virtual cpu validation
play

Virtual CPU Validation Nadav Amit, Dan Tsafrir, Assaf Schuster - PowerPoint PPT Presentation

Feb 15, 2024 •427 likes •697 views

Virtual CPU Validation Nadav Amit, Dan Tsafrir, Assaf Schuster Ahmad Ayoub, Eran Shlomo Question Your video server freezes once a month. Why? OS, drivers, BIOS CPU, hardware Virus / Hack Cosmic rays / Power Anything else?

  1. Virtual CPU Validation Nadav Amit, Dan Tsafrir, Assaf Schuster Ahmad Ayoub, Eran Shlomo

  2. Question Your video server freezes once a month. Why? • OS, drivers, BIOS • CPU, hardware • Virus / Hack • Cosmic rays / Power Anything else?

  3. “75% of x86 server workloads are virtualized” [Gartner’15] 80% Virtualized Workloads 60% 40% 20% 0% 2011 2012 2013 2014 2015 Year

  4. Hypervisor Bugs • HW assists virtualization, but SW is still there application • Bug implications: security, stability OS hypervisor • CPU virtualization is hardest, and its bugs have the greatest impact CPU

  5. Real-Life Example • Non-existent register reads leaked host data • Security vulnerability • Patching required reboot

  6. Existing Solutions Micro-hypervisors [Steinberg’10] Reduced trusted-computing base, not hypervisor code Formal Verification [Leinenbach’09] No formal model of CPU Fuzzing [Martigonini’12] No knowledge of CPU semantics

  7. Observation • CPU vendors invest heavily in developing testing tools • 100s of person years or more! • Physical and virtual CPU should behave similarly • So tools for testing physical CPUs should be able to find bugs in virtual CPUs

  8. Contribution 1. Adapt & apply physical CPU testing tools to VCPUs 2. Study hypervisor bugs • Found, fixed, and analyzed >100 bugs

  9. Outline • Motivation • System • Physical CPU testing tools • Adapting tools to VCPUs • Results • Causes of bugs • Impact of bugs • Architectural flaws (as opposed to SW bugs) • Conclusions

  10. Physical CPU Testing Test Initialization Generator Random code & Arch. Sim. Test templates Completion

  11. Physical CPU Testing CPU Test Generator Loader SUT Test Arch. Sim. Debug Res. Tools

  12. Benefits • High coverage • Due to intimate architecture semantic awareness + effort • Low false-positive rate • No undefined results of instructions • No nondeterministic results (due to errata or asyncevents) • Easy to debug • Interim checks • Detailed failure indications • Trace of expected architectural execution

  13. Adaptation: Test Generation • Broken or missing virtualization features Test • Add: • Cache-line monitoring Generator • Performance Monitor Unit v3 Arch. Sim. • … • Workaround: • Nested virtualization • Data breakpoints • …

  14. Adaptation: Execution and Debug • Load tests using hypervisor monitor CPU protocol Test Vloader SUT • Curb OS jitter • Emulate test device for Res. I/O instructions Debug Tools • Enhance debug tools

  15. Effort and Testing Time • Bootstrapping effort • 2 weeks to run the first empty test • 1.5 months to run the first full test • Per-test time • Generation – 5 seconds • Execution – less than a second / 1MB • Failure debugging avg – ~3 hours (high var)

  16. Outline • Motivation • System • Physical CPU testing tools • Adapting tools to VCPUs • Results • Causes of bugs • Impact of bugs • Architectural flaws (as opposed to SW bugs) • Conclusions

  17. Testing KVM: 117 Bugs debug reset 9% 5% task switch 4% model specific registers 7% instruction emulator local 62% APIC 6% other 7%

  18. Instruction Emulator • Why does a hypervisor need an instruction emulator? • Port I/O and Memory Mapped I/O (MMIO) Emulating instructions that access emulated devices • Support for old hardware Restricted guest; shadow page tables • Vendor specific instructions Migration between AMD and Intel • Instruction emulator stress • Emulate every instruction • Run natively if emulation is unsupported

  19. Bug Causes unclear documentation • Mostly due to not 7% following specifications coding • Documentation can errors be improved 15% • Plain coding errors • Races not following specifications • Null dereferences 78% • Wrong error codes • Decimal/Hex

  20. Implications: Security • 6 vulnerabilities • Impact: • Host compromised: 3 host DoS • VM compromised: 2 VM DoS, 1 privilege escalation • Main cause – instruction emulator bugs • x86 ISA consists of 800+ instructions • Usually, many instructions should not be emulated • But the hypervisor can be tricked to emulate them

  21. Implications: Security - Example Exploiting CVE-2015-0239 – potential privilege escalation hypervisor vCPU0 (1) Execute (2) VM-exit (4) Emulate MMIO “buggy” instruction instruction “SYSENTER” “MOV R8, [HPET]” “SYSENTER” “ SYSENTER ” (3) write a “ buggy ” instruction vCPU1

  22. Implications: Stability • Hard to quantify • One bug caused virtual machines to freeze • Nontrivial race • Turns to be 5-year old bug • Was seen number of times over the years • 4 additional software regressions

  23. Hardware Flaws • Found 4 architecture flaws • Desired virtual machine properties • Equivalence Both cannot be kept • Efficiency • Resource Control • Causes: • Non-virtualizable state • Missing state save/restore facilities • Errata

  24. Hardware Flaw: FPU state CPU 16-bit 64-bit FCS FIP FCS FIP FIP 64-bit 32-bit • Old CPUs: restore either 16-bit FCS or 64-bit FIP • New CPUs: deprecate FCS save/restore New Problem in Real-Mode: FIP = (FCS << 4) | FIP

  25. Outline • Motivation • System • Physical CPU testing tools • Adapting tools to VCPUs • Results • Causes of bugs • Impact of bugs • Architectural flaws (as opposed to SW bugs) • Conclusions

  26. Conclusions • Virtualization robustness/security should not be assumed • CPU vendors are able to test hypervisors efficiently • And it is in their best interest… • Demand it from your CPU vendor!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

MANEUVER BASED VALIDATION OF BMW xDRIVE VARIANTS BY USING VIRTUAL VEHICLE INTEGRATION AND HIL TEST

MANEUVER BASED VALIDATION OF BMW xDRIVE VARIANTS BY USING VIRTUAL VEHICLE INTEGRATION AND HIL TEST

19.09.2012 Matthias Prebeck, Dr. Peter Rissling; BMW Group Michael Folie; IPG Automotive MANEUVER BASED VALIDATION OF BMW xDRIVE VARIANTS BY USING VIRTUAL VEHICLE INTEGRATION AND HIL TEST METHODS. IPG TECHNOLOGY CONFERENCE, SEPTEMBER 18 -19,

448 views • 18 slides
Validation of an innovative experim ental safety assessm ent for virtual control tow er HMI

Validation of an innovative experim ental safety assessm ent for virtual control tow er HMI

Faculty of Transportation and Traffic Sciences, Institute of Logistics and Aviation, Chair of Air Transport Technology and Logistics Validation of an innovative experim ental safety assessm ent for virtual control tow er HMI designs Lothar

396 views • 21 slides
Transactions of the Korean Nuclear Society Virtual Spring Meeting July 9-10, 2020 Validation of

Transactions of the Korean Nuclear Society Virtual Spring Meeting July 9-10, 2020 Validation of

Transactions of the Korean Nuclear Society Virtual Spring Meeting July 9-10, 2020 Validation of the Multi-Group Pin Homogenized SP3 Code SPHINCS through BEAVRS Benchmark Analyses Jorge Gonzalez-Amoros, Hyunsik Hong, Hyun Ho Cho and Han Gyu Joo *

618 views • 4 slides
Form Validation 1 CS380 What is form validation? 2 validation: ensuring that form's values

Form Validation 1 CS380 What is form validation? 2 validation: ensuring that form's values

Form Validation 1 CS380 What is form validation? 2 validation: ensuring that form's values are correct some types of validation: preventing blank values (email address) ensuring the type of values integer, real number,

284 views • 24 slides
Data Mining II Model Validation Heiko Paulheim Why Model Validation? We have seen so far

Data Mining II Model Validation Heiko Paulheim Why Model Validation? We have seen so far

Data Mining II Model Validation Heiko Paulheim Why Model Validation? We have seen so far Various metrics (e.g., accuracy, F-measure, RMSE, ) Evaluation protocol setups Split Validation Cross Validation Special

1.04k views • 55 slides
Chapter 5 Analysis: Four Level for Validation Vis/Visual Analytics, Chap 5 Validation 1 CGGM

Chapter 5 Analysis: Four Level for Validation Vis/Visual Analytics, Chap 5 Validation 1 CGGM

Chapter 5 Analysis: Four Level for Validation Vis/Visual Analytics, Chap 5 Validation 1 CGGM Lab., CS Dept., NCTU Jung Hong Chuang Contents Why Validate? Validation Approaches Domain Why is Validation Abstraction

724 views • 47 slides
Capital Quality Validation Webinar Sept. 17, 2020 Agenda Validation Overview

Capital Quality Validation Webinar Sept. 17, 2020 Agenda Validation Overview

Capital Quality Validation Webinar Sept. 17, 2020 Agenda Validation Overview Validation Timeline Authorized Representative Validation Process How to Log In to QuickBase How to Reset Your Password How to

451 views • 43 slides
Development and Validation of a Code for the Oxygen Distribution of Zircaloy Cladding in

Development and Validation of a Code for the Oxygen Distribution of Zircaloy Cladding in

Transactions of the Korean Nuclear Society Virtual Spring Meeting July 9-10, 2020 Development and Validation of a Code for the Oxygen Distribution of Zircaloy Cladding in Non-Isothermal Transient Steam Oxidation Dongju Kim , Kyunghwan Keum ,

302 views • 4 slides
Occams Razor Sampling Bias : generate the data carefuly Data Snooping : handle the data

Occams Razor Sampling Bias : generate the data carefuly Data Snooping : handle the data

recap: Validation and Cross Validation Validation Cross Validation D ( N ) D 1 D 2 D N D train Learning From Data D ( N K ) g 1 g 2 g N Lecture 14 ( x 1 , y 1 ) ( x 2 , y 2 ) ( x N , y N ) Three Learning Principles D

486 views • 15 slides
AngularJS &amp; Bootstrap Form Validation HTML default validation Browsers have built-in

AngularJS &amp; Bootstrap Form Validation HTML default validation Browsers have built-in

AngularJS &amp; Bootstrap Form Validation HTML default validation Browsers have built-in HTML validation These work when the type attribute is given to an input element We might want better validation than is provided by the web

328 views • 13 slides
Module 4 19/05/2015 2 Agenda 1. What is validation? 2. Three-part empathy 3. What is

Module 4 19/05/2015 2 Agenda 1. What is validation? 2. Three-part empathy 3. What is

VALIDATION SKILLS Module 4 19/05/2015 2 Agenda 1. What is validation? 2. Three-part empathy 3. What is involved? 4. Why, when and how to use validation 3 What is validation? Validation = saying something People with BPD are much

265 views • 8 slides
Verification and Validation Steven Zeil February 13, 2013 Verification and Validation

Verification and Validation Steven Zeil February 13, 2013 Verification and Validation

Verification and Validation Verification and Validation Steven Zeil February 13, 2013 Verification and Validation Outline The Process 1 Non-Testing V&amp;V 2 Code Review Mathematically-based verification Static analysis tools

790 views • 55 slides
VALIDATION The goal of validation is to judge the quality of the soft- ware from the users

VALIDATION The goal of validation is to judge the quality of the soft- ware from the users

VALIDATION The goal of validation is to judge the quality of the soft- ware from the users point of view; e.g., reliability. The goal of all validation techniques is: to reveal failures, to localize the faults that caused the

281 views • 14 slides
LaGov LaGov Version 2.2 Updated: 12/17/08 Visit our website for Blueprint Presentations,

LaGov LaGov Version 2.2 Updated: 12/17/08 Visit our website for Blueprint Presentations,

Inventory and Warehouse Management Inventory and Warehouse Management Inventory and Warehouse Management Validation Session Validation Session Validation Session LOG- -IM/WM IM/WM- -Validation Validation LOG LOG-IM/WM-Validation January

1.59k views • 146 slides
Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines: Virtual machine technology, often just called virtualization , makes one computer behave as several Running several operating systems simultaneously on

254 views • 10 slides
Workshop on process validation General concepts on process validation Kowid Ho Scope /

Workshop on process validation General concepts on process validation Kowid Ho Scope /

Workshop on process validation General concepts on process validation Kowid Ho Scope / background Process evaluation/validation of biotechnology derived proteins used as active substance in the manufacture of medicinal products (i.e.

346 views • 16 slides
Protocol stacks and multicore scalability The evolving hardware-software interface or Why we

Protocol stacks and multicore scalability The evolving hardware-software interface or Why we

Protocol stacks and multicore scalability The evolving hardware-software interface or Why we love and hate offload MSN 2010 Robert N. M. Watson University of Cambridge Portions of this work supported by Juniper Networks, Inc. Idealised

664 views • 30 slides
Syscalls, exceptions, and interrupts, oh my! Hakim Weatherspoon CS 3410 Computer Science

Syscalls, exceptions, and interrupts, oh my! Hakim Weatherspoon CS 3410 Computer Science

Syscalls, exceptions, and interrupts, oh my! Hakim Weatherspoon CS 3410 Computer Science Cornell University [ Altinbuken, Weatherspoon, Bala, Bracy, McKee, and Sirer] Announcements P4-Buffer Overflow is due tomorrow Due Tuesday,

711 views • 52 slides
Operating Systems Overview Chester Rebeiro IIT Madras Outline Basics OS Concepts OS

Operating Systems Overview Chester Rebeiro IIT Madras Outline Basics OS Concepts OS

Operating Systems Overview Chester Rebeiro IIT Madras Outline Basics OS Concepts OS Structure 2 What is the OS used for? Hardware Abstraction turns hardware into something that applications can use Resource Management

962 views • 36 slides
SYSTEM SECURITY III: TRUSTED COMPUTING TDDD17 Informationsskerhet Ben Smeets Ericsson

SYSTEM SECURITY III: TRUSTED COMPUTING TDDD17 Informationsskerhet Ben Smeets Ericsson

SYSTEM SECURITY III: TRUSTED COMPUTING TDDD17 Informationsskerhet Ben Smeets Ericsson Research Security / Lund University 1 2019-03-01 B. Smeets LiTH course Goal of this lecture Understand trusted computing and its purpose Threats

794 views • 66 slides
IT350: Web &amp; Internet Programming Set 11: Dynamic HTML What can we do with DHTML? 1 What

IT350: Web &amp; Internet Programming Set 11: Dynamic HTML What can we do with DHTML? 1 What

IT350: Web &amp; Internet Programming Set 11: Dynamic HTML What can we do with DHTML? 1 What can we do with DHTML? What techniques do we need? Find the HTML object we want to change var domLink =

334 views • 6 slides
SY306 Web and Databases for Cyber Operations Slide Set #6: Dynamic HTML W3schools HTML DOM Intro,

SY306 Web and Databases for Cyber Operations Slide Set #6: Dynamic HTML W3schools HTML DOM Intro,

SY306 Web and Databases for Cyber Operations Slide Set #6: Dynamic HTML W3schools HTML DOM Intro, DOM Methods, DOM Document, DOM HTML, DOM CSS What is Dynamic HTML The combination of 1. HTML 2. CSS 3. Javascript 4. DOM Used together

551 views • 8 slides
Internet Software Technologies I t t S ft T h l i Dynamic HTML part one Dynamic HTML

Internet Software Technologies I t t S ft T h l i Dynamic HTML part one Dynamic HTML

Internet Software Technologies I t t S ft T h l i Dynamic HTML part one Dynamic HTML part one IMCNE IMCNE A.A. 2008/09 Gabriele Cecchetti Gabriele Cecchetti What is DHTML ? DHTML stands for D ynamic HTML DHTML stands for D

965 views • 14 slides
Internet Software Technologies I t t S ft T h l i Dynamic HTML part two Dynamic HTML

Internet Software Technologies I t t S ft T h l i Dynamic HTML part two Dynamic HTML

Internet Software Technologies I t t S ft T h l i Dynamic HTML part two Dynamic HTML part two IMCNE IMCNE A.A. 2008/09 Gabriele Cecchetti Gabriele Cecchetti Events: another simple example Every element on a web page has

684 views • 11 slides

More recommend