x86 Virtualization Hardware/Software Techniques Host/Guest - - PowerPoint PPT Presentation

x86 virtualization
SMART_READER_LITE
LIVE PREVIEW

x86 Virtualization Hardware/Software Techniques Host/Guest - - PowerPoint PPT Presentation

Jan 06, 2024 233 likes •565 views

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 x86 Virtualization Hardware/Software Techniques Host/Guest Communication Corentin Derbois Marc Angel corentin@lse.epita.fr null@lse.epita.fr http://lse.epita.fr/ July

slide-1
SLIDE 1

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques Host/Guest Communication

x86 Virtualization

Corentin Derbois Marc Angel

corentin@lse.epita.fr null@lse.epita.fr http://lse.epita.fr/

July 17, 2013

slide-2
SLIDE 2

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques Host/Guest Communication

1 Virtualization 101 2 Hardware/Software Techniques 3 Host/Guest Communication

slide-3
SLIDE 3

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101

What Why How

Hardware/Software Techniques Host/Guest Communication

What?

  • Single computer, multiple OSs
  • Hardware-level virtualization
  • As opposed to OS-level virtualization
  • LXC, OpenVZ, FreeBSD jails. . .
slide-4
SLIDE 4

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101

What Why How

Hardware/Software Techniques Host/Guest Communication

Why?

  • Kernel Debugging
  • Money
  • Flexibility
  • . . .
slide-5
SLIDE 5

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101

What Why How

Hardware/Software Techniques Host/Guest Communication

How?

  • Popek and Goldberg requirements
  • Fidelity
  • Safety
  • Performance
  • Binary Translation
  • VMware, VirtualBox, KQEMU
  • Paravirtualization
  • Xen
  • Full Virtualization
  • KVM, VMware, VirtualBox, Xen. . .
slide-6
SLIDE 6

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques

Instruction Set Virt. Memory Virtualization I/O Virtualization

Host/Guest Communication

Instruction Set Virtualization

  • Run the VMM at a higher level of privilege
  • trap-and-emulate
  • Sensitive instructions yield control to ring 0
  • The VMM emulates them
  • Some instructions do not trap (popf, sidt. . . )
  • 17 of those
slide-7
SLIDE 7

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques

Instruction Set Virt. Memory Virtualization I/O Virtualization

Host/Guest Communication

Software: Binary Translation

  • Replace critical instructions with traps
  • Let the VMM emulate them
  • Run userland code “as is”
  • Need to emulate syscalls
slide-8
SLIDE 8

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques

Instruction Set Virt. Memory Virtualization I/O Virtualization

Host/Guest Communication

Software: Paravirtualization

slide-9
SLIDE 9

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques

Instruction Set Virt. Memory Virtualization I/O Virtualization

Host/Guest Communication

Intel & AMD Hardware Solution

  • VT-x and AMD-v
  • One ring to rule them all
  • new set of instructions at ring -1
  • Guest OS goes back to ring 0
slide-10
SLIDE 10

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques

Instruction Set Virt. Memory Virtualization I/O Virtualization

Host/Guest Communication

Intel: VMX

slide-11
SLIDE 11

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques

Instruction Set Virt. Memory Virtualization I/O Virtualization

Host/Guest Communication

AMD: SVM

slide-12
SLIDE 12

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques

Instruction Set Virt. Memory Virtualization I/O Virtualization

Host/Guest Communication

Intel & AMD Hardware Solution

  • Add protection to specific instructions
  • CPUID
  • LGDT
  • . . .
  • Two ways to handle critical instructions
  • Trigger VMEXIT
  • Let the processor handle them directly
slide-13
SLIDE 13

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques

Instruction Set Virt. Memory Virtualization I/O Virtualization

Host/Guest Communication

Hardware: VMEXIT & native

  • Processor data are stored in specific data structures
  • AMD: VMCB
  • Intel: VMCS
  • Store to CRx, GDT, selectors. . .
slide-14
SLIDE 14

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques

Instruction Set Virt. Memory Virtualization I/O Virtualization

Host/Guest Communication

Hardware: VMEXIT & native

  • Some behaviors can’t be automatically handled by the

CPU

  • I/O
  • CPUID
  • PageFault
  • In this case, a VMEXIT is triggered to ask the host OS

to emulate them

slide-15
SLIDE 15

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques

Instruction Set Virt. Memory Virtualization I/O Virtualization

Host/Guest Communication

MMU Virtualization

  • Three levels of memory
  • Guest virtual address space
  • Guest physical address space
  • VMM physical memory
slide-16
SLIDE 16

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques

Instruction Set Virt. Memory Virtualization I/O Virtualization

Host/Guest Communication

Software: Shadow Page Tables

slide-17
SLIDE 17

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques

Instruction Set Virt. Memory Virtualization I/O Virtualization

Host/Guest Communication

Hardware: Intel EPT, AMD RVI

slide-18
SLIDE 18

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques

Instruction Set Virt. Memory Virtualization I/O Virtualization

Host/Guest Communication

I/O Virtualization

slide-19
SLIDE 19

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques

Instruction Set Virt. Memory Virtualization I/O Virtualization

Host/Guest Communication

IOMMU

slide-20
SLIDE 20

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques Host/Guest Communication

CPUID I/O Ports PCI Virtio

CPUID

  • Triggers VMEXIT
  • Offers a decent interface for Question/Answer
  • Static
  • Xen
  • CPUID is overwritable in PVM
  • Can get specific value from Xen
slide-21
SLIDE 21

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques Host/Guest Communication

CPUID I/O Ports PCI Virtio

I/O Ports

  • Triggers VMEXIT
  • Offers a large choice to make I/O requests
  • Dynamic discussion at each VMEXIT
  • VMware
  • Port: 0x5658
  • Can get lots of information:
  • Processor Speed
  • VMware version
  • Memory size
  • . . .
slide-22
SLIDE 22

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques Host/Guest Communication

CPUID I/O Ports PCI Virtio

PCI

  • PCI offers a decent interface to communicate
  • Some HVM use it to make their video driver and do

some communication

  • Mainly for Desktop drivers
  • VirtualBox
  • BEEF -> video driver
  • CAFE -> some other driver
  • VMware
  • PCI driver for SVGA monitor
slide-23
SLIDE 23

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques Host/Guest Communication

CPUID I/O Ports PCI Virtio

Virtio

  • A common framework for I/O virtualization for

hypervisors

  • Main I/O virtualization platform in KVM
  • High performance
slide-24
SLIDE 24

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques Host/Guest Communication

CPUID I/O Ports PCI Virtio

Virtio Architecture

slide-25
SLIDE 25

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques Host/Guest Communication

CPUID I/O Ports PCI Virtio

Supported Devices

  • Network
  • Block
  • Console
  • Entropy
  • Balloon
  • Rpmsg
  • SCSI Host
slide-26
SLIDE 26

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques Host/Guest Communication

CPUID I/O Ports PCI Virtio

Virtio Devices

  • Presented by the host as a regular PCI device
  • Vendor ID: 0x1AF4 (Qumranet)
  • Device ID for each type of device
  • Configuration header at the start of the BAR
  • Memory mapped header for embedded devices without

PCI support

slide-27
SLIDE 27

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques Host/Guest Communication

CPUID I/O Ports PCI Virtio

Virtio PCI Header

Can be followed by device specific headers:

  • MAC addresses for network devices
  • Other information for block devices

(cylinder/head/sector counts. . . )

slide-28
SLIDE 28

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques Host/Guest Communication

CPUID I/O Ports PCI Virtio

Virtio PCI Device Init

1 RESET 2 ACKNOWLEDGE

  • Valid virtio PCI device

3 DRIVER

  • We know how to use the device

4 DRIVER OK

  • Virtqueue configuration
  • Feature exchange
slide-29
SLIDE 29

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques Host/Guest Communication

CPUID I/O Ports PCI Virtio

Virtqueues

  • 0 or more virtqueues per devices
  • Spans 2 pages
slide-30
SLIDE 30

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques Host/Guest Communication

Conclusion

Conclusion

slide-31
SLIDE 31

x86 Virtualization Corentin Derbois, Marc Angel Virtualization 101 Hardware/Software Techniques Host/Guest Communication

Questions?

Thank you