1 / 83

虛擬化技術 Virtualization Technique

虛擬化技術 Virtualization Technique. Hardware Support Virtualization ARM’s Virtualization Extension. Agenda. Review on system virtualization Definition of Virtual Machine Monitor Problems when we try to implement VMM Software solution Hardware solution Overview of ARM architecture

sheri
Download Presentation

虛擬化技術 Virtualization Technique

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. 虛擬化技術VirtualizationTechnique HardwareSupportVirtualization ARM’sVirtualizationExtension

  2. Agenda • Reviewonsystemvirtualization • DefinitionofVirtualMachineMonitor • ProblemswhenwetrytoimplementVMM • Softwaresolution • Hardwaresolution • Overview ofARMarchitecture • BriefintroductionofARMarchitecture • SecurityExtension • VirtualizationExtension

  3. Agenda • SupportforCPUvirtualization • SupportforSensitiveInstruction • Native-run • Emulationsupport • SupportformultipleVectorTable • VectorTableBaseAddressRegisters • HypervisorCall • Newentry(0x14)onvectortable

  4. Agenda • SupportforMemoryvirtualization • IntermediatePhysicalAddress • VMID • SupportforI/Ovirtualization • VirtualGIC • Casestudy:CitrixXenforARMCortex-A15

  5. Reviewonsystemvirtualization

  6. DefinitionofVMM • A virtual machine monitor can be constructed if the set of sensitive instructions is a subset of the set of privileged instructions • Proof shows • Equivalence • by interpreting privileged instructions and executing remaining instructions natively • Resource control • by having all instructions that change resources trap to the VMM • Efficiency • by executing all non-privileged instructions directly on hardware • A key aspect of the theorem is that it is easy to check

  7. Implement models of VMM Type-I Type-II

  8. Problemsinimplementation • CPU virtualization • Non-virtualizable CPU • Vector table issue • Memory virtualization • Translation from GVA to HPA • I/O virtualization • Emulate various I/O devices

  9. Software Solution • CPU virtualization • Non-virtualizableCPU • → Patch GOS / Dynamic Binary Translation • Vector table issue • → Modify host’s VT to deliver interrupts to host or guests • Memory virtualization • Translation from GVA to HPA • → Implement by software and save the translated result in Shadow Page Table • I/O virtualization • Emulate various I/O devices • → Emulated by Software (like QEMU)

  10. Disadvantage of software solution • CPU virtualization • Patch GOS • → You need source code. It’s non-portable. • Dynamic Binary Translation • → Slowdowntheperformanceonruntime • Vector table issue • → Difficult to route interrupts to hypervisor and many GOSs • Memory virtualization • Translation from GVA to HPA • → Waste time when generating to translation result • I/O virtualization • Emulate various I/O devices • → Quite slow when emulating I/O devices • → I/O devices are too diversitytocoverallofthem

  11. Hardware solution • CPU virtualization • Non-virtualizable CPU • → LetCPUbecomevirtualizable • Vector table issue • → Withdifferentregistersforhypervisorandguest. • Memory virtualization • Translation from GVA to HPA • → TranslateVA-IPA-PAbyMMUratherthansoftware • I/O virtualization • Emulate various I/O devices • →DirectlyI/Oaccess

  12. OverviewOFARMarchitecture

  13. Brief introduction of ARM architecture

  14. ARMarchitecture • ARM architecture is a well-known CPU architecture in embedded system, mobile devices, and low-power consumption devices. • Unlike other CPU venders, ARM doesn’t produce and ship their own chip. ARM license their IP to other SoC design house and let them to combine ARM CPU Core with their other chips. • ARM also allow SoC design house to change CPU’s ISA in their chips.

  15. RoadmapofARM’sCPUs • ARMv4 • ARM7: Without MMU • ARMv5 • ARM9: With MMU • ARMv6 • ARM11: With MPCore support

  16. RoadmapofARM’sCPUs • ARMv7 • With security extension, but without virtualization extension • Cortex-A8 • Cortex-A9 / Cortex-A5 • With security and virtualization extension, with LPAE • Cortex-A15 / Cortex-A7 (with big-LITTLE support) • ARMv8 • 64-bit support • Cortex-A57 / Cortex-A53 (aka. Cortex-A50 series)

  17. TraditionalARMarchitecture PrivilegeLevel0 PrivilegeLevel1 ARM11 (ARMv6)

  18. TraditionalARMarchitecture • Privilege Level 0: • User mode • Privilege Level 1: • System mode • IRQ mode • FIQ mode • Undefined mode • Supervisor mode • Abort mode

  19. Overview:SecurityExtension

  20. SecurityExtension • SecurityExtension,a.k.a.Trust-Zone,isasystem-wide approach to security on high performance computing platforms for a huge array of applications including secure payment, digital rights management (DRM), enterprise and web-based services. • Securityextensioncanmaketrustedapplicationrunningonsecurestateandnon-trustedapplicationrunningonnon-securestate. • WhenyouareintheNon-SecureState,youcannotaccessthememorywhichisallocatedforSecureState • IthasbeenintroducedsincefromARMCortex-A8

  21. SecurityExtension Non-SecureState SecureState Normal App Normal App Normal App Phone SMS Non-SecureOS (ex:Linux) SecureOS (ex:RTOS) Monitor ARMCortex-A8andbeyond

  22. PrivilegeLevelofSecurityExtension • SecuredappsandsecuredOSrunsonsecurestate • MonitorrunsonmonitormodewhichisonPrivilegeLevel1ofSecureState(SecureStatePL1). • SecuredOSrunsonPrivilegeLevel1ofSecureState(SecureStatePL1). • SecuredappsrunonPrivilegeLevel0ofSecureState(SecureStatePL0).

  23. PrivilegeLevelofSecurityExtension • NormalappsandnormalOSrunsonnon-securestate • Normalapps(e.g.Angry-Bird,Browser,…)runonPrivilegeLevel0ofNon-SecureState(Non-SecurePL0). • NormalOS(e.g.Linux)runsonPrivilegeLevel1ofNon-SecureState(Non-SecurePL1).

  24. PrivilegeLevelofSecurityExtension • [Note]PrivilegeLevelinARMarchitecture • InARMarchitecture,whenthenumberofprivilegelevelishighermeansthatithasmoreprivilegetoaccesshardwareresource.

  25. PrivilegeLevelofSecurityExtension Non-SecureState SecureState PrivilegeLevel0ofNon-SecureState PrivilegeLevel0ofSecureState PrivilegeLevel1ofNon-SecureState PrivilegeLevel1ofSecureState Monitormode ARMCortex-A8andbeyond

  26. Overview:VirtualizationExtension

  27. VirtualizationExtension • VirtualizationextensionisthehardwaresupportforvirtualizationonARMarchitecture. • FromARMCortex-A15andbeyond,ARMarchitecturesareincludingvirtualizationextension. • Wecanconsiderthatvirtualizationextensionextendssecurityextensionforvirtualization. • Virtualizationextensionincludesthreemajorparts: • CPUvirtualizationextension • Memoryvirtualizationextension • I/Ovirtualizationextension

  28. VirtualizationExtension • InCPUvirtualizationextension,ARMaddsanewmodeandanewPrivilegeLevel.Itcalls“Hypmode”whichisrunningonNon-SecurePrivilegeLevel2. • InMemoryvirtualizationextension,ARMadds“IntermediatePhysicalAddress”,letGuestOScannotaccessphysicaladdressdirectly. • InI/Ovirtualizationextension,ARMadds“VirtualGenericInterruptController”interfacetodeliverinterruptinmorefasterway.

  29. PrivilegeLevelofVirtualizationExtension Non-SecureState SecureState PrivilegeLevel0ofNon-SecureState PrivilegeLevel0ofSecureState PrivilegeLevel1ofNon-SecureState PrivilegeLevel1ofSecureState PrivilegeLevel2ofNon-SecureState Monitormode ARMCortex-A15andbeyond

  30. SupportforSensitiveInstruction SupportformultipleVectortable Hypervisorcall SupportforCpuvirtualization

  31. CPUvirtualizationextension • ItletsGuestOSrunonNon-SecurePrivilegeLevel1andNon-SecurePrivilegeLevel0. • KernelofGuestOSrunsonNon-SecurePL1. • UserspaceofGuestOSrunsonNon-SecurePL0. • Itallowsthatmostof(notallofthem)sensitiveinstructionscannative-runonNon-SecurePL1withouttrap-and-emulation. • Therearestillsomeofsensitiveinstructionwhichneed“trap-and-emulation”.WhentheseinstructionsexecuteonNon-SecurePL1,itwillbetrappedintoHypmode(inNon-SecurePL2).

  32. PrivilegeLevelofVirtualizationExtension Non-SecureState SecureState PrivilegeLevel0ofNon-SecureState PrivilegeLevel0ofSecureState PrivilegeLevel1ofNon-SecureState PrivilegeLevel1ofSecureState PrivilegeLevel2ofNon-SecureState Monitormode ARMCortex-A15

  33. CPU virtualization SecureState Non-SecureState App App App App App App RT App RT App PL0 Guest OS 1 Guest OS 2 RTOS PL1 Hypervisor PL2 Monitormode ARMCortex-A15

  34. Hyp mode • ThereisonlyonemodeinNon-SecurePrivilegeLevel2. • ThatisHypmode • HypmodehasitsownSP,SPSR,ELRregister • Mostofcriticalfeatureofhardware-assistantCPUvirtualizationisexecutedinHypmode.

  35. Hyp mode Reference:” ARM® Architecture Reference ManualARMv7-A and ARMv7-R edition ”page:B1-1139

  36. Hyp mode • Hyp mode is off in default. IfHypmodeisoff,allvirtualizationextensionwillbesetoff. • If you want to open Hyp mode, you have to use secure software(ex: Bootloader) running on secure state turn the Hyp mode on.

  37. Hyp mode is different with x86’s VT-x • In VT-x of x86 architecture, “root-mode” is orthogonal to x86 rings. • However, in ARM’s virtualization extension, Hyp mode is one mode of all modes in ARM architecture. • ARM’s hyp mode is strictly more privileged than the existing kernel modes. ARM requires the hypervisor to save guest register state, while on x86 this is done automatically by hardware. • Ref: Prashant Varanasi,GernotHeiser,“Hardware-Supported Virtualization on ARM”,APSys2011

  38. Instructionemulation • Therearestillsomeinstructionswhichcannotexecutenatively. • GuestOS’sLoad/StorePTR • Theinstruction’sbehaviorwilleffectotherGuestOS • Invirtualizationextension,they will be trapped into hypervisor automatically when you execute these instructions on Non-Secure Privilege Level 1 • There is NO necessary to patch guest OS for adding hypercall before executing a critical instructions because it will be trapped by hardware automatically.

  39. Instructionemulation • WhensomeinstructionistrappedtoHypmode,thehardwarewillalsopreservesomeinformationon“HypervisorSyndromeRegister”(HSR)whichisalsoapartofvirtualizationextensionPTR • WiththehelpofHSR,thehypervisorcanknowtheentryreasonandemulateit. • Inthepast,hypervisorstillneedtheseinformation.Inordertogettheseinformation,hypervisordesignerhavetosomesoftwarewaytogettheseinformation. • Withtheassistancefromhardware,hypervisorcangettheseinformationmoreeasierandmorefaster.

  40. SupportforSensitiveInstruction SupportformultipleVectortable Hypervisorcall SupportforCpuvirtualization

  41. VectortableforMonitormode • InSecurityExtension,ARMprovidestwovectortable.Oneofthemistheoriginalone.Anotheroneisprovided for the monitor mode. • The baseaddress of monitor mode’s vector table is saved in MVBAR(Monitor Vector Base Address Register) • OnlyaccessibleinMonitormode • Whenbooting,softwarehavetosetMonitormode’svectortableinMonitormode.

  42. VectortableforHypmode • In Virtualization Extension, ARMprovidesdifferentvectortableforHypervisor. • ThebaseaddressofHypmode’svectortableissavedinHVBAR(HypervisorVectorBaseAddressRegister) • OnlyaccessibleinMonitormodeandHypmode • Whenbooting,softwarehavetosetHypmode’svectortableinMonitormode.

  43. VectortableforGuestOSes • In Virtualization Extension, ARMprovidesa register to save the vectortablebaseaddressofGuestOS(whichisrunningonNon-SecurePL0/1). • ThebaseaddressofNon-Secure PL0/1’s vectortableissavedinVBAR(VectorBaseAddressRegister) • VBAR saves the base address of Non-Secure PL0/1’s vector table.

  44. Overview of Vector Tables of all modes Non-SecureState SecureState PrivilegeLevel0ofNon-SecureState PrivilegeLevel0ofSecureState VT for Non-Secure PL0&1 VT for Secure PL0&1 PrivilegeLevel1ofNon-SecureState PrivilegeLevel1ofSecureState Hyp mode VT for Hyp mode Monmode VT for Mon. mode ARMCortex-A15

  45. SupportforSensitiveInstruction SupportformultipleVectortable Hypervisorcall SupportforCpuvirtualization

  46. Background:SVCfornormalOS • BeforeweintroduceHypervisorCall(HVC),weshouldrecallsomeknowledgeaboutSupervisorCall(SVC)innormalOS. • In previous microarchitecture version of ARM, it is called Software Interrupt(SWI). • SupervisorCallisainstructionwhichcantriggerasoftwareinterrupt. Iftheprogramexecute“svc”in the user space (Privilege Level 0), the processor will move into the vector stub of SVC which is in the kernel space • SVC is a way to actively trigger event to enter the supervisor mode from user mode.

  47. HowdoesSVCwork?

  48. Virtual Memory Address CPU mode: Supervisor Mode svc_handler: … … … Kernel Space Vector Table b svc_handler User Space CPU mode: User Mode … svc #0x190 … PC

  49. WhatisHVC? • HVC, a.k.a. Hypervisor Call, is a instruction which will actively trigger event to enter Hyp mode(Non-Secure PL2) from Guest OS(Non-Secure PL1). • The relationship between Guest OS and Hypervisor in HVC is the same as the relationship between User-space and Kernel-space in SVC. • In vector table, the interrupt from HVC will be taken into the 0x14 vector stub. • WiththehelpofHVC,hypervisordesignercanbeeasilytoimplement“Hypercall”

  50. VectorstubofHVC Vector Table without virtualization extension Vector Table with virtualization extension

More Related