0% found this document useful (0 votes)

47 views

x86: Virtualization: Gabriel Laskar

The document discusses CPU virtualization and KVM. It explains the basics of virtualization, how KVM leverages Linux APIs to provide virtualization, and provides code examples for setting up virtual machines and virtual CPUs using the KVM API.

Uploaded by

Djadja

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

47 views

x86: Virtualization: Gabriel Laskar

Uploaded by

Djadja

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 30

x86 : Virtualization

Gabriel Laskar <[email protected]>

Basics : What is it ?

● Virtual Machine
● Hypervisor
● Virtual machine monitor

2
Basics : Virtualization vs Emulation

● CPU Emulation : Interpret code in order to execute the

same behavior
● CPU Virtualization : Execute on real hardware, but in a
controlled way

3
VM Requirements

« For any conventional third generation computer, a

virtual machine monitor may be constructed if the set of
sensitive instructions for that computer is a subset of
privileged instructions »
-- Popek & Goldberg

4
Virtualization Solutions

● Xen
● Qemu/KVM
● VMWare ESX
● VMWare Workstation
● VirtualBox

5
Other Kind of Virtualization

● Paravirtualization
● Containers

6
CPU Virtualization

● Run the VMM at a higher level of privilege

● Sensitive instructions will trap and the VMM will
emulate them.

7
Virtualize the “unvirtualizable”

● Binary Rewriting
● Para-virtualization
● HVM

8
Rings & Virtualization

9
vt-x

● root vs non-root mode

● VMCS
● Instructions
● What can trap ?

10
vt-x : instructions

● vmptrld, vmptrst
● vmclear
● vmread, vmwrite
● vmlaunch, vmresume
● vmxoff, vmxon
● invept, invvpid
● vmcall, vmfunc

11
EPT

● No Shadow Page Tables

● A second translation Layer
● translation : physical → guest-physical

12
Memory Virtualization
● shadow page tables
● EPT

13
Example Hypervisor: Qemu/KVM

● KVM is the Linux Hypervisor

● Splitted in 2 parts :
○ kvm : kernel module
○ qemu : device emulation, vm setup

14
KVM

● Leverage Linux APIs & subsystems for Virtualization

● 3 modules : kvm.ko, kvm-intel.ko, kvm-amd.ko
● code size :
○ ~7kloc arch-independant code
○ ~33kloc arch-dependant code for x86 (~8k for arm)

15
KVM

● Expose virtualization api to the userland

● Use only Hardware virtualization instructions
● small size
● reuse linux apis when possible (scheduling, memory
management, events, ...)

16
Qemu

● Use also in Xen

● VM creation
● Device emulation

17
KVM Api

● VM creation
● Memory assignation
● irq chip
● launch a cpu
● devices

18
/dev/kvm

● /dev/kvm expose an anonymous virtual filesystem for

the hypervisor
● Every resources are managed through a fd :
○ kvm configuration
○ vm management
○ vcpu management

19
/dev/kvm : system fd

● ioctl(fd, KVM_CREATE_VM)
● ioctl(fd, KVM_GET_VCPU_MMAP_SIZE)
● ioctl(fd, KVM_GET_MSR_INDEX_LIST)
● ioctl(fd, KVM_CHECK_EXTENSION)

20
kvm extensions

● Multiple architectures and capabilities (and kvm

versions)
● Extension system, in order to know what is available
● Around 115 extension (as of 4.1)
● Check for extension before use:
○ ioctl(kvm_fd, KVM_CHECK_EXTENSION, KVM_CAP_IRQCHIP);

21
Example : vm creation
int fd_kvm = open("/dev/kvm", O_RDWR);
int kvm_run_size = ioctl(fd_kvm, KVM_GET_VCPU_MMAP_SIZE,
0);

int fd_vm = ioctl(fd_kvm, KVM_CREATE_VM, 0);

// add space for v8086 TSS (3 pages)

ioctl(fd_vm, KVM_SET_TSS_ADDR, 0xffffd000);
// add space for identity map for vcpu real mode
ioctl(fd_vm, KVM_SET_IDENTITY_MAP_ADDR, 0xffffc000);

ioctl(fd_vm, KVM_CREATE_IRQCHIP, 0);

22
/dev/kvm : vm fd

● KVM_CREATE_VCPU
● KVM_SET_USER_MEMORY_REGION
● KVM_CREATE_IRQCHIP (extension)
● KVM_{GET,SET}_DEBUGREGS
● KVM_GET_DIRTY_LOG

23
Example : Memory Assignation
// set memory region
void *addr = mmap(NULL, 10 * MB, PROT_READ | PROT_WRITE,
MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);

struct kvm_userspace_memory_region region = {

.slot = 0,
.flags = 0,
.guest_phys_addr = 0x100000,
.memory_size = 10 * MB,
.userspace_addr = (__u64)addr
};

ioctl(fd_vm, KVM_SET_USER_MEMORY_REGION, &region);

24
/dev/kvm : VCPU fd

● KVM_RUN
● KVM_{GET,SET}_REGS
● KVM_{GET,SET}_SREGS
● KVM_TRANSLATE
● KVM_INTERRUPT (without local apic)
● KVM_{GET,SET}_MSRS
● KVM_SET_CPUID

25
Example : VCPU Creation & setup
int fd_vcpu = ioctl(fd_vm, KVM_CREATE_VCPU, 0);

struct kvm_sregs sregs;

ioctl(fd_vcpu, KVM_GET_SREGS, &sregs);

#define set_segment(Seg, Base, Limit, G) \

do { \
Seg.base = Base; \ sregs.cr0 |= 0x01;
Seg.limit = Limit; \
Seg.g = G; \ ioctl(fd_vcpu, KVM_SET_SREGS, &sregs);
} while (0)
struct kvm_regs regs;
ioctl(fd_vcpu, KVM_GET_REGS, &regs);
set_segment(sregs.cs, 0x0, 0xffffffff, 1); regs.rflags = 0x02;
set_segment(sregs.ds, 0x0, 0xffffffff, 1); regs.rip = 0x00100f00;
set_segment(sregs.ss, 0x0, 0xffffffff, 1); ioctl(fd_vcpu, KVM_SET_REGS, &regs);

sregs.cs.db = 1;
sregs.ss.db = 1;

26
Example : Run VM
struct kvm_run *run_state =
mmap(0, kvm_run_size, PROT_READ|PROT_WRITE,
MAP_PRIVATE,
fd_vcpu, 0);

for (;;) {
int res = ioctl(fd_vcpu, KVM_RUN, 0);

switch (run_state->exit_reason) {
/* … */
}
}
27
Exit Reasons

● KVM_EXIT_EXCEPTION
● KVM_EXIT_IO
● KVM_EXIT_MMIO
● KVM_EXIT_SHUTDOWN
● ...

28
Port IO
case KVM_EXIT_IO:
if (run_state->io.port == CONSOLE_PORT
&& run_state->io.direction == KVM_EXIT_IO_OUT)
{

__u64 offset = run_state->io.data_offset;

__u32 size = run_state->io.size;

write(STDOUT_FILENO,
(char*)run_state + offset, size);
}
break;
29
More? Where is the documentation?
● linux source code:
○ include/uapi/linux/kvm.h
○ Documentation/virtual/kvm/api.txt
○ virt/kvm/
○ arch/x86/kvm/
○ arch/arm/kvm/
● qemu source code
● kvmtool:
○ https://raw.githubusercontent.com/penberg/linux-
kvm/master/tools/kvm/README
● As usual Intel® 64 and IA-32 Architectures Software
Developer Manuals
30

Mastering KVM Virtualization
From Everand
Mastering KVM Virtualization
Humble Devassy Chirammal
5/5 (1)
OpenShift Virtualization - Technical Overview
100% (2)
OpenShift Virtualization - Technical Overview
74 pages
Installing and Working With CentOS 7 x64 and KVM
No ratings yet
Installing and Working With CentOS 7 x64 and KVM
7 pages
Aurion Product Overview May 2006
0% (1)
Aurion Product Overview May 2006
24 pages
KVM Architecture Overview
No ratings yet
KVM Architecture Overview
15 pages
Virtual Vs Physical Machines by KVM
No ratings yet
Virtual Vs Physical Machines by KVM
46 pages
Installing KVM
No ratings yet
Installing KVM
58 pages
KVM PDF
No ratings yet
KVM PDF
37 pages
Jonathan Brossard - Breaking Virtualization 8088 Mode - Hackito Ergo Sum Conference
No ratings yet
Jonathan Brossard - Breaking Virtualization 8088 Mode - Hackito Ergo Sum Conference
57 pages
QEMU Code Overview: Architecture & Internals Tour
100% (1)
QEMU Code Overview: Architecture & Internals Tour
23 pages
Slide-3.2-Virtual-Machines-and-Containers.pptx-1-1
No ratings yet
Slide-3.2-Virtual-Machines-and-Containers.pptx-1-1
31 pages
Everything you wanted to know about RISC-V
No ratings yet
Everything you wanted to know about RISC-V
25 pages
Maggi Virtualization Talk 2014
No ratings yet
Maggi Virtualization Talk 2014
70 pages
Presentation 9
No ratings yet
Presentation 9
28 pages
DEFCON-19-Cook-Kernel-Exploitation
No ratings yet
DEFCON-19-Cook-Kernel-Exploitation
30 pages
ACPI Implants Ruxmon Presentation
No ratings yet
ACPI Implants Ruxmon Presentation
49 pages
2nd File To Students KVM - Host - Creation
No ratings yet
2nd File To Students KVM - Host - Creation
45 pages
OpenCL Guide
No ratings yet
OpenCL Guide
19 pages
Virtualization Host Configuration and Guest Installation Guide/index
No ratings yet
Virtualization Host Configuration and Guest Installation Guide/index
37 pages
RECON 0xa HyperPlatform Satoshi
No ratings yet
RECON 0xa HyperPlatform Satoshi
25 pages
cs179 2016 Lec13
No ratings yet
cs179 2016 Lec13
30 pages
1. Bypass Sandbox and Virtual Machines
No ratings yet
1. Bypass Sandbox and Virtual Machines
1 page
Virt Lecture1 PDF
No ratings yet
Virt Lecture1 PDF
32 pages
Bellard Qemu
No ratings yet
Bellard Qemu
6 pages
Kernel-Based Virtual Machine (KVM) Is A
No ratings yet
Kernel-Based Virtual Machine (KVM) Is A
6 pages
Nstallation: Pre-Installation Checklist
No ratings yet
Nstallation: Pre-Installation Checklist
4 pages
01x09b-VFIOandYou-small
No ratings yet
01x09b-VFIOandYou-small
29 pages
Andras_Kabai_hunting_and_exploiting_bugs_in_kernel_drivers
No ratings yet
Andras_Kabai_hunting_and_exploiting_bugs_in_kernel_drivers
23 pages
Elc2009 Qemu Cris
No ratings yet
Elc2009 Qemu Cris
43 pages
5b-book-of-ahv-how-it-works
No ratings yet
5b-book-of-ahv-how-it-works
7 pages
Xen Sioemu
No ratings yet
Xen Sioemu
25 pages
GPUAF - Using A General GPU Exploit Tech To Attack Pixel8
No ratings yet
GPUAF - Using A General GPU Exploit Tech To Attack Pixel8
72 pages
VMKnoppix x86 20080213e
No ratings yet
VMKnoppix x86 20080213e
6 pages
Demystifying the RISC-V Linux software stack
No ratings yet
Demystifying the RISC-V Linux software stack
30 pages
Kashyap Chamarthy - Effective Virtual CPU Configuration OSS EU2018
No ratings yet
Kashyap Chamarthy - Effective Virtual CPU Configuration OSS EU2018
77 pages
Breaking Out of VirtualBox Through 3D Acceleration-Francisco Falcon PDF
No ratings yet
Breaking Out of VirtualBox Through 3D Acceleration-Francisco Falcon PDF
94 pages
X - Important:: /drives 192.168.1.112:1.0 SSH
No ratings yet
X - Important:: /drives 192.168.1.112:1.0 SSH
10 pages
Breaking Out of VirtualBox Through 3D Acceleration-Francisco Falcon PDF
No ratings yet
Breaking Out of VirtualBox Through 3D Acceleration-Francisco Falcon PDF
94 pages
KVM Virtualization Technology
100% (1)
KVM Virtualization Technology
19 pages
suzannerivoire-rtos
No ratings yet
suzannerivoire-rtos
22 pages
Virtualization With KVM and Libvirt
No ratings yet
Virtualization With KVM and Libvirt
7 pages
Kernel Based Virtualization With KVM
50% (2)
Kernel Based Virtualization With KVM
3 pages
15
No ratings yet
15
34 pages
OpenWrt Training - Day 2
No ratings yet
OpenWrt Training - Day 2
46 pages
Debugging The Linux Kernel With GDB
No ratings yet
Debugging The Linux Kernel With GDB
40 pages
FMCV KVM QSG
No ratings yet
FMCV KVM QSG
10 pages
Towards Multi-Threaded Device Emulation in QEMU: Stefan Hajnoczi Red Hat KVM Forum 2014
No ratings yet
Towards Multi-Threaded Device Emulation in QEMU: Stefan Hajnoczi Red Hat KVM Forum 2014
26 pages
Hypervisornova 151008120240 Lva1 App6891
No ratings yet
Hypervisornova 151008120240 Lva1 App6891
23 pages
03 FusionCompute部署命令
No ratings yet
03 FusionCompute部署命令
2 pages
Linux Kernel Programming
No ratings yet
Linux Kernel Programming
52 pages
Create KVM VM Cli
No ratings yet
Create KVM VM Cli
3 pages
CUDA Introduction Mod
No ratings yet
CUDA Introduction Mod
50 pages
Defeating Malware S Anti VM Techniques CPUID Based Instructions
No ratings yet
Defeating Malware S Anti VM Techniques CPUID Based Instructions
4 pages
Aix (Dvanced Nteractive e Ecutive)
No ratings yet
Aix (Dvanced Nteractive e Ecutive)
12 pages
KVM Host Add
No ratings yet
KVM Host Add
27 pages
impl_js
No ratings yet
impl_js
56 pages
Experiment No 2 Aim: To Study Virtualization and Install KVM. Virtualization
No ratings yet
Experiment No 2 Aim: To Study Virtualization and Install KVM. Virtualization
12 pages
LXC, Docker, and The Future of Software Delivery: Linuxcon - New Orleans, 2013 Jérôme Petazzoni, Dotcloud Inc
No ratings yet
LXC, Docker, and The Future of Software Delivery: Linuxcon - New Orleans, 2013 Jérôme Petazzoni, Dotcloud Inc
45 pages
Kdump Docs
No ratings yet
Kdump Docs
40 pages
Mastering Proxmox
From Everand
Mastering Proxmox
Wasim Ahmed
5/5 (1)
Build your own Blockchain: Make your own blockchain and trading bot on your pc
From Everand
Build your own Blockchain: Make your own blockchain and trading bot on your pc
Magelan Cybersecurity
No ratings yet
Googleclassroom Powerpoint
No ratings yet
Googleclassroom Powerpoint
57 pages
Experiment 09: Write An Application That Draws Basic Graphical Primitives in The Screen
No ratings yet
Experiment 09: Write An Application That Draws Basic Graphical Primitives in The Screen
8 pages
Sugar Mommy PDF 3 PDF Scribd
No ratings yet
Sugar Mommy PDF 3 PDF Scribd
1 page
Document 2
No ratings yet
Document 2
16 pages
Java Backend RoadMap
No ratings yet
Java Backend RoadMap
5 pages
MFC Interview
No ratings yet
MFC Interview
3 pages
BCA514 Unit 1 Internet Programming
No ratings yet
BCA514 Unit 1 Internet Programming
90 pages
Unit 2 Introduction To Information System
No ratings yet
Unit 2 Introduction To Information System
12 pages
Aquis, Installation Guide: Use This Guide With Version 5. 0 of Aquis - Released: Q4 2012
No ratings yet
Aquis, Installation Guide: Use This Guide With Version 5. 0 of Aquis - Released: Q4 2012
14 pages
Variadic Function Templates in C++
No ratings yet
Variadic Function Templates in C++
5 pages
SR
No ratings yet
SR
2 pages
MS WORD Lab Manual
0% (1)
MS WORD Lab Manual
52 pages
WP Demystifying Tempdb
No ratings yet
WP Demystifying Tempdb
10 pages
Unit 1
No ratings yet
Unit 1
33 pages
Bugreport Earth - in SP1A.210812.016 2024 02 28 21 31 28 Dumpstate - Log 31527
No ratings yet
Bugreport Earth - in SP1A.210812.016 2024 02 28 21 31 28 Dumpstate - Log 31527
32 pages
List of Ports
No ratings yet
List of Ports
60 pages
Easybuilder Course Lab 3: Visionview and Easyview Lab Expected Outcomes
No ratings yet
Easybuilder Course Lab 3: Visionview and Easyview Lab Expected Outcomes
8 pages
Updates Rocksmith
No ratings yet
Updates Rocksmith
5 pages
Editing PI Vision Displays
No ratings yet
Editing PI Vision Displays
2 pages
Hierarchey Notes
No ratings yet
Hierarchey Notes
2 pages
FORM 1 COMPUTER STUDIES NOTES
No ratings yet
FORM 1 COMPUTER STUDIES NOTES
4 pages
SAP Business One, Version For SAP HANA: Advanced Dashboards: Use This Title Slide Only With An Image
No ratings yet
SAP Business One, Version For SAP HANA: Advanced Dashboards: Use This Title Slide Only With An Image
22 pages
81r Ref
No ratings yet
81r Ref
834 pages
PeopleSoft Overview Tech Roadmap (07c5e68b Dee1 4426 9161 Cd9bcbce78e6)
No ratings yet
PeopleSoft Overview Tech Roadmap (07c5e68b Dee1 4426 9161 Cd9bcbce78e6)
40 pages
Parallel Programming: in C With Mpi and Openmp Michael J. Quinn
No ratings yet
Parallel Programming: in C With Mpi and Openmp Michael J. Quinn
73 pages
OpenText Exstream Design and Production CE 24.1.0 Release Notes
No ratings yet
OpenText Exstream Design and Production CE 24.1.0 Release Notes
17 pages
Ds Loop With TX
No ratings yet
Ds Loop With TX
8 pages
Forensic Analysis of Email 24112015 Meeting With OCH v1 - 1
No ratings yet
Forensic Analysis of Email 24112015 Meeting With OCH v1 - 1
5 pages