felix erkinger – wuxxin@gmail · 2016-11-23 · felix erkinger – [email protected] the...
TRANSCRIPT
![Page 1: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/1.jpg)
The Future of Virtualization
Felix Erkinger – [email protected]
The "anyOS" paradigm and its implications through virtualization
30 December 2005 – 22c3 Berlin
![Page 2: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/2.jpg)
Introduction Tools The Future Introduction Application Area Theorie
What is Virtualization ?
Virtualization is a framework or methodology of dividing theresources of a computer into multiple execution environments.
By using this technics its possible to share the resources of acomputer to multiple operating systems all running at once.
Felix Erkinger – [email protected] The Future of Virtualization
![Page 3: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/3.jpg)
Introduction Tools The Future Introduction Application Area Theorie
Field of Application for Virtualization
• Server consolidation• Legacy Applications within legacy OS’es• Secure isolated sandboxes for running untrusted
applications• Application mobility• Testing and debugging environments• Clean (single) service design• Freedom of choice in using multiple os at once• Soft user migration path• Virtualization is fun !
Felix Erkinger – [email protected] The Future of Virtualization
![Page 4: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/4.jpg)
Introduction Tools The Future Introduction Application Area Theorie
Field of Application for Virtualization
• Server consolidation• Legacy Applications within legacy OS’es• Secure isolated sandboxes for running untrusted
applications• Application mobility• Testing and debugging environments• Clean (single) service design• Freedom of choice in using multiple os at once• Soft user migration path• Virtualization is fun !
Felix Erkinger – [email protected] The Future of Virtualization
![Page 5: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/5.jpg)
Introduction Tools The Future Introduction Application Area Theorie
Field of Application for Virtualization
• Server consolidation• Legacy Applications within legacy OS’es• Secure isolated sandboxes for running untrusted
applications• Application mobility• Testing and debugging environments• Clean (single) service design• Freedom of choice in using multiple os at once• Soft user migration path• Virtualization is fun !
Felix Erkinger – [email protected] The Future of Virtualization
![Page 6: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/6.jpg)
Introduction Tools The Future Introduction Application Area Theorie
Field of Application for Virtualization
• Server consolidation• Legacy Applications within legacy OS’es• Secure isolated sandboxes for running untrusted
applications• Application mobility• Testing and debugging environments• Clean (single) service design• Freedom of choice in using multiple os at once• Soft user migration path• Virtualization is fun !
Felix Erkinger – [email protected] The Future of Virtualization
![Page 7: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/7.jpg)
Introduction Tools The Future Introduction Application Area Theorie
Field of Application for Virtualization
• Server consolidation• Legacy Applications within legacy OS’es• Secure isolated sandboxes for running untrusted
applications• Application mobility• Testing and debugging environments• Clean (single) service design• Freedom of choice in using multiple os at once• Soft user migration path• Virtualization is fun !
Felix Erkinger – [email protected] The Future of Virtualization
![Page 8: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/8.jpg)
Introduction Tools The Future Introduction Application Area Theorie
Field of Application for Virtualization
• Server consolidation• Legacy Applications within legacy OS’es• Secure isolated sandboxes for running untrusted
applications• Application mobility• Testing and debugging environments• Clean (single) service design• Freedom of choice in using multiple os at once• Soft user migration path• Virtualization is fun !
Felix Erkinger – [email protected] The Future of Virtualization
![Page 9: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/9.jpg)
Introduction Tools The Future Introduction Application Area Theorie
Field of Application for Virtualization
• Server consolidation• Legacy Applications within legacy OS’es• Secure isolated sandboxes for running untrusted
applications• Application mobility• Testing and debugging environments• Clean (single) service design• Freedom of choice in using multiple os at once• Soft user migration path• Virtualization is fun !
Felix Erkinger – [email protected] The Future of Virtualization
![Page 10: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/10.jpg)
Introduction Tools The Future Introduction Application Area Theorie
Field of Application for Virtualization
• Server consolidation• Legacy Applications within legacy OS’es• Secure isolated sandboxes for running untrusted
applications• Application mobility• Testing and debugging environments• Clean (single) service design• Freedom of choice in using multiple os at once• Soft user migration path• Virtualization is fun !
Felix Erkinger – [email protected] The Future of Virtualization
![Page 11: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/11.jpg)
Introduction Tools The Future Introduction Application Area Theorie
Field of Application for Virtualization
• Server consolidation• Legacy Applications within legacy OS’es• Secure isolated sandboxes for running untrusted
applications• Application mobility• Testing and debugging environments• Clean (single) service design• Freedom of choice in using multiple os at once• Soft user migration path• Virtualization is fun !
Felix Erkinger – [email protected] The Future of Virtualization
![Page 12: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/12.jpg)
Introduction Tools The Future Introduction Application Area Theorie
Definition of virtualizability
1 The method of executing nonprivileged instructions mustbe equivalent in both privileged and user mode
2 There must be a protection system or an addresstranslation system to protect the real system and any otherVMs from each other
3 There must be a way to automatically signal the VMMwhen a VM attempts to execute a sensitive instruction
• Instructions that attempt to change or reference the modeof the VM or the state of the machine
• Instructions that read or change sensitive registers and/ormemory locations
• Instructions that reference the storage protection system,memory system, or address relocation system
• All I/O instructions
Felix Erkinger – [email protected] The Future of Virtualization
![Page 13: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/13.jpg)
Introduction Tools The Future Introduction Application Area Theorie
Definition of virtualizability
1 The method of executing nonprivileged instructions mustbe equivalent in both privileged and user mode
2 There must be a protection system or an addresstranslation system to protect the real system and any otherVMs from each other
3 There must be a way to automatically signal the VMMwhen a VM attempts to execute a sensitive instruction
• Instructions that attempt to change or reference the modeof the VM or the state of the machine
• Instructions that read or change sensitive registers and/ormemory locations
• Instructions that reference the storage protection system,memory system, or address relocation system
• All I/O instructions
Felix Erkinger – [email protected] The Future of Virtualization
![Page 14: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/14.jpg)
Introduction Tools The Future Introduction Application Area Theorie
Definition of virtualizability
1 The method of executing nonprivileged instructions mustbe equivalent in both privileged and user mode
2 There must be a protection system or an addresstranslation system to protect the real system and any otherVMs from each other
3 There must be a way to automatically signal the VMMwhen a VM attempts to execute a sensitive instruction
• Instructions that attempt to change or reference the modeof the VM or the state of the machine
• Instructions that read or change sensitive registers and/ormemory locations
• Instructions that reference the storage protection system,memory system, or address relocation system
• All I/O instructions
Felix Erkinger – [email protected] The Future of Virtualization
![Page 15: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/15.jpg)
Introduction Tools The Future Introduction Application Area Theorie
Definition of virtualizability
1 The method of executing nonprivileged instructions mustbe equivalent in both privileged and user mode
2 There must be a protection system or an addresstranslation system to protect the real system and any otherVMs from each other
3 There must be a way to automatically signal the VMMwhen a VM attempts to execute a sensitive instruction
• Instructions that attempt to change or reference the modeof the VM or the state of the machine
• Instructions that read or change sensitive registers and/ormemory locations
• Instructions that reference the storage protection system,memory system, or address relocation system
• All I/O instructions
Felix Erkinger – [email protected] The Future of Virtualization
![Page 16: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/16.jpg)
Introduction Tools The Future Introduction Application Area Theorie
Definition of virtualizability
1 The method of executing nonprivileged instructions mustbe equivalent in both privileged and user mode
2 There must be a protection system or an addresstranslation system to protect the real system and any otherVMs from each other
3 There must be a way to automatically signal the VMMwhen a VM attempts to execute a sensitive instruction
• Instructions that attempt to change or reference the modeof the VM or the state of the machine
• Instructions that read or change sensitive registers and/ormemory locations
• Instructions that reference the storage protection system,memory system, or address relocation system
• All I/O instructions
Felix Erkinger – [email protected] The Future of Virtualization
![Page 17: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/17.jpg)
Introduction Tools The Future Introduction Application Area Theorie
Definition of virtualizability
1 The method of executing nonprivileged instructions mustbe equivalent in both privileged and user mode
2 There must be a protection system or an addresstranslation system to protect the real system and any otherVMs from each other
3 There must be a way to automatically signal the VMMwhen a VM attempts to execute a sensitive instruction
• Instructions that attempt to change or reference the modeof the VM or the state of the machine
• Instructions that read or change sensitive registers and/ormemory locations
• Instructions that reference the storage protection system,memory system, or address relocation system
• All I/O instructions
Felix Erkinger – [email protected] The Future of Virtualization
![Page 18: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/18.jpg)
Introduction Tools The Future Introduction Application Area Theorie
Definition of virtualizability
1 The method of executing nonprivileged instructions mustbe equivalent in both privileged and user mode
2 There must be a protection system or an addresstranslation system to protect the real system and any otherVMs from each other
3 There must be a way to automatically signal the VMMwhen a VM attempts to execute a sensitive instruction
• Instructions that attempt to change or reference the modeof the VM or the state of the machine
• Instructions that read or change sensitive registers and/ormemory locations
• Instructions that reference the storage protection system,memory system, or address relocation system
• All I/O instructions
Felix Erkinger – [email protected] The Future of Virtualization
![Page 19: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/19.jpg)
Introduction Tools The Future Introduction Application Area Theorie
Status of the X86 Virtualization capabilities• 17 privileged instructions do not trap in user mode,
violating Requirement 3.• All seventeen instructions violate either part B or part C of
Requirement 3• This makes the Intel x86 processor architecture
non-virtualizable.
Felix Erkinger – [email protected] The Future of Virtualization
![Page 20: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/20.jpg)
Introduction Tools The Future Introduction Application Area Theorie
Status of the X86 Virtualization capabilities• 17 privileged instructions do not trap in user mode,
violating Requirement 3.• All seventeen instructions violate either part B or part C of
Requirement 3• This makes the Intel x86 processor architecture
non-virtualizable.
Felix Erkinger – [email protected] The Future of Virtualization
![Page 21: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/21.jpg)
Introduction Tools The Future Introduction Application Area Theorie
Status of the X86 Virtualization capabilities• 17 privileged instructions do not trap in user mode,
violating Requirement 3.• All seventeen instructions violate either part B or part C of
Requirement 3• This makes the Intel x86 processor architecture
non-virtualizable.
Felix Erkinger – [email protected] The Future of Virtualization
![Page 22: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/22.jpg)
Introduction Tools The Future How to What’s inside
How to hack around those limitations ?
Technics used for virtualization• hardwarechange (Intel VT-x, AMD Pacifica)• full emulation• dynamic recompilation• dynamic scan before execute / binary rewriting• full kernel porting / OS Emulation• api Emulation (eg. wine)• mikro kernel approch• paravirtualising and fractional kernel porting
Felix Erkinger – [email protected] The Future of Virtualization
![Page 23: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/23.jpg)
Introduction Tools The Future How to What’s inside
what’s inside the box ?
• Protection management (Secure isolation)• reconciling the virtual and physical architecture• preventing vm from interfering with each other or the
monitor• Resource management (Partitioning, Quality of Service)
• time multiplexed resources: cpu, network, disk bandwidth• space multiplexed resources: physical memory
including paging support for a guest vm
• Checkpoint/(live)migration/recovery• Near to native speed (all virtualization guys are quake
players ...)• fast monitor(hypervisor) calls and switches between vm’s• fast interrupt handling• Idle instruction support• chunk writes for i/o (Double ring buffers)
Felix Erkinger – [email protected] The Future of Virtualization
![Page 24: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/24.jpg)
Introduction Tools The Future How to What’s inside
what’s inside the box ?
• Protection management (Secure isolation)• reconciling the virtual and physical architecture• preventing vm from interfering with each other or the
monitor• Resource management (Partitioning, Quality of Service)
• time multiplexed resources: cpu, network, disk bandwidth• space multiplexed resources: physical memory
including paging support for a guest vm
• Checkpoint/(live)migration/recovery• Near to native speed (all virtualization guys are quake
players ...)• fast monitor(hypervisor) calls and switches between vm’s• fast interrupt handling• Idle instruction support• chunk writes for i/o (Double ring buffers)
Felix Erkinger – [email protected] The Future of Virtualization
![Page 25: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/25.jpg)
Introduction Tools The Future How to What’s inside
what’s inside the box ?
• Protection management (Secure isolation)• reconciling the virtual and physical architecture• preventing vm from interfering with each other or the
monitor• Resource management (Partitioning, Quality of Service)
• time multiplexed resources: cpu, network, disk bandwidth• space multiplexed resources: physical memory
including paging support for a guest vm
• Checkpoint/(live)migration/recovery• Near to native speed (all virtualization guys are quake
players ...)• fast monitor(hypervisor) calls and switches between vm’s• fast interrupt handling• Idle instruction support• chunk writes for i/o (Double ring buffers)
Felix Erkinger – [email protected] The Future of Virtualization
![Page 26: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/26.jpg)
Introduction Tools The Future How to What’s inside
what’s inside the box ?
• Protection management (Secure isolation)• reconciling the virtual and physical architecture• preventing vm from interfering with each other or the
monitor• Resource management (Partitioning, Quality of Service)
• time multiplexed resources: cpu, network, disk bandwidth• space multiplexed resources: physical memory
including paging support for a guest vm
• Checkpoint/(live)migration/recovery• Near to native speed (all virtualization guys are quake
players ...)• fast monitor(hypervisor) calls and switches between vm’s• fast interrupt handling• Idle instruction support• chunk writes for i/o (Double ring buffers)
Felix Erkinger – [email protected] The Future of Virtualization
![Page 27: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/27.jpg)
![Page 28: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/28.jpg)
![Page 29: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/29.jpg)
Introduction Tools The Future How to What’s inside
Hardwarechange
PossibilitiesChange the 17 privileged instructions to trap in user mode, andchange there semantics
• Good: Easy to implement, if used as switchable extensionalso safe with "legacy" software
• Bad: Easy to implement...
Or...Invent a hole new set of instructions and a new mode.Intel VT-x, AMD Pacifica
Felix Erkinger – [email protected] The Future of Virtualization
![Page 30: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/30.jpg)
Introduction Tools The Future How to What’s inside
Hardwarechange
PossibilitiesChange the 17 privileged instructions to trap in user mode, andchange there semantics
• Good: Easy to implement, if used as switchable extensionalso safe with "legacy" software
• Bad: Easy to implement...
Or...Invent a hole new set of instructions and a new mode.Intel VT-x, AMD Pacifica
Felix Erkinger – [email protected] The Future of Virtualization
![Page 31: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/31.jpg)
Introduction Tools The Future How to What’s inside
Hardwarechange
PossibilitiesChange the 17 privileged instructions to trap in user mode, andchange there semantics
• Good: Easy to implement, if used as switchable extensionalso safe with "legacy" software
• Bad: Easy to implement...
Or...Invent a hole new set of instructions and a new mode.Intel VT-x, AMD Pacifica
Felix Erkinger – [email protected] The Future of Virtualization
![Page 32: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/32.jpg)
Introduction Tools The Future How to What’s inside
Hardwarechange
PossibilitiesChange the 17 privileged instructions to trap in user mode, andchange there semantics
• Good: Easy to implement, if used as switchable extensionalso safe with "legacy" software
• Bad: Easy to implement...
Or...Invent a hole new set of instructions and a new mode.Intel VT-x, AMD Pacifica
Felix Erkinger – [email protected] The Future of Virtualization
![Page 33: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/33.jpg)
Introduction Tools The Future How to What’s inside
Full Emulation
• Fetch & Translate Opcode & Execute Opcode (as function)• Update Virtual Device States
• Good: Multiple architectures (cross architectureemulation), good debugging capabilities
• Bad: Very slow, need nearly complete architectureemulated (including bios, I/O, ..)
Felix Erkinger – [email protected] The Future of Virtualization
![Page 34: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/34.jpg)
Introduction Tools The Future How to What’s inside
Dynamic scan before execute / binary rewriting
code currently examinedjnz done:biggermov ax,[sp-2]smsw:doneret 2
• Branch
• sensitive Instruction
• function return
• Good: quite fast• Bad: very dirty, need to support selfmodifiying code
Felix Erkinger – [email protected] The Future of Virtualization
![Page 35: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/35.jpg)
Introduction Tools The Future How to What’s inside
Dynamic recompilation
for all opcodes• Analyse opcode• Translate into small virtual opcodes (c instructions)• keep care of virtualized infrastructure• Translate virtual opcodes into native machine code
• Good: quite fast (depending on the implemention fasterthan binary rewriting), Multiple architectures (crossarchitecture recompliation), only need usermode support
• Bad: delicate, need to support selfmodifying code
Felix Erkinger – [email protected] The Future of Virtualization
![Page 36: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/36.jpg)
Introduction Tools The Future How to What’s inside
API-Emulation, OS-Emulation
• OS-Emulation• All hardware access are mapped to functions, all os calls
are remapped to real os calls• API-Emulation
• All function calls are mapped to the correspondingemulation functions
• Good: quite fast, userspace task in general• Bad: hard to secure, needs to be "bug compatible"
(depending source availability this is either easy or veryhard), need to emulate a lot of libraries, need kernelmodule for speed (OS-emulation)
Felix Erkinger – [email protected] The Future of Virtualization
![Page 37: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/37.jpg)
Introduction Tools The Future How to What’s inside
Mikro-kernel approch
• Good: Clean design,fast
• Bad: Tons of code,very hard to maintaindriver availability
Felix Erkinger – [email protected] The Future of Virtualization
![Page 38: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/38.jpg)
Introduction Tools The Future How to What’s inside
Paravirtualization
• Good: very fast (nearnative), scaleable(linear overhead),easy hardwaresupport
• Bad: complicated,needs modifiedkernel, hardwaredomain dependency
Felix Erkinger – [email protected] The Future of Virtualization
![Page 39: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/39.jpg)
Introduction Tools The Future How to What’s inside
Paravirtualization & Fullvirtualization together
• Good: very fast (nearnative), scaleable(linear overhead),easy hardwaresupport, able to rununmodified kernel
• Bad: complicated,need bios support,hardware domaindependency
Felix Erkinger – [email protected] The Future of Virtualization
![Page 40: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/40.jpg)
Xen 2.0 Architektur Design
Figure: http://www.cl.cam.ac.uk/Research/SRG/netos/xen/architecture.html
![Page 41: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/41.jpg)
Xen Performance
Figure: http://www.cl.cam.ac.uk/Research/SRG/netos/xen/architecture.html
![Page 42: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/42.jpg)
Xen Performance
Figure: http://www.cl.cam.ac.uk/Research/SRG/netos/xen/architecture.html
![Page 43: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/43.jpg)
Introduction Tools The Future How to What’s inside
Today’s Virtualizationsoftware for PC’s (x86 Platform)• Emulation
• Bochs• Dynamic Recompilation
• Qemu 0.7.x• Kernel porting / OS Emulation
• Usermodelinux V0.6x• API-Emulation
• Wine• Paravirtualising and porting
• Xen V2.0• Fullvirtualization & Hybridtechnics
• Microsoft Virtual PC 2004 / Virtual Server 2005• Vmware 5.x• Xen V3.0
Felix Erkinger – [email protected] The Future of Virtualization
![Page 44: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/44.jpg)
Introduction Tools The Future
The Future
• soon: Virtualization Monitor will become part of a standard"bootloader"
• in scope: Linux/*BSD & Reactos will be the "Any Os" withbest possible hardware support.
• whenever needed: Virtualization will become a keytechnologie in privacy enforcementNo more hassels with ’Copyright Enforcement’Technologies
Felix Erkinger – [email protected] The Future of Virtualization
![Page 45: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/45.jpg)
Introduction Tools The Future
The Future
• soon: Virtualization Monitor will become part of a standard"bootloader"
• in scope: Linux/*BSD & Reactos will be the "Any Os" withbest possible hardware support.
• whenever needed: Virtualization will become a keytechnologie in privacy enforcementNo more hassels with ’Copyright Enforcement’Technologies
Felix Erkinger – [email protected] The Future of Virtualization
![Page 46: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/46.jpg)
Introduction Tools The Future
The Future
• soon: Virtualization Monitor will become part of a standard"bootloader"
• in scope: Linux/*BSD & Reactos will be the "Any Os" withbest possible hardware support.
• whenever needed: Virtualization will become a keytechnologie in privacy enforcementNo more hassels with ’Copyright Enforcement’Technologies
Felix Erkinger – [email protected] The Future of Virtualization
![Page 47: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/47.jpg)
further reading
further reading I
IA-32 Intel Architecture Software – Developer’s Manualshttp://www.intel.com/design/pentium4/manuals/index_new.htm
Analysis of the Intel Pentium’s Ability to Support a SecureVirtual Machine Monitorhttp://denali.cs.washington.edu/relwork/papers/pentium.pdf
Xen and the Art of Virtualizationhttp://www.cl.cam.ac.uk/Research/SRG/netos/papers/2003-xensosp.pdf
Felix Erkinger – [email protected] The Future of Virtualization
![Page 48: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/48.jpg)
further reading
further reading II
Keir Fraser, Steven Hand, Rolf Neugebauer, Ian Pratt,Andrew War eld, Mark Williamson.Safe Hardware Access with the Xen Virtual MachineMonitor.University of Cambridge Computer Laboratory, 2004http://www.cl.cam.ac.uk/Research/SRG/netos/papers/2004-oasis-ngio.pdf
Intel Virtualization Technologyhttp://www.intel.com/technology/computing/vptech/
AMD "Pacifica" Virtualization Technologyhttp://enterprise.amd.com/Enterprise/serverVirtualization.aspx
Xen V2.0 & V3.0 http://www.xensource.com/
Felix Erkinger – [email protected] The Future of Virtualization
![Page 49: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/49.jpg)
further reading
further reading III
Usermodelinux V0.6xhttp://user-mode-linux.sourceforge.net/
Denali http://denali.cs.washington.edu/
Vmware Workstation 5.x http://www.vmware.com/
Qemu 0.7.xhttp://fabrice.bellard.free.fr/qemu/
Bochs IA-32 Emulator Projecthttp://bochs.sourceforge.net/
Microsoft Virtual PC 2004http://www.microsoft.com/windows/virtualpc/default.mspx
Felix Erkinger – [email protected] The Future of Virtualization
![Page 50: Felix Erkinger – wuxxin@gmail · 2016-11-23 · Felix Erkinger – wuxxin@gmail.com The "anyOS" paradigm and its implications through virtualization 30 December 2005 – 22c3 Berlin](https://reader033.vdocuments.us/reader033/viewer/2022043020/5f3be6c1e5125252f05f3f93/html5/thumbnails/50.jpg)
further reading
further reading IV
The Xen Mailing ListsXen-users – Xen user discussionhttp://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users
The Xen Mailing ListsXen-devel – Xen developer discussionhttp://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel
Felix Erkinger – [email protected] The Future of Virtualization