Chair of Network Architectures and Services Department of Informatics Technical University of Munich File Injection for Virtual Machine Boot Mechanisms Till Müller advised by Johannes Naab Monday 4 th November, 2019 Block Seminar: Innovative Internet Technologies and Mobile Communications Chair of Network Architectures and Services Department of Informatics Technical University of Munich
Overview Goals • Background • Motivation • Requirements • Assumptions Background • Regular boot process (GRUB) • QEMU direct kernel boot • initramfs • kexec Architecture / Implementation • High-level overview • Challenges Benchmarks Conclusion T. Müller — File Injection for Virtual Machine Boot Mechanisms 2
Goals Background • Lecture: Grundlagen Rechnernetze und Verteilte Systeme • Students get VM for homework assignments Motivation • Users have root access • SSH keys delivered via Moodle • have to be transferred to the VMs • All setup similar to each other • No DHCP available • Hostnames and other network configurations have to be set externally as well T. Müller — File Injection for Virtual Machine Boot Mechanisms 3
Goals Requirements • Inject files to VMs during boot • Do not mount the guest’s filesystem (security issues when mounting unknown filesystems using e.g. ext4 ) • Do not restrict activity on the VM once it is booted • No network connection must be required for injection Assumptions • Machines are hosted using QEMU/KVM with libvirt • Only small configuration files need to be transferred • Their destinations are known beforehand T. Müller — File Injection for Virtual Machine Boot Mechanisms 4
Background Regular boot process • Commonly achieved by GRUB (GRand Unified Bootloader) • Called by BIOS • Reads partition table and lets user choose which OS to boot • Loads kernel / initramfs from that partition • Hands over to the init from the initramfs T. Müller — File Injection for Virtual Machine Boot Mechanisms 5
Background File Injection - step 1 • File injector needs to run before the actual system • Boot process needs to be altered • We need to boot something other than GRUB T. Müller — File Injection for Virtual Machine Boot Mechanisms 6
Background QEMU direct kernel boot • Skips the bootloader, instead init / Systemd started directly • Kernel and initramfs are loaded from the host directly into the guest’s memory • Does not require guest’s HDD if kernel / ramdisk originate from host • Faster than using a bootloader (no BIOS emulation etc.) T. Müller — File Injection for Virtual Machine Boot Mechanisms 7
Background Boot mechanisms comparison T. Müller — File Injection for Virtual Machine Boot Mechanisms 8
Background File Injection - step 2 • The files need to be available during boot • Otherwise they cannot be copied to the guest’s filesystem • Connecting the host’s and guest’s filesystem directly is vulnerable • We need another way of passing arbitrary files to the booting kernel T. Müller — File Injection for Virtual Machine Boot Mechanisms 9
Background initramfs • Often required for booting a Linux kernel • Contains drivers and software necessary to mount the filesystem • Extracted into memory during boot • Formerly initrd , a block device using e.g. ext2 T. Müller — File Injection for Virtual Machine Boot Mechanisms 10
Background File Injection - step 3 • Now the injector is done, but the system is still running the injector kernel • The user maybe wants another kernel (different versions, modules, etc.) • We therefore have to switch to the kernel, the user wants T. Müller — File Injection for Virtual Machine Boot Mechanisms 11
Background kexec • Loading new kernel from within a running system • Shuts down running kernel and switches to the new one • Does not perform full restart, skipping some parts • BIOS • Hardware initilization • GRUB • Mostly used to quickly apply kernel updates T. Müller — File Injection for Virtual Machine Boot Mechanisms 12
Architecture High-level overview 1. Mount the filesystem and copy over the files from the initramfs • Uncompress initramfs • Find block device containing the guest’s filesystem • Mount it using default values or values given by boot parame- ters • Copy over files from a specific folder inside the initramfs 2. Find the correct kernel within the filesystem and switch to it using kexec • Find the correct kernel and initrd.img files via symlinks or in /boot • Load them into memory using kexec • Unmount the filesystem • Execute the new kernel to boot it T. Müller — File Injection for Virtual Machine Boot Mechanisms 13
Implementation Challenges While implementing the system, some challenges had to be overcome. This is one of them: • initramfs should be small • Kernel still requires drivers to mount the guest’s filesystem • initramfs files can be concatenated • QEMU limits the number of initramfs files for direct kernel boot to one Solution: Include the drivers in the kernel file • Can be achieved using a custom built kernel • Kernel configuration contains the option CONFIG_INITRAMFS_SOURCE • initramfs is the compiled into the kernel file T. Müller — File Injection for Virtual Machine Boot Mechanisms 14
Benchmarks Comparison of different boot methods Kernel version: 4.9.0-11 30 default kernel 26 . 7 file injector 25 21 . 9 20 seconds 15 13 . 4 11 . 1 10 6 . 5 5 0 GRUB Direct kernel boot PXE • Measured from virsh start command until the login screen was displayed • GRUB default config • Direct kernel boot the fastest • File injection adds about five seconds • PXE the slowest, mainly due to DHCP T. Müller — File Injection for Virtual Machine Boot Mechanisms 15
Conclusion • File injection system for virtual machines • Special kernel booted using QEMU direct kernel boot • Files deliverd using initramfs • Kernel from guest booted afterwards (emulating normal boot loader) • Almost no impact on users • Isolation ensured throughout the process T. Müller — File Injection for Virtual Machine Boot Mechanisms 16
Recommend
More recommend
