3: Virtual Machines and Virtualization of Clusters and Data Centers Presented by Faramarz

CHAPTER 3: Virtual Machines and Virtualization of Clusters and Data Centers Presented by Faramarz

CHAPTER 3: Virtual Machines and Virtualization of Clusters and Data Centers Presented by Faramarz Safi (Ph.D.) Islamic Azad University, Najafabad Branch 1 SUMMARY The reincarnation of virtual machines (VMs) presents a great opportunity for

849 views • 81 slides
Dynamic, Metamorphic (and opensource) Virtual Machines A. Desnos ESIEA - Operational Cryptology

Dynamic, Metamorphic (and opensource) Virtual Machines A. Desnos ESIEA - Operational Cryptology

Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Dynamic, Metamorphic (and opensource) Virtual Machines A. Desnos ESIEA - Operational Cryptology and Virology Laboratory (CVO) 38 rue des Dr Calmette et Gurin,

1.21k views • 75 slides
Introduction to Virtual Machines Michael Jantz Acknowledgements Slides adapted from Chapter 1

Introduction to Virtual Machines Michael Jantz Acknowledgements Slides adapted from Chapter 1

Introduction to Virtual Machines Michael Jantz Acknowledgements Slides adapted from Chapter 1 in Virtual Machines: Versatile Platforms for Systems and Processes by James E. Smith and Ravi Nair Credit to Prasad A. Kulkarni some slides

698 views • 33 slides
Secure Programs via Game-based Synthesis Somesh Jha, Tom Reps, and Bill Harris 1 Tuesday,

Secure Programs via Game-based Synthesis Somesh Jha, Tom Reps, and Bill Harris 1 Tuesday,

Secure Programs via Game-based Synthesis Somesh Jha, Tom Reps, and Bill Harris 1 Tuesday, October 22, 13 One-slide summary Secure programming on a conventional OS is intractable Privilege-aware OSs take secure programming from

2.28k views • 195 slides
Connecting the Dot Dots Model Checking Concurrency in Capsicum ASA-4 21 July 2010 Robert N. M.

Connecting the Dot Dots Model Checking Concurrency in Capsicum ASA-4 21 July 2010 Robert N. M.

Connecting the Dot Dots Model Checking Concurrency in Capsicum ASA-4 21 July 2010 Robert N. M. Watson Jonathan Anderson Introduction UNIX File System (UFS) Capsicum: practical capabilities for UNIX Whoops, a concurrency

548 views • 31 slides
Capsicum Capability-Based Sandboxing David Drysdale Google UK Features Current LXC uses the

Capsicum Capability-Based Sandboxing David Drysdale Google UK Features Current LXC uses the

Capsicum Capability-Based Sandboxing David Drysdale Google UK Features Current LXC uses the following kernel features to contain processes: Kernel namespaces (ipc, uts, mount, pid, network and user) Apparmor and SELinux profiles

521 views • 30 slides
Synthesis of Esters of 6-(2,5-Dioxopyrrolidin-1-yl)-2- (morpholin-4-yl)hexanoic Acid as

Synthesis of Esters of 6-(2,5-Dioxopyrrolidin-1-yl)-2- (morpholin-4-yl)hexanoic Acid as

[c010] Synthesis of Esters of 6-(2,5-Dioxopyrrolidin-1-yl)-2- (morpholin-4-yl)hexanoic Acid as Potential Transdermal Penetration Enhancers Katerina Brychtova 1 *, Sylva Dittrichova 1 , Barbora Slaba 1,2 , Lukas Placek 1,2 , Radka

210 views • 6 slides
virtual machines 1 Changelog Changes made in this version not seen in fjrst lecture: 23 April

virtual machines 1 Changelog Changes made in this version not seen in fjrst lecture: 23 April

virtual machines 1 Changelog Changes made in this version not seen in fjrst lecture: 23 April 2019: rearrange slide order to better match lecture order 23 April 2019: change real page table to shadow page table in some places 23

1.39k views • 113 slides
FreeBSD/VPC Virtual Private Cloud support (fka SDN) Virtualization Status bhyve(4) is a

FreeBSD/VPC Virtual Private Cloud support (fka SDN) Virtualization Status bhyve(4) is a

FreeBSD/VPC Virtual Private Cloud support (fka SDN) Virtualization Status bhyve(4) is a stable, performant hypervisor Network isolation is not core to bhyve(4) today Use of VNET(9) for manipulating FIBS for tap(4) interfaces is

445 views • 18 slides
CloudABI: Pure capability-based security for UNIX Speaker: Ed Schouten, ed@nuxi.nl Overview

CloudABI: Pure capability-based security for UNIX Speaker: Ed Schouten, ed@nuxi.nl Overview

32C3, Hamburg 2015-12-28 CloudABI: Pure capability-based security for UNIX Speaker: Ed Schouten, ed@nuxi.nl Overview Whats wrong with UNIX? Introducing CloudABI Developing CloudABI software Starting CloudABI processes Use

849 views • 40 slides
FreeBSD is not Linux Niclas Zeising zeising@FreeBSD.org what is FreeBSD what is FreeBSD

FreeBSD is not Linux Niclas Zeising zeising@FreeBSD.org what is FreeBSD what is FreeBSD

FreeBSD is not Linux Niclas Zeising zeising@FreeBSD.org what is FreeBSD what is FreeBSD complete operating system documentation over 30 000 packages a community history history patches to v6 Unix ex/vi, pascal Berkely Software

715 views • 28 slides

More recommend