SlideShare a Scribd company logo

ARMvisor, more details

Peter Chang, profile picture
Peter Chang

- Peter Chang is a developer of ARMvisor, which is a KVM implementation for ARM architecture - ARMvisor uses para-virtualization and trap-and-emulate techniques to virtualize sensitive ARM instructions like branches, register access, and memory operations - It traps these instructions and emulates their behavior to enable full system virtualization on ARM platforms

Technology
1 of 126
Downloaded 384 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
ARMvisor Peter Chang This side is licensed under CC-BY-NC-SA 姓名標示─非商業性─相同方式分享 (http://creativecommons.org/licenses/by-nc-sa/3.0/tw/legalcode)
Who am I?
Who am I? • Peter Chang
Who am I? • Peter Chang • One of the current developers of ARMvisor
Who am I? • Peter Chang • One of the current developers of ARMvisor • http://tw.linkedin.com/in/peterchangtw
What is ARMvisor?
ARMvisor, more details
ARM
ARM
ARM
What is KVM?
What is KVM? • A.k.a. Kernel-based Virtual Machine
What is KVM? • A.k.a. Kernel-based Virtual Machine • Type-II Virtual Machine Monitor
What is KVM? • A.k.a. Kernel-based Virtual Machine • Type-II Virtual Machine Monitor • A module of Linux kernel
What is KVM?
What is KVM? • Officially support x86/x64, PowerPC, S390
What is KVM? • Officially support x86/x64, PowerPC, S390 • No official support for ARM architecture
What is ARMvisor?
What is ARMvisor? • ARM架構上的KVM
What is ARMvisor? • ARM架構上的KVM • Para-virtualization
What is ARMvisor? • ARM架構上的KVM • Para-virtualization • Trap & Emulation
What is ARMvisor? • ARM架構上的KVM • Para-virtualization • Trap & Emulation • Dynamic Memory Allocation
What is ARMvisor? • ARM架構上的KVM • Para-virtualization • Trap & Emulation • Dynamic Memory Allocation • virtio & IRQchip-in-kernel
Guest OS: Linux 2.6.35 QEMU 0.14 Driver Device Driver ARMvisor Host OS: Linux 2.6.38 Hardware: ARM Cortex-A8
2012 2011 2010 2009
2012 2011 2010 2009
2012 2011 2010 Starting Point 2009
2012 2011 2010 Starting Point 2009
2012 2011 ARMvisor Prototype 2010 Starting Point 2009
2012 2011 ARMvisor Prototype 2010 Starting Point 2009
2012 CPU Opt & Mem Opt 2011 ARMvisor Prototype 2010 Starting Point 2009
2012 CPU Opt & Mem Opt 2011 ARMvisor Prototype 2010 Starting Point 2009
I/O Opt 2012 CPU Opt & Mem Opt 2011 ARMvisor Prototype 2010 Starting Point 2009
Supported Hardware ARM Realview-eb ARM11 ARMv6 ISA
Supported Hardware TI BeagleBoard Cortex-A8 ARMv7 ISA
Supported Software • Patched Host OS: • Linaro Linux 2.6.38 • Host Root Filesystem • Ubuntu/Debian RFS (CLI or GUI) • QEMU 0.14
Supported Software • Patched Guest OS: • Linux 2.6.35 (running on ARMv6 ISA) • Guest Root Filesystem: • Ubuntu/Debian RFS (CLI or GUI)
System model of ARMvisor
CPU virtualization
CPU virtualization • ARM is non-virtualizable CPU • Patch guest OS • “Trap and emulation”
ARMv6 ISA 1.Branch instructions 2.Data-processing instructions 3.Multiply instructions 4.Parallel addition and subtraction instructions 5.Extend instructions 6.Miscellaneous arithmetic instructions 7.Other miscellaneous instructions 8.Status register access instructions 9.Load and store instructions 10.Load and Store Multiple instructions 11.Semaphore instructions 12.Exception-generating instructions 13.Coprocessor instructions
ARMv6 ISA 1.Branch instructions Sensitive 2.Data-processing instructions Instructions ? 3.Multiply instructions 4.Parallel addition and subtraction instructions 5.Extend instructions 6.Miscellaneous arithmetic instructions 7.Other miscellaneous instructions 8.Status register access instructions 9.Load and store instructions 10.Load and Store Multiple instructions 11.Semaphore instructions 12.Exception-generating instructions 13.Coprocessor instructions
ARMv6 ISA 1.Branch instructions 2.Data-processing instructions 3.Multiply instructions 4.Parallel addition and subtraction instructions 5.Extend instructions 6.Miscellaneous arithmetic instructions 7.Other miscellaneous instructions 8.Status register access instructions 9.Load and store instructions 10.Load and Store Multiple instructions 11.Semaphore instructions 12.Exception-generating instructions 13.Coprocessor instructions
Sensitive Instructions Data-processing instructions S-BIT: MOVS, ... Status register access instructions MRS, MSR, CPS, SETEND Load and store instructions T-BIT: LDRT, STRT, ... Load and Store Multiple instructions LDM(2), LDM(3), STM(2) Exception-generating instructions SWI, BKPT Coprocessor instructions MCR, MRC, MCRR, ...
Observation from Guest Linux Code • MOVS • (MRS, MSR, CPS) • (LDRBT, LDRT, STRBT, STRT) • (LDM(2), LDM(3), STM(2)) • SWI • (MCR, MRC, MCRR) 15 sensitive instructions used in the guest linux code
“Trap & emulation” Guest%OS User%space% trap % Kernel%space VMM
How to “trap”? … mov r0, r0 add sp, sp movs pc, lr …
How to “trap”? … mov r0, r0 add sp, sp virt_svc_movs “movs pc, lr” …
How to “trap”? … mov r0, r0 add sp, sp virt_svc_movs “movs pc, lr” …
How to “trap”? .macro virt_svc_movs, inst SWI 0x190 inst … .endm mov r0, r0 add sp, sp virt_svc_movs “movs pc, lr” …
How to “emulate”?
oxffff1000 0xffff001c Kernel Vector oxffff0000
oxffff1000 0xffff001c Kernel Vector oxffff0000
The KVM trap Interface oxffff1000 0xffff001c Kernel Vector oxffff0000
UND ABORT SWI IRQ/FIQ KVM  Trap  Entry KVM/Guest Host  Trap  Handler  Context  Switch   Unit KVM  Trap  Dispatcher Instruction   MMU   Exception/Interrupt   QEMU  I/O Emulation Emulation Emulation Emulation
User space Kernel space Guest Mode QEMU KVM Guest OS
User space Kernel space Guest Mode 1. VM initialization QEMU KVM Guest OS
User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU QEMU KVM Guest OS
User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM QEMU KVM Guest OS
User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest QEMU KVM Guest OS
User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest 5. Exit Guest QEMU KVM Guest OS
User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest 5. Exit Guest Lightweight trap QEMU KVM Guest OS
User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest 5. Exit Guest Lightweight trap 6. Enter Guest QEMU KVM Guest OS
User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest 5. Exit Guest Lightweight trap 6. Enter Guest 7. Exit Guest QEMU KVM Guest OS
User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest 5. Exit Guest Lightweight trap 6. Enter Guest 7. Exit Guest 8. Return to QEMU QEMU KVM Guest OS
User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest 5. Exit Guest Lightweight trap 6. Enter Guest Heavyweight trap 7. Exit Guest 8. Return to QEMU QEMU KVM Guest OS
User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest 5. Exit Guest Lightweight trap 6. Enter Guest Heavyweight trap 7. Exit Guest 8. Return to QEMU 9. Run VM QEMU KVM Guest OS
User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest 5. Exit Guest Lightweight trap 6. Enter Guest Heavyweight trap 7. Exit Guest 8. Return to QEMU 9. Run VM 10. Enter Guest QEMU KVM Guest OS
VCPU   oxffff2000 Register   Sync File The KVM trap Interface oxffff1000 0xffff001c Kernel Vector oxffff0000
VCPU   oxffff2000 Register   Shadow  Register  File Sync File The KVM trap Interface oxffff1000 0xffff001c Kernel Vector oxffff0000
mcr  cpsr,  r1 VCPU   oxffff2000 Register   Shadow  Register  File Sync File The KVM trap Interface oxffff1000 0xffff001c Kernel Vector oxffff0000
mcr  cpsr,  r1 VCPU   oxffff2000 Register   Shadow  Register  File Sync File The KVM trap Interface oxffff1000 0xffff001c Kernel Vector oxffff0000
mcr  cpsr,  r1 VCPU   oxffff2000 Read/Write Register   Shadow  Register  File Sync Instructions File The KVM trap Interface oxffff1000 0xffff001c Kernel Vector oxffff0000
mcr  cpsr,  r1 VCPU   oxffff2000 Read/Write Register   Shadow  Register  File Sync Instructions File The KVM trap Interface oxffff1000 0xffff001c Kernel Vector oxffff0000
Memory virtualization
PTB Virtual  Address Physical  Address
GVA GPA HVA HPA
Guest  PTB GVA GPA HVA HPA
Guest  PTB GVA GPA HVA HPA
Guest  PTB GVA GPA Host  PTB HVA HPA
Guest  PTB GVA GPA Host  PTB HVA New  SPTE  !!! HPA
ARMvisor, more details
PABT/DABT  trap
PABT/DABT  trap guest   page  table   walker
PABT/DABT  trap guest   page  table   walker True  Translation  fault
PABT/DABT  trap guest   Guest   page  table   permission   walker checker True  Translation  fault
PABT/DABT  trap guest   Guest   page  table   permission   walker checker True  permission  fault True  Translation  fault
PABT/DABT  trap guest   Guest   MMIO  access   page  table   permission   checker walker checker True  permission  fault True  Translation  fault
PABT/DABT  trap guest   Guest   MMIO  access   page  table   permission   checker walker checker True  permission  fault True  Translation  fault MMIO  emulation
PABT/DABT  trap guest   Guest   Shadow  page   MMIO  access   page  table   permission   table   checker walker checker mapping True  permission  fault True  Translation  fault MMIO  emulation
Hidden  protection  fault PABT/DABT  trap guest   Guest   Shadow  page   MMIO  access   page  table   permission   table   checker walker checker mapping True  permission  fault True  Translation  fault MMIO  emulation
Hidden  protection  fault PABT/DABT  trap guest   Guest   Shadow  page   MMIO  access   page  table   permission   table   checker walker checker mapping True  permission  fault Hidden  translation  fault True  Translation  fault MMIO  emulation
Hidden  protection  fault PABT/DABT  trap guest   Guest   Shadow  page   MMIO  access   Shadow  page   page  table   permission   table   checker table  update walker checker mapping True  permission  fault Hidden  translation  fault True  Translation  fault MMIO  emulation
I/O virtualization
I/O virtualization • Emulation by QEMU • virtio • IRQ chip in kernel
Emulate by QEMU
Guest OS: Linux 2.6.35 QEMU 0.14 Driver Device ARMvisor Driver Host OS: Linux 2.6.38 Hardware: ARM Cortex-A8
Guest OS: Linux 2.6.35 1 QEMU 0.14 Driver Device ARMvisor Driver Host OS: Linux 2.6.38 Hardware: ARM Cortex-A8
Guest OS: Linux 2.6.35 1 QEMU 0.14 Driver Device 2 ARMvisor Driver Host OS: Linux 2.6.38 Hardware: ARM Cortex-A8
Guest OS: Linux 2.6.35 1 QEMU 0.14 Driver Device 3 2 ARMvisor Driver Host OS: Linux 2.6.38 Hardware: ARM Cortex-A8
Guest OS: Linux 2.6.35 1 QEMU 0.14 Driver Device 3 2 ARMvisor Driver Host OS: Linux 2.6.38 4 Hardware: ARM Cortex-A8
Guest OS: Linux 2.6.35 QEMU 0.14 Driver Device ARMvisor Driver Host OS: Linux 2.6.38 Hardware: ARM Cortex-A8
Guest OS: Linux 2.6.35 QEMU 0.14 Driver Device ARMvisor Driver Host OS: Linux 2.6.38 5 Hardware: ARM Cortex-A8
Guest OS: Linux 2.6.35 QEMU 0.14 Driver Device 6 ARMvisor Driver Host OS: Linux 2.6.38 5 Hardware: ARM Cortex-A8
Guest OS: Linux 2.6.35 QEMU 0.14 Driver Device 7 6 ARMvisor Driver Host OS: Linux 2.6.38 5 Hardware: ARM Cortex-A8
Guest OS: Linux 2.6.35 8 QEMU 0.14 Driver Device 7 6 ARMvisor Driver Host OS: Linux 2.6.38 5 Hardware: ARM Cortex-A8
virtio
virtio Vir,o  Driver Guest Vir,o  AMBA  Controller Vring Transport Vir,o  AMBA  Controller QEMU Vir,o  Device
irq_chip in kernel
Opera,ng  System Interrupt  Controller Deliver  Interrupt Get  IRQ  number 1 Ack  IRQ  number Mask  IRQ 2 End  of  IRQ 3 Unmask  IRQ 4
irq_chip in kernel Guest Deliver7 GIC QEMU IRQ7 Control7 GIC7 Device Device Device IOCTL7 ARMvisor
irq_chip in kernel Guest Deliver$ IRQ$ QEMU Device Device Device Control$ GIC$ GIC$in$Kernel KVM
Future Works
Future Works
Future Works • Support for ARM’s Virtualization extension
Future Works • Support for ARM’s Virtualization extension • Cortex-A15 and beyond
Future Works • Support for ARM’s Virtualization extension • Cortex-A15 and beyond • SMP for host and guest
Future Works • Support for ARM’s Virtualization extension • Cortex-A15 and beyond • SMP for host and guest • AArch64 Support
Future Works • Support for ARM’s Virtualization extension • Cortex-A15 and beyond • SMP for host and guest • AArch64 Support • ARMv8
By the way, ...
OpenSource
OpenSource • We HAVE opened source in late August, 2012.
OpenSource • We HAVE opened source in late August, 2012. • GNU GPLv2
OpenSource • We HAVE opened source in late August, 2012. • GNU GPLv2 • Source code of Host and Guest OS
OpenSource • We HAVE opened source in late August, 2012. • GNU GPLv2 • Source code of Host and Guest OS • https://github.com/SSLab-NTHU
Q &A

More Related Content

PPTX
ARMvisor @ Linux Symposium 2012
Peter Chang
 
PDF
ARMvisor @ COSCUP2012
Peter Chang
 
PDF
Implements BIOS emulation support for BHyVe
Takuya ASADA
 
PDF
Implements BIOS emulation support for BHyVe: A BSD Hypervisor
Takuya ASADA
 
PDF
Hypervisor Framework
Edgar Barbosa
 
PPTX
Link Virtualization based on Xen
The Linux Foundation
 
PDF
I/O仮想化最前線〜ネットワークI/Oを中心に〜
Ryousei Takano
 
PDF
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)
Nate Lawson
 
ARMvisor @ Linux Symposium 2012
Peter Chang
 
ARMvisor @ COSCUP2012
Peter Chang
 
Implements BIOS emulation support for BHyVe
Takuya ASADA
 
Implements BIOS emulation support for BHyVe: A BSD Hypervisor
Takuya ASADA
 
Hypervisor Framework
Edgar Barbosa
 
Link Virtualization based on Xen
The Linux Foundation
 
I/O仮想化最前線〜ネットワークI/Oを中心に〜
Ryousei Takano
 
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)
Nate Lawson
 

What's hot (20)

PPT
Qemu
robertsong
 
PDF
XS Boston 2008 Cache
The Linux Foundation
 
PDF
ACRN vMeet-Up EU 2021 - shared memory based inter-vm communication introduction
Project ACRN
 
PDF
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
OWASP Delhi
 
PDF
Project ACRN: SR-IOV implementation
Geoffroy Van Cutsem
 
PDF
ACRN vMeet-Up EU 2021 - debug ACRN hypervisor
Project ACRN
 
PDF
openqrm4.9 Quick Start Guide
OSSラボ株式会社
 
PDF
LCA13: Xen on ARM
Linaro
 
PDF
Project ACRN CPU sharing BVT scheduler in ACRN hypervisor
Project ACRN
 
PDF
Project ACRN hypervisor introduction
Project ACRN
 
PDF
HKG15-400: Next steps in KVM enablement on ARM
Linaro
 
PDF
Project ACRN expose and pass through platform hidden PCIe devices to SOS
Project ACRN
 
PDF
Running Dual Android Xen Instances on Nexus 10
Samsung Open Source Group
 
PDF
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...
The Linux Foundation
 
PDF
Project ACRN configuration scenarios and config tool
Project ACRN
 
PDF
Project ACRN Device Model architecture introduction
Project ACRN
 
PDF
Embedded Systems Conference 2014 Presentation
Manish Jaggi
 
PPT
Hardware accelerated Virtualization in the ARM Cortex™ Processors
The Linux Foundation
 
PDF
ACRN vMeet-Up EU 2021 - hypervisor new platform enabling
Project ACRN
 
PDF
Esx.sc.quickref
hellocn
 
Qemu
robertsong
 
XS Boston 2008 Cache
The Linux Foundation
 
ACRN vMeet-Up EU 2021 - shared memory based inter-vm communication introduction
Project ACRN
 
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
OWASP Delhi
 
Project ACRN: SR-IOV implementation
Geoffroy Van Cutsem
 
ACRN vMeet-Up EU 2021 - debug ACRN hypervisor
Project ACRN
 
openqrm4.9 Quick Start Guide
OSSラボ株式会社
 
LCA13: Xen on ARM
Linaro
 
Project ACRN CPU sharing BVT scheduler in ACRN hypervisor
Project ACRN
 
Project ACRN hypervisor introduction
Project ACRN
 
HKG15-400: Next steps in KVM enablement on ARM
Linaro
 
Project ACRN expose and pass through platform hidden PCIe devices to SOS
Project ACRN
 
Running Dual Android Xen Instances on Nexus 10
Samsung Open Source Group
 
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...
The Linux Foundation
 
Project ACRN configuration scenarios and config tool
Project ACRN
 
Project ACRN Device Model architecture introduction
Project ACRN
 
Embedded Systems Conference 2014 Presentation
Manish Jaggi
 
Hardware accelerated Virtualization in the ARM Cortex™ Processors
The Linux Foundation
 
ACRN vMeet-Up EU 2021 - hypervisor new platform enabling
Project ACRN
 
Esx.sc.quickref
hellocn
 
Ad

Similar to ARMvisor, more details (20)

PDF
Virtualization Primer for Java Developers
Richard McDougall
 
PDF
Qemu Introduction
Chiawei Wang
 
PDF
Mobile Virtualization using the Xen Technologies
The Linux Foundation
 
PDF
Porting Xen Paravirtualization to MIPS Architecture
The Linux Foundation
 
PDF
The kvm virtualization way
Francisco Gonçalves
 
ODP
UDS 2012 Xen
George Dunlap
 
ODP
Kvm and libvirt
plarsen67
 
PDF
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary session
The Linux Foundation
 
KEY
Cis222 2
Russ Ferriday
 
PDF
Linux Foundation Collaboration Summit 13 :10 years of Xen and Beyond
The Linux Foundation
 
KEY
AMD SVMってなあに
Takuya ASADA
 
PPTX
2011 10-19
Yaoyao Wang
 
PDF
Toward a practical “HPC Cloud”: Performance tuning of a virtualized HPC cluster
Ryousei Takano
 
PDF
virtualization tutorial at ACM bangalore Compute 2009
ACMBangalore
 
PPTX
Xen Project Update LinuxCon Brazil
The Linux Foundation
 
PDF
XS Boston 2008 Self IO Emulation
The Linux Foundation
 
PPTX
Nested Virtualization Update from Intel
The Linux Foundation
 
PPTX
Linuxcon EU : Virtualization in the Cloud featuring Xen and XCP
The Linux Foundation
 
PDF
S4 xen hypervisor_20080622
Todd Deshane
 
PDF
Qemu
Koganti Ravikumar
 
Virtualization Primer for Java Developers
Richard McDougall
 
Qemu Introduction
Chiawei Wang
 
Mobile Virtualization using the Xen Technologies
The Linux Foundation
 
Porting Xen Paravirtualization to MIPS Architecture
The Linux Foundation
 
The kvm virtualization way
Francisco Gonçalves
 
UDS 2012 Xen
George Dunlap
 
Kvm and libvirt
plarsen67
 
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary session
The Linux Foundation
 
Cis222 2
Russ Ferriday
 
Linux Foundation Collaboration Summit 13 :10 years of Xen and Beyond
The Linux Foundation
 
AMD SVMってなあに
Takuya ASADA
 
2011 10-19
Yaoyao Wang
 
Toward a practical “HPC Cloud”: Performance tuning of a virtualized HPC cluster
Ryousei Takano
 
virtualization tutorial at ACM bangalore Compute 2009
ACMBangalore
 
Xen Project Update LinuxCon Brazil
The Linux Foundation
 
XS Boston 2008 Self IO Emulation
The Linux Foundation
 
Nested Virtualization Update from Intel
The Linux Foundation
 
Linuxcon EU : Virtualization in the Cloud featuring Xen and XCP
The Linux Foundation
 
S4 xen hypervisor_20080622
Todd Deshane
 
Qemu
Koganti Ravikumar
 
Ad

Recently uploaded (20)

PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
A Presentation on Artificial Intelligence
memembruh336
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Approach and Philosophy of On baking technology
30anthuong17
 

ARMvisor, more details

  • 1. ARMvisor Peter Chang This side is licensed under CC-BY-NC-SA 姓名標示─非商業性─相同方式分享 (http://creativecommons.org/licenses/by-nc-sa/3.0/tw/legalcode)
  • 3. Who am I? • Peter Chang
  • 4. Who am I? • Peter Chang • One of the current developers of ARMvisor
  • 5. Who am I? • Peter Chang • One of the current developers of ARMvisor • http://tw.linkedin.com/in/peterchangtw
  • 8. ARM
  • 9. ARM
  • 10. ARM
  • 12. What is KVM? • A.k.a. Kernel-based Virtual Machine
  • 13. What is KVM? • A.k.a. Kernel-based Virtual Machine • Type-II Virtual Machine Monitor
  • 14. What is KVM? • A.k.a. Kernel-based Virtual Machine • Type-II Virtual Machine Monitor • A module of Linux kernel
  • 16. What is KVM? • Officially support x86/x64, PowerPC, S390
  • 17. What is KVM? • Officially support x86/x64, PowerPC, S390 • No official support for ARM architecture
  • 19. What is ARMvisor? • ARM架構上的KVM
  • 20. What is ARMvisor? • ARM架構上的KVM • Para-virtualization
  • 21. What is ARMvisor? • ARM架構上的KVM • Para-virtualization • Trap & Emulation
  • 22. What is ARMvisor? • ARM架構上的KVM • Para-virtualization • Trap & Emulation • Dynamic Memory Allocation
  • 23. What is ARMvisor? • ARM架構上的KVM • Para-virtualization • Trap & Emulation • Dynamic Memory Allocation • virtio & IRQchip-in-kernel
  • 24. Guest OS: Linux 2.6.35 QEMU 0.14 Driver Device Driver ARMvisor Host OS: Linux 2.6.38 Hardware: ARM Cortex-A8
  • 25. 2012 2011 2010 2009
  • 26. 2012 2011 2010 2009
  • 27. 2012 2011 2010 Starting Point 2009
  • 28. 2012 2011 2010 Starting Point 2009
  • 29. 2012 2011 ARMvisor Prototype 2010 Starting Point 2009
  • 30. 2012 2011 ARMvisor Prototype 2010 Starting Point 2009
  • 31. 2012 CPU Opt & Mem Opt 2011 ARMvisor Prototype 2010 Starting Point 2009
  • 32. 2012 CPU Opt & Mem Opt 2011 ARMvisor Prototype 2010 Starting Point 2009
  • 33. I/O Opt 2012 CPU Opt & Mem Opt 2011 ARMvisor Prototype 2010 Starting Point 2009
  • 34. Supported Hardware ARM Realview-eb ARM11 ARMv6 ISA
  • 35. Supported Hardware TI BeagleBoard Cortex-A8 ARMv7 ISA
  • 36. Supported Software • Patched Host OS: • Linaro Linux 2.6.38 • Host Root Filesystem • Ubuntu/Debian RFS (CLI or GUI) • QEMU 0.14
  • 37. Supported Software • Patched Guest OS: • Linux 2.6.35 (running on ARMv6 ISA) • Guest Root Filesystem: • Ubuntu/Debian RFS (CLI or GUI)
  • 38. System model of ARMvisor
  • 40. CPU virtualization • ARM is non-virtualizable CPU • Patch guest OS • “Trap and emulation”
  • 41. ARMv6 ISA 1.Branch instructions 2.Data-processing instructions 3.Multiply instructions 4.Parallel addition and subtraction instructions 5.Extend instructions 6.Miscellaneous arithmetic instructions 7.Other miscellaneous instructions 8.Status register access instructions 9.Load and store instructions 10.Load and Store Multiple instructions 11.Semaphore instructions 12.Exception-generating instructions 13.Coprocessor instructions
  • 42. ARMv6 ISA 1.Branch instructions Sensitive 2.Data-processing instructions Instructions ? 3.Multiply instructions 4.Parallel addition and subtraction instructions 5.Extend instructions 6.Miscellaneous arithmetic instructions 7.Other miscellaneous instructions 8.Status register access instructions 9.Load and store instructions 10.Load and Store Multiple instructions 11.Semaphore instructions 12.Exception-generating instructions 13.Coprocessor instructions
  • 43. ARMv6 ISA 1.Branch instructions 2.Data-processing instructions 3.Multiply instructions 4.Parallel addition and subtraction instructions 5.Extend instructions 6.Miscellaneous arithmetic instructions 7.Other miscellaneous instructions 8.Status register access instructions 9.Load and store instructions 10.Load and Store Multiple instructions 11.Semaphore instructions 12.Exception-generating instructions 13.Coprocessor instructions
  • 44. Sensitive Instructions Data-processing instructions S-BIT: MOVS, ... Status register access instructions MRS, MSR, CPS, SETEND Load and store instructions T-BIT: LDRT, STRT, ... Load and Store Multiple instructions LDM(2), LDM(3), STM(2) Exception-generating instructions SWI, BKPT Coprocessor instructions MCR, MRC, MCRR, ...
  • 45. Observation from Guest Linux Code • MOVS • (MRS, MSR, CPS) • (LDRBT, LDRT, STRBT, STRT) • (LDM(2), LDM(3), STM(2)) • SWI • (MCR, MRC, MCRR) 15 sensitive instructions used in the guest linux code
  • 46. “Trap & emulation” Guest%OS User%space% trap % Kernel%space VMM
  • 47. How to “trap”? … mov r0, r0 add sp, sp movs pc, lr …
  • 48. How to “trap”? … mov r0, r0 add sp, sp virt_svc_movs “movs pc, lr” …
  • 49. How to “trap”? … mov r0, r0 add sp, sp virt_svc_movs “movs pc, lr” …
  • 50. How to “trap”? .macro virt_svc_movs, inst SWI 0x190 inst … .endm mov r0, r0 add sp, sp virt_svc_movs “movs pc, lr” …
  • 52. oxffff1000 0xffff001c Kernel Vector oxffff0000
  • 53. oxffff1000 0xffff001c Kernel Vector oxffff0000
  • 54. The KVM trap Interface oxffff1000 0xffff001c Kernel Vector oxffff0000
  • 55. UND ABORT SWI IRQ/FIQ KVM  Trap  Entry KVM/Guest Host  Trap  Handler  Context  Switch   Unit KVM  Trap  Dispatcher Instruction   MMU   Exception/Interrupt   QEMU  I/O Emulation Emulation Emulation Emulation
  • 56. User space Kernel space Guest Mode QEMU KVM Guest OS
  • 57. User space Kernel space Guest Mode 1. VM initialization QEMU KVM Guest OS
  • 58. User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU QEMU KVM Guest OS
  • 59. User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM QEMU KVM Guest OS
  • 60. User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest QEMU KVM Guest OS
  • 61. User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest 5. Exit Guest QEMU KVM Guest OS
  • 62. User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest 5. Exit Guest Lightweight trap QEMU KVM Guest OS
  • 63. User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest 5. Exit Guest Lightweight trap 6. Enter Guest QEMU KVM Guest OS
  • 64. User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest 5. Exit Guest Lightweight trap 6. Enter Guest 7. Exit Guest QEMU KVM Guest OS
  • 65. User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest 5. Exit Guest Lightweight trap 6. Enter Guest 7. Exit Guest 8. Return to QEMU QEMU KVM Guest OS
  • 66. User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest 5. Exit Guest Lightweight trap 6. Enter Guest Heavyweight trap 7. Exit Guest 8. Return to QEMU QEMU KVM Guest OS
  • 67. User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest 5. Exit Guest Lightweight trap 6. Enter Guest Heavyweight trap 7. Exit Guest 8. Return to QEMU 9. Run VM QEMU KVM Guest OS
  • 68. User space Kernel space Guest Mode 1. VM initialization 2. Return to QEMU 3. Run VM 4. Enter Guest 5. Exit Guest Lightweight trap 6. Enter Guest Heavyweight trap 7. Exit Guest 8. Return to QEMU 9. Run VM 10. Enter Guest QEMU KVM Guest OS
  • 69. VCPU   oxffff2000 Register   Sync File The KVM trap Interface oxffff1000 0xffff001c Kernel Vector oxffff0000
  • 70. VCPU   oxffff2000 Register   Shadow  Register  File Sync File The KVM trap Interface oxffff1000 0xffff001c Kernel Vector oxffff0000
  • 71. mcr  cpsr,  r1 VCPU   oxffff2000 Register   Shadow  Register  File Sync File The KVM trap Interface oxffff1000 0xffff001c Kernel Vector oxffff0000
  • 72. mcr  cpsr,  r1 VCPU   oxffff2000 Register   Shadow  Register  File Sync File The KVM trap Interface oxffff1000 0xffff001c Kernel Vector oxffff0000
  • 73. mcr  cpsr,  r1 VCPU   oxffff2000 Read/Write Register   Shadow  Register  File Sync Instructions File The KVM trap Interface oxffff1000 0xffff001c Kernel Vector oxffff0000
  • 74. mcr  cpsr,  r1 VCPU   oxffff2000 Read/Write Register   Shadow  Register  File Sync Instructions File The KVM trap Interface oxffff1000 0xffff001c Kernel Vector oxffff0000
  • 76. PTB Virtual  Address Physical  Address
  • 78. Guest  PTB GVA GPA HVA HPA
  • 79. Guest  PTB GVA GPA HVA HPA
  • 80. Guest  PTB GVA GPA Host  PTB HVA HPA
  • 81. Guest  PTB GVA GPA Host  PTB HVA New  SPTE  !!! HPA
  • 84. PABT/DABT  trap guest   page  table   walker
  • 85. PABT/DABT  trap guest   page  table   walker True  Translation  fault
  • 86. PABT/DABT  trap guest   Guest   page  table   permission   walker checker True  Translation  fault
  • 87. PABT/DABT  trap guest   Guest   page  table   permission   walker checker True  permission  fault True  Translation  fault
  • 88. PABT/DABT  trap guest   Guest   MMIO  access   page  table   permission   checker walker checker True  permission  fault True  Translation  fault
  • 89. PABT/DABT  trap guest   Guest   MMIO  access   page  table   permission   checker walker checker True  permission  fault True  Translation  fault MMIO  emulation
  • 90. PABT/DABT  trap guest   Guest   Shadow  page   MMIO  access   page  table   permission   table   checker walker checker mapping True  permission  fault True  Translation  fault MMIO  emulation
  • 91. Hidden  protection  fault PABT/DABT  trap guest   Guest   Shadow  page   MMIO  access   page  table   permission   table   checker walker checker mapping True  permission  fault True  Translation  fault MMIO  emulation
  • 92. Hidden  protection  fault PABT/DABT  trap guest   Guest   Shadow  page   MMIO  access   page  table   permission   table   checker walker checker mapping True  permission  fault Hidden  translation  fault True  Translation  fault MMIO  emulation
  • 93. Hidden  protection  fault PABT/DABT  trap guest   Guest   Shadow  page   MMIO  access   Shadow  page   page  table   permission   table   checker table  update walker checker mapping True  permission  fault Hidden  translation  fault True  Translation  fault MMIO  emulation
  • 95. I/O virtualization • Emulation by QEMU • virtio • IRQ chip in kernel
  • 97. Guest OS: Linux 2.6.35 QEMU 0.14 Driver Device ARMvisor Driver Host OS: Linux 2.6.38 Hardware: ARM Cortex-A8
  • 98. Guest OS: Linux 2.6.35 1 QEMU 0.14 Driver Device ARMvisor Driver Host OS: Linux 2.6.38 Hardware: ARM Cortex-A8
  • 99. Guest OS: Linux 2.6.35 1 QEMU 0.14 Driver Device 2 ARMvisor Driver Host OS: Linux 2.6.38 Hardware: ARM Cortex-A8
  • 100. Guest OS: Linux 2.6.35 1 QEMU 0.14 Driver Device 3 2 ARMvisor Driver Host OS: Linux 2.6.38 Hardware: ARM Cortex-A8
  • 101. Guest OS: Linux 2.6.35 1 QEMU 0.14 Driver Device 3 2 ARMvisor Driver Host OS: Linux 2.6.38 4 Hardware: ARM Cortex-A8
  • 102. Guest OS: Linux 2.6.35 QEMU 0.14 Driver Device ARMvisor Driver Host OS: Linux 2.6.38 Hardware: ARM Cortex-A8
  • 103. Guest OS: Linux 2.6.35 QEMU 0.14 Driver Device ARMvisor Driver Host OS: Linux 2.6.38 5 Hardware: ARM Cortex-A8
  • 104. Guest OS: Linux 2.6.35 QEMU 0.14 Driver Device 6 ARMvisor Driver Host OS: Linux 2.6.38 5 Hardware: ARM Cortex-A8
  • 105. Guest OS: Linux 2.6.35 QEMU 0.14 Driver Device 7 6 ARMvisor Driver Host OS: Linux 2.6.38 5 Hardware: ARM Cortex-A8
  • 106. Guest OS: Linux 2.6.35 8 QEMU 0.14 Driver Device 7 6 ARMvisor Driver Host OS: Linux 2.6.38 5 Hardware: ARM Cortex-A8
  • 107. virtio
  • 108. virtio Vir,o  Driver Guest Vir,o  AMBA  Controller Vring Transport Vir,o  AMBA  Controller QEMU Vir,o  Device
  • 110. Opera,ng  System Interrupt  Controller Deliver  Interrupt Get  IRQ  number 1 Ack  IRQ  number Mask  IRQ 2 End  of  IRQ 3 Unmask  IRQ 4
  • 111. irq_chip in kernel Guest Deliver7 GIC QEMU IRQ7 Control7 GIC7 Device Device Device IOCTL7 ARMvisor
  • 112. irq_chip in kernel Guest Deliver$ IRQ$ QEMU Device Device Device Control$ GIC$ GIC$in$Kernel KVM
  • 115. Future Works • Support for ARM’s Virtualization extension
  • 116. Future Works • Support for ARM’s Virtualization extension • Cortex-A15 and beyond
  • 117. Future Works • Support for ARM’s Virtualization extension • Cortex-A15 and beyond • SMP for host and guest
  • 118. Future Works • Support for ARM’s Virtualization extension • Cortex-A15 and beyond • SMP for host and guest • AArch64 Support
  • 119. Future Works • Support for ARM’s Virtualization extension • Cortex-A15 and beyond • SMP for host and guest • AArch64 Support • ARMv8
  • 120. By the way, ...
  • 122. OpenSource • We HAVE opened source in late August, 2012.
  • 123. OpenSource • We HAVE opened source in late August, 2012. • GNU GPLv2
  • 124. OpenSource • We HAVE opened source in late August, 2012. • GNU GPLv2 • Source code of Host and Guest OS
  • 125. OpenSource • We HAVE opened source in late August, 2012. • GNU GPLv2 • Source code of Host and Guest OS • https://github.com/SSLab-NTHU
  • 126. Q &A