Muen Design Inzemamul Haque 25 Nov 2016 Introduction Muen is an - - PowerPoint PPT Presentation

muen design
SMART_READER_LITE
LIVE PREVIEW

Muen Design Inzemamul Haque 25 Nov 2016 Introduction Muen is an - - PowerPoint PPT Presentation

Apr 03, 2023 297 likes •629 views

Muen Design Inzemamul Haque 25 Nov 2016 Introduction Muen is an open-source separation kernel for x86 platform Uses Intel hardware support for virtualization What Muen does? Takes a policy as input and works according to it

slide-1
SLIDE 1

Muen – Design

Inzemamul Haque 25 Nov 2016

slide-2
SLIDE 2

Introduction

  • Muen is an open-source separation kernel for x86

platform

  • Uses Intel hardware support for virtualization
slide-3
SLIDE 3

What Muen does?

  • Takes a policy as input and works according to it
  • Policy contains information like

– No. of subjects – Information about memory – Scheduling policy – Communication channels

slide-4
SLIDE 4

What Muen does?

slide-5
SLIDE 5

Example Policy

  • 4 subjects, say S1, S2, S3 and S4
  • 2 communication channels

– S1 to S3 – S2 to S3

  • 2 devices D1 and D2 connected to subjects S1 and

S2 respectively

  • Memory for each subject is of size 512 MB
slide-6
SLIDE 6

Example Muen system

S1 S2 S3 S4

Hardware

Memory 1 Memory 2 Memory 3 Memory 4

Processor

Memory

D1 D2

slide-7
SLIDE 7

Policy

  • Contains the following information

– Memory areas – Communication channels – Subjects

  • Memory for the subject
  • Devices attached to the subject
  • Channels where it can read or write
slide-8
SLIDE 8

Subject

  • Abstract view: a full stand-alone machine running a

software

  • Similar to a virtual machine on a hypervisor
  • Can be a bare metal program or an OS
  • Also called partition or regime in a separation

kernel

slide-9
SLIDE 9

Channels

  • Can be either through

– Shared memory – Events

  • Complete isolation between subjects except these

communication channels

  • One-way channels
slide-10
SLIDE 10

Scheduling

  • Static scheduling
  • Round-robin scheduling
  • Uses two kinds of frames

– Minor frames – a subject runs for one minor-frame – Major frames – used for synchronization on multiple processors

  • 1 Major frame can consist of multiple minor frames
slide-11
SLIDE 11

Tool-chain

Source: Muen tool-chain document

slide-12
SLIDE 12

Address map

slide-13
SLIDE 13

Overview of working of Muen

slide-14
SLIDE 14

Initialization

  • Set up segmentation and paging
  • Set up IDT
  • Checking validity of system
  • Performing VMXON
  • Configure VMCS for each subject
  • Initialize scheduler and VMX timer
slide-15
SLIDE 15

System after initialization

Kernel memory Free memory VMCS for subject 1 VMCS for subject 2 VMXON for CPU 1 VMXON for CPU 2 Trampoline 0x000f ffff 0x0000 0000 VMCS 1 VMCS 2

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

Processor

CurrentVMCS:VMCS1

slide-16
SLIDE 16

Kernel data structures

Interrupt vector Routing Array Global event array Event table

slide-17
SLIDE 17

VM Entry

VMCS 1 VMCS 2

Processor

Kernel memory Free memory VMCS for subject 1 VMCS for subject 2 VMXON for CPU 1 VMXON for CPU 2 Trampoline 0x000f ffff 0x0000 0000

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

CurrentVMCS:VMCS1

slide-18
SLIDE 18

VM Exit

VMCS 1 VMCS 2

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

Processor

Kernel memory Free memory VMCS for subject 1 VMCS for subject 2 VMXON for CPU 1 VMXON for CPU 2 Trampoline 0x000f ffff 0x0000 0000 CurrentVMCS:VMCS1

slide-19
SLIDE 19

VM Exit

  • Various reasons of VM-exit
  • External interrupts
  • VMX preemption timer expiry
  • VMCALL instruction
  • Interrupt-window exiting
slide-20
SLIDE 20

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

VM Exit – External Interrupt

VMCS 1 VMCS 2

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

Processor

External Interrupt With vector

CurrentVMCS:VMCS1 Interrupt vector Routing Array Global event array

Kernel data structures

Event table

slide-21
SLIDE 21

VM Exit – External Interrupt

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

VMCS 1 VMCS 2

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

Processor

CurrentVMCS:VMCS1

External Interrupt With vector

Interrupt vector Routing Array Global event array

Kernel data structures

Event table

slide-22
SLIDE 22

VM Exit – External Interrupt

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

VMCS 1 VMCS 2

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

Processor

CurrentVMCS:VMCS1 Interrupt vector Routing Array Global event array

Kernel data structures

Event table

slide-23
SLIDE 23

VM Exit – External Interrupt

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

VMCS 1 VMCS 2

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

Processor

CurrentVMCS:VMCS1 Interrupt vector Routing Array Global event array

Kernel data structures Interrupt handler – subject 2 with vector vn

Event table

slide-24
SLIDE 24

VM Exit – External Interrupt

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

VMCS 1 VMCS 2

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

Processor

CurrentVMCS:VMCS1 Interrupt vector Routing Array Global event array

Kernel data structures Subject 1 starts running again

Event table

slide-25
SLIDE 25

VM Exit – Timer Expiry

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

VMCS 1 VMCS 2

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

Processor

CurrentVMCS:VMCS1 Interrupt vector Routing Array Global event array

Kernel data structures

Event table

slide-26
SLIDE 26

VM Exit – Timer Expiry

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

VMCS 1 VMCS 2

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

Processor

CurrentVMCS:VMCS2 Interrupt vector Routing Array Global event array

Kernel data structures

Event table

slide-27
SLIDE 27

VM Exit – Timer Expiry

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

VMCS 1 VMCS 2

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

Processor

CurrentVMCS:VMCS2 Interrupt vector Routing Array Global event array

Kernel data structures Checking global event table for subject 2

Event table

slide-28
SLIDE 28

VM Exit – Timer Expiry

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

VMCS 1 VMCS 2

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

Processor

CurrentVMCS:VMCS2 Interrupt vector Routing Array Global event array

Kernel data structures Writing interrupt info in VMCS of subject 2

Event table

slide-29
SLIDE 29

VM Exit – Timer Expiry

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

VMCS 1 VMCS 2

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

Processor

CurrentVMCS:VMCS2 Interrupt vector Routing Array Global event array

Kernel data structures Checking interrupt info field before entry

Event table

slide-30
SLIDE 30

VM Exit - Hypercall

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

VMCS 1 VMCS 2

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

Processor

CurrentVMCS:VMCS2 Interrupt vector Routing Array Global event array

Kernel data structures Guest 2 executed VMCALL instruction with operand in A register

Event table

slide-31
SLIDE 31

VM Exit - Hypercall

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

VMCS 1 VMCS 2

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

Processor

CurrentVMCS:VMCS2 Interrupt vector Routing Array Global event array

Kernel data structures Checks event table and set the bit for dest subject with dest event no

Event table

slide-32
SLIDE 32

VM Exit - Hypercall

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

VMCS 1 VMCS 2

EPTP Host state area

RIP:VMexithandlerptr

Guest state area

Interrupt-exiting:1

Exit info Interrupt info

Processor

CurrentVMCS:VMCS2 Interrupt vector Routing Array Global event array

Kernel data structures Starts running again if not handover event

Event table