virtual machines
play

virtual machines 1 last time access control lists user ID and - PowerPoint PPT Presentation

Oct 24, 2023 •192 likes •1.3k views

virtual machines 1 last time access control lists user ID and group ID tracking IDs in kernel delegating naming, authentication to user programs set-user-ID programs: controlled access to priv. functions extremely tricky to write securely

  1. recall: xv6 keyboard I/O ... data = inb(KBDATAP); mov $0x60, %edx in %dx, %al <-- FAULT IN USER MODE */ ... in user mode: triggers a fault in instruction — read from special ‘I/O address’ but same idea applies to mov from special memory address + page fault 17 /* compiles to:

  2. more complete pseudocode (1) trap(...) { } ... } } } ... break ; char c = do_syscall_to_read_keyboard(); case KBDATAP: ... switch (src_address) { int src_address = get_instr_address(instrution); ... // interpret machine code! if (is_in_instr(pc)) { && guest OS in kernel mode) { else if (exception_type == PROTECTION_FAULT ... // tf = saved context (like xv6 trapframe) 18 char *pc = tf − >pc; tf − >registers[get_instr_dest(pc)] = c; tf − >pc += get_instr_length(pc);

  3. more complete pseudocode (1) trap(...) { } ... } } } ... break ; char c = do_syscall_to_read_keyboard(); case KBDATAP: ... switch (src_address) { int src_address = get_instr_address(instrution); ... // interpret machine code! if (is_in_instr(pc)) { && guest OS in kernel mode) { else if (exception_type == PROTECTION_FAULT ... // tf = saved context (like xv6 trapframe) 18 char *pc = tf − >pc; tf − >registers[get_instr_dest(pc)] = c; tf − >pc += get_instr_length(pc);

  4. more complete pseudocode (1) trap(...) { } ... } } } ... break ; char c = do_syscall_to_read_keyboard(); case KBDATAP: ... switch (src_address) { int src_address = get_instr_address(instrution); ... // interpret machine code! if (is_in_instr(pc)) { && guest OS in kernel mode) { else if (exception_type == PROTECTION_FAULT ... // tf = saved context (like xv6 trapframe) 18 char *pc = tf − >pc; tf − >registers[get_instr_dest(pc)] = c; tf − >pc += get_instr_length(pc);

  5. trap-and-emulate (1) normally: privileged instructions trigger fault e.g. accessing device memory directly (page fault) e.g. changing the exception table (protection fault) normal OS: crash the program hypervisor: pretend it did the right thing pretend kernel mode: the actual privileged operation 19 pretend user mode: invoke guest’s exception handler

  6. more complete pseudocode (2) trap(...) { // tf = saved context (like xv6 trapframe) ... else if (exception_type == PROTECTION_FAULT && guest OS in user mode) { ... } } 20 tf − >in_kernel_mode = TRUE; tf − >stack_pointer = /* guest OS kernel stack */ ; tf − >pc = /* guest OS trap handler */ ;

  7. system call/exception fmow (part 1) hardware invokes hypervisor’s system call handler switch to user mode to run it setup guest OS to run its exception handler (this case: could defer updates till page fault) in user v. kernel mode difgerent guest OS pages accessible change guest PC to addr. from guest exception table software marks guest as as in “fake kernel mode” “real” syscall handler program return from exec. page table update exception handler (exception) system call hardware hypervisor ‘guest’ OS 21

  8. system call/exception fmow (part 1) hardware invokes hypervisor’s system call handler switch to user mode to run it setup guest OS to run its exception handler (this case: could defer updates till page fault) in user v. kernel mode difgerent guest OS pages accessible change guest PC to addr. from guest exception table software marks guest as as in “fake kernel mode” “real” syscall handler program return from exec. page table update exception handler (exception) system call hardware hypervisor ‘guest’ OS 21

  9. system call/exception fmow (part 1) hardware invokes hypervisor’s system call handler switch to user mode to run it setup guest OS to run its exception handler (this case: could defer updates till page fault) in user v. kernel mode difgerent guest OS pages accessible change guest PC to addr. from guest exception table software marks guest as as in “fake kernel mode” “real” syscall handler program return from exec. page table update exception handler (exception) system call hardware hypervisor ‘guest’ OS 21

  10. system call/exception fmow (part 1) hardware invokes hypervisor’s system call handler switch to user mode to run it setup guest OS to run its exception handler (this case: could defer updates till page fault) in user v. kernel mode difgerent guest OS pages accessible change guest PC to addr. from guest exception table software marks guest as as in “fake kernel mode” “real” syscall handler program return from exec. page table update exception handler (exception) system call hardware hypervisor ‘guest’ OS 21

  11. system call/exception fmow (part 1) hardware invokes hypervisor’s system call handler switch to user mode to run it setup guest OS to run its exception handler (this case: could defer updates till page fault) in user v. kernel mode difgerent guest OS pages accessible change guest PC to addr. from guest exception table software marks guest as as in “fake kernel mode” “real” syscall handler program return from exec. page table update exception handler (exception) system call hardware hypervisor ‘guest’ OS 21

  12. system call/exception fmow (part 1) hardware invokes hypervisor’s system call handler switch to user mode to run it setup guest OS to run its exception handler (this case: could defer updates till page fault) in user v. kernel mode difgerent guest OS pages accessible change guest PC to addr. from guest exception table software marks guest as as in “fake kernel mode” “real” syscall handler program return from exec. page table update exception handler (exception) system call hardware hypervisor ‘guest’ OS 21

  13. system call/exception fmow (part 2) program ‘guest’ OS hypervisor hardware return from exception (in “real” syscall handler) in user mode, can’t do that exception handler for protection fault page table update return from exec. 22

  14. system call/exception fmow (part 2) program ‘guest’ OS hypervisor hardware return from exception (in “real” syscall handler) in user mode, can’t do that exception handler for protection fault page table update return from exec. 22

  15. system call/exception fmow (part 2) program ‘guest’ OS hypervisor hardware return from exception (in “real” syscall handler) in user mode, can’t do that exception handler for protection fault page table update return from exec. 22

  16. system call/exception fmow (part 2) program ‘guest’ OS hypervisor hardware return from exception (in “real” syscall handler) in user mode, can’t do that exception handler for protection fault page table update return from exec. 22

  17. system call/exception fmow (part 2) program ‘guest’ OS hypervisor hardware return from exception (in “real” syscall handler) in user mode, can’t do that exception handler for protection fault page table update return from exec. 22

  18. trap and emulate (2) guest OS should still handle exceptions for its programs most exceptions — just “refmect” them in the guest OS look up exception handler, kernel stack pointer, etc. saved by previous privilege instruction trap 23

  19. refmecting exceptions trap(...) { ... && guest OS in user mode) { ... } 24 else if ( exception_type == /* most exception types */ tf − >in_kernel_mode = TRUE; tf − >stack_pointer = /* guest OS kernel stack */ ; tf − >pc = /* guest OS trap handler */ ;

  20. (at least) two types of page faults for hypervisor trap and emulate (3) what about memory mapped I/O? when guest OS tries to access “magic” device address, get page fault need to emulate any memory writing instruction! guest OS trying to access device memory — emulate it guest OS trying to access memory not in its page table — run exception handler in guest (and some more types — next topic) 25

  21. trap and emulate (3) what about memory mapped I/O? when guest OS tries to access “magic” device address, get page fault need to emulate any memory writing instruction! guest OS trying to access device memory — emulate it guest OS trying to access memory not in its page table — run exception handler in guest (and some more types — next topic) 25 (at least) two types of page faults for hypervisor

  22. exercise guest OS running user program makes system call write system call to write 4 characters to screen write system call implementation does write by writing character at a time to memory mapped I/O address how many exceptions occur on the real hardware? 26

  23. trap and emulate not enough trap and emulate assumption: can cause fault priviliged instruction not in kernel memory access not in hypervisor-set page table … until ISA extensions, on x86, not always possible if time, (pretty hard-to-implement) workarounds later 27

  24. things VM needs normal user mode intructions just run it in user mode guest OS I/O or other privileged instructions guest OS tries I/O/etc. — triggers exception hypervisor translates to I/O request or records privileged state change (e.g. switch to user mode) for later guest OS exception handling track “guest OS thinks it in kernel mode”? record OS exception handler location when ‘set handler’ instruction faults hypervisor adjust PC, stack, etc. when guest OS should have exception guest OS virtual memory ??? 28

  25. things VM needs normal user mode intructions just run it in user mode guest OS I/O or other privileged instructions guest OS tries I/O/etc. — triggers exception hypervisor translates to I/O request or records privileged state change (e.g. switch to user mode) for later guest OS exception handling track “guest OS thinks it in kernel mode”? record OS exception handler location when ‘set handler’ instruction faults hypervisor adjust PC, stack, etc. when guest OS should have exception guest OS virtual memory ??? 28

  26. terms for this lecture virtual address — virtual address for guest OS physical address — physical address for guest OS machine address — physical address for hypervisor/host OS 29

  27. three page tables run multiple guests in same memory only this PT guest OS knows about only this PT hardware knows about hypervisor conversion page table shadow must be in some actual page table when running normal user code the translation the processor needs normally: use page table for this dynamically allocate memory need to allow OS to use any address virtual hypervisor records on protection fault (x86: mov …, %cr3 ) set with privileged instruction page table pointer guest page table? hypervisor page table guest address machine address physical address 30

  28. three page tables run multiple guests in same memory only this PT guest OS knows about only this PT hardware knows about hypervisor conversion page table shadow must be in some actual page table when running normal user code the translation the processor needs normally: use page table for this dynamically allocate memory need to allow OS to use any address virtual hypervisor records on protection fault (x86: mov …, %cr3 ) set with privileged instruction page table pointer guest page table? hypervisor page table guest address machine address physical address 30

  29. three page tables run multiple guests in same memory only this PT guest OS knows about only this PT hardware knows about hypervisor conversion page table shadow must be in some actual page table when running normal user code the translation the processor needs normally: use page table for this dynamically allocate memory need to allow OS to use any address virtual hypervisor records on protection fault (x86: mov …, %cr3 ) set with privileged instruction page table pointer guest page table? hypervisor page table guest address machine address physical address 30

  30. three page tables run multiple guests in same memory only this PT guest OS knows about only this PT hardware knows about hypervisor conversion page table shadow must be in some actual page table when running normal user code the translation the processor needs normally: use page table for this dynamically allocate memory need to allow OS to use any address virtual hypervisor records on protection fault (x86: mov …, %cr3 ) set with privileged instruction page table pointer guest page table? hypervisor page table guest address machine address physical address 30

  31. three page tables run multiple guests in same memory only this PT guest OS knows about only this PT hardware knows about hypervisor conversion page table shadow must be in some actual page table when running normal user code the translation the processor needs normally: use page table for this dynamically allocate memory need to allow OS to use any address virtual hypervisor records on protection fault (x86: mov …, %cr3 ) set with privileged instruction page table pointer guest page table? hypervisor page table guest address machine address physical address 30

  32. three page tables run multiple guests in same memory only this PT guest OS knows about only this PT hardware knows about hypervisor conversion page table shadow must be in some actual page table when running normal user code the translation the processor needs normally: use page table for this dynamically allocate memory need to allow OS to use any address virtual hypervisor records on protection fault (x86: mov …, %cr3 ) set with privileged instruction page table pointer guest page table? hypervisor page table guest address machine address physical address 30

  33. three page tables run multiple guests in same memory only this PT guest OS knows about only this PT hardware knows about hypervisor conversion page table shadow must be in some actual page table when running normal user code the translation the processor needs normally: use page table for this dynamically allocate memory need to allow OS to use any address virtual hypervisor records on protection fault (x86: mov …, %cr3 ) set with privileged instruction page table pointer guest page table? hypervisor page table guest address machine address physical address 30

  34. page table synthesis question creating new page table = two PT lookups lookup in guest OS page table lookup in hypervisor page table (or equivalent) synthesize new page table from combined info Q: when does the hypervisor update the shadow page table? 31

  35. page table synthesis question creating new page table = two PT lookups lookup in guest OS page table lookup in hypervisor page table (or equivalent) synthesize new page table from combined info Q: when does the hypervisor update the shadow page table? 31

  36. interlude: the TLB T ranslation L ookaside B ufger — cache for page table entries what the processor actually uses to do address translation with normal page tables has the same problem contents synthesized from the ‘normal’ page table processor needs to decide when to update it preview: hypervisor can use same solution 32

  37. 0x78A PPN=0xFF31, … 0x78A PPN=0xFF31, … Interlude: TLB (no virtualization) … VPN PTE 0x1 (invalid) 0x2 PPN=0x329C, … … … 0x234 PPN=0x4298, … PPN=0x1278, … 0x235 … … imitating this to fjll shadow page table (instead of TLB) in hypervisor (instead of CPU) fetch on page fault OS sets page table entry TLB not automatically sync’d OS explicitly invalidates … PPN=0x1278, … virtual PPN=0x1280, … address physical address page table TLB fetch entries on demand addr in VPN 0x234? VPN PTE 0x127 0x367 0x367 PPN=0x1278, … … … 0x234 missing VPN PTE 0x127 PPN=0x1280, … 0x234 PPN=0x4298, … 33

  38. 0x78A PPN=0xFF31, … Interlude: TLB (no virtualization) … VPN PTE 0x1 (invalid) 0x2 PPN=0x329C, … … … 0x234 PPN=0x4298, … 0x235 PPN=0x1278, … … … imitating this to fjll shadow page table (instead of TLB) in hypervisor (instead of CPU) fetch on page fault OS sets page table entry TLB not automatically sync’d OS explicitly invalidates … PPN=0x1278, … virtual PPN=0x1280, … address physical address page table TLB fetch entries on demand addr in VPN 0x234? VPN PTE 0x127 0x367 0x367 PPN=0x1278, … … … 0x234 missing VPN PTE 0x127 PPN=0x1280, … 0x234 PPN=0x4298, … 33 0x78A PPN=0xFF31, …

  39. Interlude: TLB (no virtualization) PPN=0x1278, … VPN PTE 0x1 (invalid) 0x2 PPN=0x329C, … … … 0x234 PPN=0x4298, … 0x235 … … … imitating this to fjll shadow page table (instead of TLB) in hypervisor (instead of CPU) fetch on page fault OS sets page table entry TLB not automatically sync’d OS explicitly invalidates … PPN=0x1278, … virtual 0x367 address physical address page table TLB fetch entries on demand addr in VPN 0x234? VPN PTE 0x127 PPN=0x1280, … PPN=0x1278, … … … 0x234 missing VPN PTE 0x127 PPN=0x1280, … 0x234 PPN=0x4298, … 0x367 33 0x78A PPN=0xFF31, … 0x78A PPN=0xFF31, …

  40. Interlude: TLB (no virtualization) PPN=0x1278, … VPN PTE 0x1 (invalid) 0x2 PPN=0x329C, … … … 0x234 PPN=0x4298, … 0x235 … … … imitating this to fjll shadow page table (instead of TLB) in hypervisor (instead of CPU) fetch on page fault OS sets page table entry TLB not automatically sync’d OS explicitly invalidates … PPN=0x1278, … virtual 0x367 address physical address page table TLB fetch entries on demand addr in VPN 0x234? VPN PTE 0x127 PPN=0x1280, … PPN=0x1278, … … … 0x234 missing VPN PTE 0x127 PPN=0x1280, … 0x234 PPN=0x4298, … 0x367 33 0x78A PPN=0xFF31, … 0x78A PPN=0xFF31, …

  41. Interlude: TLB (no virtualization) PPN=0x1278, … VPN PTE 0x1 (invalid) 0x2 PPN=0x329C, … … … 0x234 PPN=0x4298, … 0x235 … … … imitating this to fjll shadow page table (instead of TLB) in hypervisor (instead of CPU) fetch on page fault OS sets page table entry TLB not automatically sync’d OS explicitly invalidates … PPN=0x1278, … virtual 0x367 address physical address page table TLB fetch entries on demand addr in VPN 0x234? VPN PTE 0x127 PPN=0x1280, … PPN=0x1278, … … … 0x234 missing VPN PTE 0x127 PPN=0x1280, … 0x234 PPN=0x4298, … 0x367 33 0x78A PPN=0xFF31, … 0x78A PPN=0xFF31, …

  42. Interlude: TLB (no virtualization) PPN=0x1278, … VPN PTE 0x1 (invalid) 0x2 PPN=0x329C, … … … 0x234 PPN=0xFFFF, … 0x235 … … … imitating this to fjll shadow page table (instead of TLB) in hypervisor (instead of CPU) fetch on page fault OS sets page table entry TLB not automatically sync’d OS explicitly invalidates … PPN=0x1278, … virtual 0x367 address physical address page table TLB fetch entries on demand addr in VPN 0x234? VPN PTE 0x127 PPN=0x1280, … PPN=0x1278, … … … 0x234 missing VPN PTE 0x127 PPN=0x1280, … 0x234 PPN=0x4298, … 0x367 33 0x78A PPN=0xFF31, … 0x78A PPN=0xFF31, …

  43. Interlude: TLB (no virtualization) PPN=0x1278, … VPN PTE 0x1 (invalid) 0x2 PPN=0x329C, … … … 0x234 PPN=0xFFFF, … 0x235 … … … imitating this to fjll shadow page table (instead of TLB) in hypervisor (instead of CPU) fetch on page fault OS sets page table entry TLB not automatically sync’d OS explicitly invalidates … PPN=0x1278, … virtual 0x367 address physical address page table TLB fetch entries on demand addr in VPN 0x234? VPN PTE 0x127 PPN=0x1280, … PPN=0x1278, … … … 0x234 missing VPN PTE 0x127 PPN=0x1280, … 0x234 PPN=0x4298, … 0x367 33 0x78A PPN=0xFF31, … 0x78A PPN=0xFF31, …

  44. three page tables (revisited) hypervisor conversion TLB-fjxing instruction whenever guest OS runs hypervisor clears (part of) this to fjx up TLB runs privileged instruction when guest OS edits this page table shadow page table? virtual hypervisor page table guest address machine address physical address 34

  45. three page tables (revisited) hypervisor conversion TLB-fjxing instruction whenever guest OS runs hypervisor clears (part of) this to fjx up TLB runs privileged instruction when guest OS edits this page table shadow page table? virtual hypervisor page table guest address machine address physical address 34

  46. three page tables (revisited) hypervisor conversion TLB-fjxing instruction whenever guest OS runs hypervisor clears (part of) this to fjx up TLB runs privileged instruction when guest OS edits this page table shadow page table? virtual hypervisor page table guest address machine address physical address 34

  47. alternate view of shadow page table shadow page table is like a virtual TLB caches commonly used page table entries in guest entries need to be in shadow page table for instructions to run needs to be explicitly cleared by guest OS implicitly fjlled by hypervisor 35

  48. on TLB invalidation two major ways to invalidate TLB: when setting a new page table base pointer e.g. x86: mov ..., %cr3 when running an explicit invalidation instruction e.g. x86: invlpg hopefully, both privileged instructions 36

  49. nit: memory-mapped I/O recall: devices which act as ‘magic memory’ hypervisor needs to emulation keep corresponding pages invalid for trap+emulate page fault triggers instruction emulation instead 37

  50. page tables and kernel mode? guest OS can have kernel-only pages guest OS in pretend kernel mode shadow PTE: marked as user-mode accessible guest OS in pretend user mode shadow PTE: marked inaccessible 38

  51. four page tables? (1) virtual address physical address machine address guest page table hypervisor page table? shadow page table (pretend kernel mode) shadow page table (pretend user mode) 39

  52. four page tables? (2) one solution: pretend kernel and pretend user shadow page table alternative: clear page table on kernel/user switch neither seems great for overhead 40

  53. interlude: VM overhead some things much more expensive in a VM: I/O via priviliged instructions/memory mapping typical strategy: instruction emulation 41

  54. exercise: overhead? guest program makes read() system call guest OS switches to another program guest OS gets interrupt from keyboard guest OS switches back to original program, returns from syscall how many guest page table switches? how many (real/shadow) page table switches? 42

  55. tagged TLBs hardware sometimes includes “address space ID” in TLB entries helpful for normal OSes — faster context switching useful for hypervisor 43 address space ID ≈ process ID

  56. problem with fjlling on demand many OSes: invalidate entire TLB on context switch assumption: TLB only holds entries from one process so, rebuild shadow page table on each guest OS context switch? this is often unacceptably slow want to cache the shadow page tables problem: OS won’t tell you when it’s writing 44

  57. aside: tagged TLBs some TLBs support holding entries from multiple page tables entries “tagged” with page table they are from …but not x86 until pretty recently allows OSs to not invalidate entire TLB on context switch starting to be used by OSes would be really helpful for our virtual machine proposals lots of page table switches 45

  58. problem with fjlling on demand shadow page table when switching back to pid 1 …and repeat process again problem: slow refjlled as guest pid 2 runs all entries potentially invalid guest OS switches page tables only active page table contains only pid 1 data hypervisor conversion for pid 1 only page table? virtual hypervisor page table guest pid 2 page table guest pid 1 address machine address physical address 46

  59. problem with fjlling on demand shadow page table when switching back to pid 1 …and repeat process again problem: slow refjlled as guest pid 2 runs all entries potentially invalid guest OS switches page tables only active page table contains only pid 1 data hypervisor conversion for pid 1 only page table? virtual hypervisor page table guest pid 2 page table guest pid 1 address machine address physical address 46

  60. problem with fjlling on demand virtual when switching back to pid 1 …and repeat process again problem: slow refjlled as guest pid 2 runs all entries potentially invalid guest OS switches page tables only active page table contains only pid 1 data hypervisor conversion for pid 2 only for pid 1 only 46 shadow page table page table? hypervisor page table guest pid 2 page table guest pid 1 address machine address physical address ✭✭✭✭✭✭✭✭ ❤❤❤❤❤❤❤❤ ✭ ❤

  61. problem with fjlling on demand virtual when switching back to pid 1 …and repeat process again problem: slow refjlled as guest pid 2 runs all entries potentially invalid guest OS switches page tables only active page table contains only pid 1 data hypervisor conversion for pid 2 only for pid 1 only 46 shadow page table page table? hypervisor page table guest pid 2 page table guest pid 1 address machine address physical address ✭✭✭✭✭✭✭✭ ❤❤❤❤❤❤❤❤ ✭ ❤

  62. problem with fjlling on demand for pid 1 only when switching back to pid 1 …and repeat process again problem: slow refjlled as guest pid 2 runs all entries potentially invalid guest OS switches page tables only active page table contains only pid 1 data hypervisor conversion for pid 2 only virtual 46 shadow page table page table? hypervisor page table guest pid 2 page table guest pid 1 address machine address physical address ❤❤❤❤❤❤❤❤ ✭ ✭✭✭✭✭✭✭✭ ❤

  63. proactively maintaining page tables page table? not active hardware PT guest can update while even if not active hardware PT still needs to be updated only one active as hardware page table maintain multiple shadow PTs hypervisor conversion shadow page table for pid 2 shadow page table for pid 1 hypervisor virtual page table guest pid 2 page table guest pid 1 address machine address physical address 47

  64. proactively maintaining page tables page table? not active hardware PT guest can update while even if not active hardware PT still needs to be updated only one active as hardware page table maintain multiple shadow PTs hypervisor conversion shadow page table for pid 2 shadow page table for pid 1 hypervisor virtual page table guest pid 2 page table guest pid 1 address machine address physical address 47

  65. proactively maintaining page tables if tagged TLB: can use TLB invalidation instructions to know when to make changes otherwise, can still do this trick : track physical pages that are part of any page tables update list on page table base register write? update list while fjlling shadow page table on demand make sure marked read-only in shadow page tables (…even if not current active guest page tables) on write to page table: update shadow page table 48 use trap+emulate to handles writes to guest page tables

  66. pros/cons: proactive over on-demand pro: work with guest OSs that make assumptions about TLB size pro: maintain shadow page table for each guest process can avoid reconstructing each page table on each context switch pro: better fjt with tagged TLBs con: more instructions spent doing copy-on-write con: what happens when page table memory recycled? 49

  67. backup slides 50

  68. hardware hypervisor support Intel’s VT-x HW tracks whether a VM is running, how to run hypervisor new VMENTER instruction instruction switches page tables, sets program counter, etc. HW tracks value of guest OS registers as if running normally new VMEXIT interrupt — run hypervisor when VM needs to stop exits ‘VM is running mode’, switch to hypervisor 51

  69. hardware hypervsior support VMEXIT triggered regardless of user/kernel mode means guest OS kernel mode can’t do some things real I/O device, unhandled priviliged instruction, … partially confjgurable: what instructions cause VMEXIT reading page table base? writing page table base? … partially confjgurable: what exceptions cause VMEXIT otherwise: HW handles running guest OS exception handler instead no VMEXIT triggered? guest OS runs normally (in kernel mode!) 52

  70. HW help for VM page tables already avoided two shadow page tables: HW user/kernel mode now separate from hypervisor/guest but HW can help a lot more 53

  71. nested page tables hypervisor specifjes two page table base registers guest page table base — as physical address hypervisor page table base — as machine address guest page table contains physical (not machine) addresses hardware walks guest page table using hypervisor page table guest page table contains physical addresses hardware translates each physical page number to machine page number nested 2-level page tables: how many lookups? 54 virtual → physical → machine

  72. nested 2-level tables 2nd level Page Ofgset VPN pt 2 VPN pt 1 virtual addr address machine hypervisor guest 1st level hypervisor 2nd level guest 1st level guest base ptr 55

  73. non-virtualization instrs. assumption: priviliged operations cause exception instead and can keep memory mapped I/O to cause exception instead many instructions sets work this way x86 is not one of them 56

  74. some fmags are privileged! POPF POPF instruction: pop fmags from stack condition codes — CF , ZF , PF , SF , OF , etc. direction fmag ( DF ) — used by “string” instructions I/O privilege level ( IOPL ) interrupt enable fmag ( IF ) … popf silently doesn’t change them in user mode 57

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines: Virtual machine technology, often just called virtualization , makes one computer behave as several Running several operating systems simultaneously on

254 views • 10 slides
Virtual machines COMP 520 Fall 2012 Virtual machines (2) Compilation and execution modes of

Virtual machines COMP 520 Fall 2012 Virtual machines (2) Compilation and execution modes of

COMP 520 Fall 2012 Virtual machines (1) Virtual machines COMP 520 Fall 2012 Virtual machines (2) Compilation and execution modes of Virtual machines: Abstract syntax trees AOT-compile Interpreter Virtual machine code

662 views • 40 slides
Virtual Machines Tom Goff &amp; David Dufresne We have created virtual machines for both

Virtual Machines Tom Goff &amp; David Dufresne We have created virtual machines for both

Motivation for using Virtual Machines Tom Goff &amp; David Dufresne We have created virtual machines for both VirtualBox and Vmware Player. Both options are supported across several platforms, but experience says that some hardware plays

178 views • 5 slides
Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits?

Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits?

Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits? Virtualization Creation of an isomorphism that maps a virtual guest system to a real host: Maps guest state S to host state V(S) For any

271 views • 26 slides
Introduction to Virtual Machines Introduction Abstraction and interfaces Virtualization

Introduction to Virtual Machines Introduction Abstraction and interfaces Virtualization

Introduction to Virtual Machines Introduction Abstraction and interfaces Virtualization Computer system architecture Process virtual machines System virtual machines 1 EECS 768 Virtual Machines Abstraction Mechanism to

704 views • 31 slides
Virtual machines should be invisible (and might be augmented) Stephen Kell

Virtual machines should be invisible (and might be augmented) Stephen Kell

Virtual machines should be invisible (and might be augmented) Stephen Kell stephen.kell@cs.ox.ac.uk some joint work with Conrad Irwin (University of Cambridge) Virtual machines should be. . . p.1/37 Spot the virtual machine (1) Virtual

963 views • 40 slides
Virtual Machines Disclaimer: some slides are adopted from book authors slides with permission 1

Virtual Machines Disclaimer: some slides are adopted from book authors slides with permission 1

Virtual Machines Disclaimer: some slides are adopted from book authors slides with permission 1 Recap: Virtual Machines Enabling technology of cloud computing Basic idea: Provide machine abstractions 2 Recap: Virtual Machines

465 views • 23 slides
Virtual Machines Should Be Invisible Stephen Kell stephen.kell@cs.ox.ac.uk joint work with

Virtual Machines Should Be Invisible Stephen Kell stephen.kell@cs.ox.ac.uk joint work with

Virtual Machines Should Be Invisible Stephen Kell stephen.kell@cs.ox.ac.uk joint work with Conrad Irwin (University of Cambridge) Virtual machines should be. . . p.1/20 Spot the virtual machine (1) Virtual machines should be. . .

897 views • 20 slides
System Virtual Machines Introduction Key concepts Resource virtualization

System Virtual Machines Introduction Key concepts Resource virtualization

System Virtual Machines Introduction Key concepts Resource virtualization processors memory I/O devices Performance issues Applications EECS 768 Virtual Machines 1 Introduction System virtual machine

621 views • 38 slides
1 2 The first set of slides will introduce the basics of virtualization and virtual machines.

1 2 The first set of slides will introduce the basics of virtualization and virtual machines.

So we will start the course with an introduction on virtual machines. 1 2 The first set of slides will introduce the basics of virtualization and virtual machines. Many of these concepts should be familiar to students from other classes,

487 views • 47 slides
Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives

Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives

Virtual Machines &amp; Security Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives the illusion of a real machine VMM/Hypervisor: host software which provides this capability Pioneered by IBM

75 views • 5 slides
CHAPTER 3: Virtual Machines and Virtualization of Clusters and Data Centers Presented by Faramarz

CHAPTER 3: Virtual Machines and Virtualization of Clusters and Data Centers Presented by Faramarz

CHAPTER 3: Virtual Machines and Virtualization of Clusters and Data Centers Presented by Faramarz Safi (Ph.D.) Islamic Azad University, Najafabad Branch 1 SUMMARY The reincarnation of virtual machines (VMs) presents a great opportunity for

849 views • 81 slides
Dynamic, Metamorphic (and opensource) Virtual Machines A. Desnos ESIEA - Operational Cryptology

Dynamic, Metamorphic (and opensource) Virtual Machines A. Desnos ESIEA - Operational Cryptology

Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Dynamic, Metamorphic (and opensource) Virtual Machines A. Desnos ESIEA - Operational Cryptology and Virology Laboratory (CVO) 38 rue des Dr Calmette et Gurin,

1.21k views • 75 slides
Introduction to Virtual Machines Michael Jantz Acknowledgements Slides adapted from Chapter 1

Introduction to Virtual Machines Michael Jantz Acknowledgements Slides adapted from Chapter 1

Introduction to Virtual Machines Michael Jantz Acknowledgements Slides adapted from Chapter 1 in Virtual Machines: Versatile Platforms for Systems and Processes by James E. Smith and Ravi Nair Credit to Prasad A. Kulkarni some slides

698 views • 33 slides
Virtual Machines What is a Virtual Machine? Java Virtual Machine (Application Virtualization)

Virtual Machines What is a Virtual Machine? Java Virtual Machine (Application Virtualization)

Virtual Machines What is a Virtual Machine? Java Virtual Machine (Application Virtualization) Software to simulate hardware Independent Separate Use one piece of hardware to simulate many computers Topics What are

519 views • 22 slides
Virtual Machines for ROC: Initial Impressions Pete Broadwell pbwell@cs.berkeley.edu Talk

Virtual Machines for ROC: Initial Impressions Pete Broadwell pbwell@cs.berkeley.edu Talk

Virtual Machines for ROC: Initial Impressions Pete Broadwell pbwell@cs.berkeley.edu Talk Outline 1. Virtual Machines &amp; ROC: Common Paths 2. Quick Review of VMware Terminology 3. Case Study: Using VMware for Fault Insertion 4. Future

364 views • 22 slides
Hypervisors Credits: P. Chaganti Xen Virtualization A practical handbook D.

Hypervisors Credits: P. Chaganti Xen Virtualization A practical handbook D.

Introduction Hypervisors Credits: P. Chaganti Xen Virtualization A practical handbook D. Chisnall The definitive guide to Xen Hypervisor G. Kesden Lect. 25 CS 15-440 G. Heiser UNSW/NICTA/OKL Agenda

113 views • 9 slides
TECH PREVIEW: STORMAGIC SvSAN 6.2 UPDATE 2 Mark Christie , Technical Services Director, StorMagic

TECH PREVIEW: STORMAGIC SvSAN 6.2 UPDATE 2 Mark Christie , Technical Services Director, StorMagic

2019 2019 TECH PREVIEW: STORMAGIC SvSAN 6.2 UPDATE 2 Mark Christie , Technical Services Director, StorMagic MAKING THE COMPLEX SIMPLE MAKING THE COMPLEX SIMPLE CONFIDENTIAL CONFIDENTIAL StorMagic: MAKING THE COMPLEX SIMPLE Storage software -

302 views • 12 slides
Improving Performance and Cost in a Hyperconnected World

Improving Performance and Cost in a Hyperconnected World

Improving Performance and Cost in a Hyperconnected World Georgios Smaragdakis Th The New Internet Google, Akamai, NeJlix Amazon, Global Transit / &quot;Hyper

415 views • 24 slides
Multicolor Hypergraph Containers Victor Falgas-Ravry 1 Kelly OConnell 2 Johanna Strmberg 3

Multicolor Hypergraph Containers Victor Falgas-Ravry 1 Kelly OConnell 2 Johanna Strmberg 3

Background and previous results Our results Summary Multicolor Hypergraph Containers Victor Falgas-Ravry 1 Kelly OConnell 2 Johanna Strmberg 3 Andrew J. Uzzell 4 1 Ume University 2 Vanderbilt University 3 Uppsala University 4 University of

740 views • 55 slides
Gravity-SPHINCS First PQC Standardization Conference Jean-Philippe Aumasson 1 , Guillaume

Gravity-SPHINCS First PQC Standardization Conference Jean-Philippe Aumasson 1 , Guillaume

Gravity-SPHINCS First PQC Standardization Conference Jean-Philippe Aumasson 1 , Guillaume Endignoux 2 Wednesday 11 th April, 2018 1 Kudelski Security 2 Work done while at Kudelski Security and EPFL 1 Introduction: SPHINCS Hash-based signatures

725 views • 35 slides
Co-degree Density of Hypergraphs Yi Zhao Dept. of Mathematics, Statistics, and Computer Science

Co-degree Density of Hypergraphs Yi Zhao Dept. of Mathematics, Statistics, and Computer Science

+ + Co-degree Density of Hypergraphs Yi Zhao Dept. of Mathematics, Statistics, and Computer Science University of Illinois at Chicago Joint Work with Dhruv Mubayi + 1 Extremal (Hyper)graph Problems Study the max/min value of a function

328 views • 18 slides
Developments on higher levels of the substructural hierarchy Nick Galatos University of Denver

Developments on higher levels of the substructural hierarchy Nick Galatos University of Denver

Developments on higher levels of the substructural hierarchy Nick Galatos University of Denver ngalatos@du.edu August, 2013 Nick Galatos, BLAST, August 2013 Developments on higher levels of the substructural hierarchy 1 / 20 Residuated

908 views • 69 slides
The Hypergraph Network Simplex Algorithm &amp; Railway Optimization Ralf Borndrfer joint work

The Hypergraph Network Simplex Algorithm &amp; Railway Optimization Ralf Borndrfer joint work

The Hypergraph Network Simplex Algorithm &amp; Railway Optimization Ralf Borndrfer joint work with Isabel Beckenbach and Markus Reuther 4th ISM-ZIB-IMI MODAL Workshop on Mathematical Optimization and Data Analysis Tokyo, ISM, 27.03.2019

1.17k views • 74 slides

More recommend