© Imagination TechnologiesInternal Only – Not to be released externally p1 www.imgtec.com David Lau June 2015 Debugging & MIPS VZ.

Slides:

Advertisements

Similar presentations

CS426Fall 2010/Lecture 71 Computer Security CS 426 Lecture 7 Operating System Security Basics.

Advertisements

Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi Presented by Tyler Bletsch.

Computer Organization and Architecture

Memory Management Questions answered in this lecture: How do processes share memory? What is static relocation? What is dynamic relocation? What is segmentation?

Chapter 6 Limited Direct Execution

1 OS Structure, Processes & Process Management. 2 Recap OS functions  Coordinator  Protection  Communication  Resource management  Service provider.

Architectural Support for OS March 29, 2000 Instructor: Gary Kimura Slides courtesy of Hank Levy.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CS 300 – Lecture 23 Intro to Computer Architecture / Assembly Language Virtual Memory Pipelining.

What are Exception and Interrupts? MIPS terminology Exception: any unexpected change in the internal control flow – Invoking an operating system service.

Virtualization Technology Prof D M Dhamdhere CSE Department IIT Bombay Moving towards Virtualization… Department of Computer Science and Engineering, IIT.

General System Architecture and I/O.  I/O devices and the CPU can execute concurrently.  Each device controller is in charge of a particular device.

Embedded Systems Programming 1 ETEE 3285 Topic HW3: Coding, Compiling, Simulating.

Zen and the Art of Virtualization Paul Barham, et al. University of Cambridge, Microsoft Research Cambridge Published by ACM SOSP’03 Presented by Tina.

Slides created by: Professor Ian G. Harris Test and Debugging  Controllability and observability are required Controllability Ability to control sources.

Operating System Support for Virtual Machines Samuel T. King, George W. Dunlap,Peter M.Chen Presented By, Rajesh 1 References [1] Virtual Machines: Supporting.

Composition and Evolution of Operating Systems Introduction to Operating Systems: Module 2.

Edited By Miss Sarwat Iqbal (FUUAST) Last updated:21/1/13

Architecture Support for OS CSCI 444/544 Operating Systems Fall 2008.

Operating Systems ECE344 Ashvin Goel ECE University of Toronto OS-Related Hardware.

CS552 Quiz Sets Master. Quiz 1 – Monday class 1.External RAM fragmentation occurs when a.a process does not fill its allocated memory segments b.a memory.

Chapter 2: Computer-System Structures 2.1 Computer System Operation 2.5 Hardware Protection 2.6 Network Structure.

CS533 Concepts of Operating Systems Jonathan Walpole.

1 CSE 451 Section 2: Interrupts, Syscalls, Virtual Machines, and Project 1.

 Virtual machine systems: simulators for multiple copies of a machine on itself.  Virtual machine (VM): the simulated machine.  Virtual machine monitor.

Midterm Meeting Pete Bohman, Adam Kunk, Erik Shaw.

Microprocessor Microprocessor (cont..) It is a 16 bit μp has a 20 bit address bus can access upto 220 memory locations ( 1 MB). It can support.

1 CSE451 Architectural Supports for Operating Systems Autumn 2002 Gary Kimura Lecture #2 October 2, 2002.

Seminar of “Virtual Machines” Course Mohammad Mahdizadeh SM. University of Science and Technology Mazandaran-Babol January 2010.

Lecture Topics: 10/29 Architectural support for operating systems –timers –kernel mode –system calls –protected instructions.

Operating Systems Security

Operating Systems Engineering Based on MIT (2012, lec3) Recitation 2: OS Organization.

COMPUTER ORGANIZATION AND ASSEMBLY LANGUAGE Lecture 21 & 22 Processor Organization Register Organization Course Instructor: Engr. Aisha Danish.

Processor Structure and Function Chapter8:. CPU Structure  CPU must:  Fetch instructions –Read instruction from memory  Interpret instructions –Instruction.

Lecture 26 Virtual Machine Monitors. Virtual Machines Goal: run an guest OS over an host OS Who has done this? Why might it be useful? Examples: Vmware,

Unit - V. Debugging GNU Debugger helps you in getting information about the following: 1.If a core dump happened, then what statement or expression did.

CSE 451: Operating Systems Winter 2015 Module 25 Virtual Machine Monitors Mark Zbikowski Allen Center 476 © 2013 Gribble, Lazowska,

Introduction to Computer Organization Pipelining.

Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).

Operating Systems CMPSC 473 Introduction and Overview August 24, Lecture 1 Instructor: Bhuvan Urgaonkar.

Memory Organisation & Modes of Operations By: Prof. Mahendra B. Salunke Asst. Prof., Department of Computer Engg, SITS, Pune-41

Kernel Tracing David Ferry, Chris Gill CSE 522S - Advanced Operating Systems Washington University in St. Louis St. Louis, MO

Lecture 13: Virtual Machines

Introduction to Operating Systems

Interrupts and exceptions

William Stallings Computer Organization and Architecture 8th Edition

Anton Burtsev February, 2017

Day 08 Processes.

Day 09 Processes.

Lecture 24 Virtual Machine Monitors

Operating System Structure

Kernel Tracing David Ferry, Chris Gill

CDA 3101 Spring 2016 Introduction to Computer Organization

OS Virtualization.

Introduction to Operating Systems

Virtualization Techniques

Computer-System Architecture

Architectural Support for OS

CSE 451: Operating Systems Autumn 2003 Lecture 2 Architectural Support for Operating Systems Hank Levy 596 Allen Center 1.

CSE 451: Operating Systems Autumn 2001 Lecture 2 Architectural Support for Operating Systems Brian Bershad 310 Sieg Hall 1.

CS 286 Computer Architecture & Organization

CSE 451: Operating Systems Winter 2007 Module 2 Architectural Support for Operating Systems Brian Bershad 562 Allen Center 1.

CSE 451: Operating Systems Winter 2003 Lecture 2 Architectural Support for Operating Systems Hank Levy 412 Sieg Hall 1.

Architectural Support for OS

ECE/CS 552: Pipelining and Exceptions

O/S Organization © 2004, D. J. Foreman.

CPU Structure CPU must:

CPU Structure and Function

O/S Organization © 2004, D. J. Foreman.

Interrupts and System Calls

Presentation transcript:

© Imagination TechnologiesInternal Only – Not to be released externally p1 David Lau June 2015 Debugging & MIPS VZ

© Imagination TechnologiesInternal Only – Not to be released externally p2 Debugging for non-Virtualized Systems How it’s normally done App or Lib (non-privileged) OS Kernel (privileged) App or Lib (non-privileged) SW Debugger (e.g. GDB) User-Mode debugging (only have access to 1 process) App or Lib (non-privileged) SW Debugger (e.g. GDB) OS Kernel (privileged) PrintK HW Probe (e.g. ICE/JTAG) Kernel Debugger (e.g. KGDB) OR Kernel-Mode or Bare-Iron debugging (potentially can see everything) OS Kernel invisible to App Full System

© Imagination TechnologiesInternal Only – Not to be released externally p3 Debugging for MIPS VZ - Guests SW Debugging of Guests stay the same Guest App or Lib (non-privileged) Guest Kernel (privileged) Guest App or Lib (non-privileged) SW Debugger (e.g. GDB) Guest-User-Mode debugging (only have access to 1 process) App or Lib (non-privileged) SW Debugger (e.g. GDB) OS Kernel (privileged) PrintK Kernel Debugger (e.g. KGDB) OR Kernel-Mode or Bare-Iron debugging (potentially can see everything for Guest, but not Root) Root App or Lib (non-privileged) Root Kernel (privileged) Guest Kernel invisible to Guest App Root SW invisible to Guest Root SW invisible to Guest-kernel OK, no security hole HW Probe discussed later Full System

© Imagination TechnologiesInternal Only – Not to be released externally p4 Debugging for MIPS VZ - Root SW Debugging of Root Guest App or Lib (non-privileged) Guest Kernel (privileged) Root App or Lib (non-privileged) SW Debugger (e.g. GDB) Root App or Lib (non-privileged) Root Kernel (privileged) Root Kernel invisible to Root-User App or Lib (non-privileged) SW Debugger (e.g. GDB) Hypervisor PrintK HW Probe (e.g. ICE/JTAG) Debugger In hypervisor OR Can’t see Other Guests, as have to ask Hypervisor Guest Kernel (privileged) Root App or Lib (non-privileged) Hypervisor debugging OK, no security hole Potential Security Hole – might want to grant access to Subset of Guests Root-User Debugging

© Imagination TechnologiesInternal Only – Not to be released externally p5 Debugging for MIPS VZ – limiting scope Graphical view of the problem Guest1 App (non-privileged) Guest1 Kernel (privileged) Root App3 (non-privileged) Root Kernel - hypervisor (privileged) Guest2 App (non-privileged) Guest2 Kernel (privileged) Full System Container1Container2Container3 Guest1 App (non-privileged) Guest1 Kernel (privileged) Root Kernel - hypervisor (privileged) Container2 What we want to be visible Make Guest2 Invisible To debugger Currently Not Possible Make Root App3 Invisible To debugger

© Imagination TechnologiesInternal Only – Not to be released externally p6 Debug HW Probe controls the CPU No SW can prevent the Debug HW Probe from taking over the system Instruction Fetch Unit Execution Pipelines “Regular” Memory System Data Register EJTAG Control Register Instructions Mux Debug Test Access Port TAP HW Debug Probe JTAG Data Serial Pin Above registers Not accessible to CPU, Only accessible to Debug Probe EJTAG Disable Pin Execution Logic DebugMode Debug Memory Segment Debug Interrupt Has no Disable ProbeTrap ProbeEn Malicious code Enters here Assume Malicious User hooks up Probe Assume EJTAG disable pin not used

© Imagination TechnologiesInternal Only – Not to be released externally p7 Problem(s) Statement  Problem1 - When debugging in Root-Kernel mode  Want the ability to restrict visibility/debugability to only certain Guests  Currently in MIPS VZ Architecture, visibility/debugability is given to all Guests  Problem2 – HW Probe can’t be disabled by SW in MIPS VZ Architecture  HW Probe controls where CPU is getting instructions – including getting instructions from the HW probe  There is only EJTAG HW disable pin.  No TAP/ICE at the Guest Level; only TAP/ICE at Root-Kernel level Security holes when debugging in Root-Mode