More Related Content Similar to 第二回Bitvisor読書会 前半 Intel-VT について (20) More from Tsuyoshi OZAWA (10) 第二回Bitvisor読書会 前半 Intel-VT について2. • x86
• x86 IO
• Intel-VT
• Intel-VT
2009 10 7 2
4. x86
( )
Ring3 = User Mode
Ring2
Ring1
(0 )
Ring0
Kernel Mode OS Ring 0
Ring 3
2009 10 7 4
6. Ring3 Ring0
Ring3
Ring2
Ring1
Ring0
Kernel Mode
User Mode
2009 10 7 6
7. Ring3 Ring0
Ring3
Ring2 out
Ring1
Ring0
Kernel Mode
User Mode
2009 10 7 6
8. Ring3 Ring0
Ring3
Ring2 out
Ring1
Ring0
Kernel Mode
( )
User Mode
2009 10 7 6
9. Ring3 Ring0
Ring3
Ring2
out
Ring1
Ring0
Kernel Mode
User Mode
2009 10 7 7
10. Ring3 Ring0
Ring3
Ring2
out
Ring1
Ring0
Kernel Mode
User Mode
2009 10 7 8
12. x86 IO
• Memory Mapped IO
•
• IO Mapped IO
• IO
2009 10 7 10
13. MMIO
Kernel Memory
Mapped IO
mov %eax,(%ebx)
Physical memory
2009 10 7 11
14. MMIO
•
• Datasheet
Intel G35 Express Chipset
http://support.intel.co.jp/design/chipsets/
datashts/317607.htm
2009 10 7 12
15. MMIO
•
• Datasheet
Intel G35 Express Chipset
http://support.intel.co.jp/design/chipsets/
datashts/317607.htm
2009 10 7 12
16. IO mapped IO
Memory
address
space
Kernel
IO
address
space
outw %ax,$0xECDF
Physical memory
2009 10 7 13
17. IO mapped IO
• 0x0000 - 0xFFFF 16
IO
•
0x0000
IO
• IO
address
TSS(Task State Segment) space
0xFFFF
2009 10 7 14
19. Intel-VT
1.
2.( )VM
CPU
2009 10 7 16
21. Kernel Kernel
Mode Mode
Hypervisor on Guest OS os CPU
2009 10 7 18
22. Kernel Kernel
Mode Mode
Hypervisor on Guest OS os CPU
2009 10 7 18
23. Kernel Kernel
Mode Mode
Hypervisor on Guest OS os CPU
2009 10 7 18
24. Kernel Kernel
Mode Mode
Hypervisor on Guest OS os CPU
2009 10 7 19
25. Kernel Kernel
Mode Mode
Hypervisor on Guest OS os CPU
2009 10 7 19
26. Kernel Kernel
Mode Mode
Hypervisor on Guest OS os CPU
2009 10 7 19
27. Kernel Kernel
Mode Mode
Hypervisor on Guest OS os CPU
2009 10 7 20
28. Kernel Kernel
Mode Mode
Hypervisor on Guest OS os CPU
2009 10 7 20
29. Kernel Kernel
Mode Mode
Hypervisor on Guest OS os CPU
2009 10 7 20
30. Kernel Kernel
Mode Mode
Hypervisor on Guest OS os CPU
2009 10 7 21
31. Kernel Kernel
Mode Mode
Hypervisor on Guest OS os CPU
2009 10 7 21
33. Xen VMWare
Ring3
Ring2
Ring1 = Guest Kerel
Ring0
HyperVisor
OS
2009 10 7 23
34. Xen VMWare
Ring 1 Ring 2 Ring 1
Kernel Kernel
Mode Mode
Hypervirsor on Guest kernel on CPU
2009 10 7 24
36. Intel-VT
Kernel Kernel
Mode Mode
Hypervirsor on Guest kernel on CPU
2009 10 7 26
37. Intel-VT
Guest OS
Kernel Kernel
Mode Mode
Hypervirsor on Guest kernel on CPU
2009 10 7 27
38. Intel-VT
CPU .
Kernel Kernel
Mode Mode
Hypervirsor on Guest kernel on CPU
2009 10 7 28
39. Intel-VT
VMX Root Mode
Kernel Kernel
Mode Mode
Hypervirsor on Guest kernel on CPU
2009 10 7 29
40. VMX Root Mode
VMXON
Kernel .
Mode
A20
VT
Hypervirsor on
2009 10 7 30
41. VMX Root Mode
VMXOFF
Kernel
Mode VT .
VT
Hypervirsor on
2009 10 7 31
42. Intel-VT
VMX non Root Mode
Kernel Kernel
Mode Mode
Hypervirsor on Guest kernel on CPU
2009 10 7 32
43. Intel-VT
VMX non Root Mode
Kernel Kernel
Mode Mode
VMEntry
Hypervirsor on Guest kernel on CPU
2009 10 7 32
44. VMEntry
VMLAUNCH
VMRESUME
VMX non Root Mode
2009 10 7 33
45. VMLAUNCH
VMRESUME
1.
•Host State ( )
2.VMX non Root
( )Host State Intel
2009 10 7 34
46. Host State ?
•
• CR0,CR3,CR4
• DR7
• RSP, RIP
• (CS,SS,DS,ES,FS,GS)
•
(FS,GS,TR,IDTR)
2009 10 7 35
47. Host State
?
• OS OS
• Hypervisor
OS
2009 10 7 36
48. ?
• VMCS(Virtual Machine Control Structure)
• 4KB 0 byte
revison
4 byte
• 4KB VMX-abort indicator
8 byte
VMCS Data
2009 10 7 37
49. VMCS
0 byte
VMCS revison identifier VMCS .
4 byte
VMX-abort indicator CPU VMCS
8 byte
VMCS Data
(
)
2009 10 7 38
50. VMCS
0 byte
VMCS revison identifier
4 byte
VMX-abort indicator
8 byte
abort
VMCS Data abort
2009 10 7 39
51. VMCS
0 byte
VMCS revison identifier
4 byte
VMX-abort indicator
8 byte
VMCS Data
Host State VMCS Data
2009 10 7 40
52. VMCS
Guest
Visible
Area
Kernel Kernel
Memory
Mode Mode
VMCS
Hypervirsor on
2009 10 7 41
53. VMCS
Guest
Visible
Area
Kernel Kernel
Memory
Mode Mode
VMCS
Hypervirsor on
2009 10 7 41
54. •
• RAX,RBX,RCX...
• -
• CR2
• Shadow Paging
• etc..
2009 10 7 42
55. •
• RAX,RBX,RCX...
• -
• CR2
• Shadow Paging
• etc..
(RIP )
2009 10 7 42
56. Intel-VT
VMExit
Kernel Kernel
Mode Mode
Hypervirsor on Guest kernel on CPU
2009 10 7 43
57. VMExit
VMMCALL
+
VMX Root Mode
2009 10 7 44
58. VMExit
1.
•Guest State ( )
2.VMX Root
( )Guest State Intel
2009 10 7 45
59. Guest State ?
1.
• CR0,CR3,CR4
• DR7
• RSP, RIP
• (CS,SS,DS,ES,FS,GS)
2. Active State
• 32bit Active/HLT/Wait for IPI
3. Interruptibility state
• 32bit Active/HLT/Wait for IPI
4. VMCS Link pointer
• .VMCS 2
2009 10 7 46
60. • .
RDTSC ( )
•
2009 10 7 47
61. • .
RDTSC ( )
•
VMCS
2009 10 7 47
62. 0 byte
VMCS revison identifier
4 byte
VMX-abort indicator
8 byte
VMCS Data .
2009 10 7 48
63. VMCS
VMREAD/VMWRITE
mov
VMExit ...
2009 10 7 49
64. VMWRITE
Kernel
Mode Memory
VMCS
Hypervirsor on
2009 10 7 50
65. VMREAD
Kernel
Mode Memory
VMCS
Hypervirsor on
2009 10 7 51
66. VMWRITE/VMREAD
• vmwrite destreg srcreg
• vmread destreg srcreg
2009 10 7 52
67. VMWRITE/VMREAD
• vmwrite destreg srcreg
• vmread destreg srcreg
srcreg
2009 10 7 52
68. srcreg
-encoding-
Bit Posiotion(s) Contents
31:15 Reserved (must be 0)
14:15 Bit Width
12 Reserved (must be 0)
11:10 Type
9:1 Index
0 Access Type(32bit or 64bit?)
• Appendix H.3
2009 10 7 53
69. • IO
•
•
•
0 OS
1 VMEXIT
2009 10 7 54
70. IO
• IO
16bit bitmap
VMCS
• 0x0000 - 0xFFFF
0 OS
1 VMEXIT
2009 10 7 55
71. IO
-encoding-
Bit Posiotion(s) Contents
31:15 Reserved (must be 0)
14:15 Bit Width
12 Reserved (must be 0)
11:10 Type
9:1 Index
0 Access Type(32bit or 64bit?)
• Appendix H.3
2009 10 7 56
72. IO
-encoding-
Bit Posiotion(s) Contents
31:15 Reserved (must be 0)
14:15 Bit Width
12 Reserved (must be 0)
11:10
64 bit access Type
=2
9:1 Index
0 Access Type(32bit or 64bit?)
• Appendix H.3
2009 10 7 56
73. IO
-encoding-
Bit Posiotion(s) Contents
31:15 Reserved (must be 0)
14:15 Bit Width
12 Reserved (must be 0)
11:10 Type
9:1 Index
0 Access Type(32bit or 64bit?)
• Appendix H.3
2009 10 7 57
74. IO
-encoding-
Bit Posiotion(s) Contents
31:15 Reserved (must be 0)
14:15 Bit Width
12 Reserved (must be 0)
11:10
Control = 0 Type
Index = 0
9:1 Index
0 Access Type(32bit or 64bit?)
• Appendix H.3
2009 10 7 57
75. IO
-encoding-
mov $bitmaptr, %rax /* val */
mov $0x0002000, %rdx /* index */
vmwrite %rax,%rdx
2009 10 7 58
76. IO
-encoding-
core/asm.s
core/constants.h
core/vt_init.c
2009 10 7 59
78. VMCS
VMPTRST
Current VMCS
Current VMCS .
2009 10 7 61
79. VMPTRST
Kernel
Mode Memory
VMCS
VMCS
Hypervirsor on
2009 10 7 62
81. VMPTRST
Kernel
Mode Memory
VMCS
Current VMCS
Hypervirsor on
2009 10 7 64
83. VMCLEAR
Kernel
Mode Memory
VMCS
Hypervirsor on
2009 10 7 66
84. Intel
( )
Volume 2B, 3B
2009 10 7 67