Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using VM controls Examples of ‘event-injection’ by our ‘host’ VMM into its ‘guest’ VM.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Using VM controls Examples of ‘event-injection’ by our ‘host’ VMM into its ‘guest’ VM."— Presentation transcript:

1 Using VM controls Examples of ‘event-injection’ by our ‘host’ VMM into its ‘guest’ VM

2 Document ambiguities As is usually the case with documentation for complex computer hardware, manuals intended to explain its operations tend to omit some details Here we highlight some examples for the Intel ‘Virtualization Technology’ manuals pertaining to the ‘event-injection’ facility Experimentation can help clarify questions

3 VM-entry interruption VALIDVALID reservedvectortype control_VMentry_interruption_information 31 11 10 8 7 0 ERRORERROR Selects which IDT entry will be used Interruption-type: 0 = External Interrupt4 = Software Interrupt 1 = (reserved)5 = Privileged software exception 2 = Non-Maskable Interrupt6 = Software exception 3 = Hardware Exception7 = (reserved) Deliver error-code (1=yes, 0=no) Event-injection is valid (1=yes, 0=no)

4 Error-code delivery control_VMentry_interruption_error_code reserved error_code 31 16 15 0 Upon VM entry this error-code will be pushed onto the guest’s stack if and only if, in the control_VMentry_interruption_information field, the VALID bit (bit 31) and the DELIVER ERROR-CODE bit (bit 12) both are set to 1 QUESTION: Are any checks performed on the error_code’s format? Is it indeed required to be just 16-bits (as is suggested here)?

5 Software events control_VMentry_instruction_length instruction-length (from 1 to 15) 31 0 For injection of events whose type is 4, 5, or 6, this field is used by the cpu to determine what value for register RIP will be pushed on the guest’s stack Type 4: Software interrupt Type 5: Privileged software exception Type 6: Software exception QUESTION: What would be an example of each of these event types?

6 Our demo program We created an LKM (named ‘inject08.c’) that injects an event of type 0 (External Interrupt) into our ‘guest’ Virtual Machine (if the IF-bit in its EFLAGS register is set) The real-mode BIOS interrupt-handler for interrupt-vector 8 is known to increment the Timer-Tick Counter at address 0x46C Our ‘seeevent.cpp’ program shows that!

7 In-class exercise Explore the unanswered questions using our ‘inject08.c’ device-driver module, and our ‘seeevent.cpp’ application-program, by introducing modifications into those files that will test your various hypotheses

Download ppt "Using VM controls Examples of ‘event-injection’ by our ‘host’ VMM into its ‘guest’ VM."

Similar presentations

Attacks on Virtual Machine Emulators Peter Ferrie, Senior Principal Researcher 12 April, 2007.

Attacks on Virtual Machine Emulators Peter Ferrie, Senior Principal Researcher 12 April, 2007.
ITCS 3181 Logic and Computer Systems 2015 B. Wilkinson slides3.ppt Modification date: March 16, 2015 1 Addressing Modes The methods used in machine instructions.

ITCS 3181 Logic and Computer Systems 2015 B. Wilkinson slides3.ppt Modification date: March 16, Addressing Modes The methods used in machine instructions.
Using VMX within Linux We explore the feasibility of executing ROM-BIOS code within the Linux x86_64 kernel.

Using VMX within Linux We explore the feasibility of executing ROM-BIOS code within the Linux x86_64 kernel.
Interrupts Chapter 8 – pp 209-214 Chapter 10 – pp 258-264 Appendix A – pp 537 & 543-545.

Interrupts Chapter 8 – pp Chapter 10 – pp Appendix A – pp 537 &
Bart Miller. Outline Definition and goals Paravirtualization System Architecture The Virtual Machine Interface Memory Management CPU Device I/O Network,

Bart Miller. Outline Definition and goals Paravirtualization System Architecture The Virtual Machine Interface Memory Management CPU Device I/O Network,
Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.

Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.
Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.

Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.
Processor Exceptions A survey of the x86 exceptions and mechanism for handling faults, traps, and aborts.

Processor Exceptions A survey of the x86 exceptions and mechanism for handling faults, traps, and aborts.
Exceptions and Interrupts How does Linux handle service- requests from the cpu and from the peripheral devices?

Exceptions and Interrupts How does Linux handle service- requests from the cpu and from the peripheral devices?
Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.

Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.
Message Signaled Interrupts

Message Signaled Interrupts
Deferred segment-loading An exercise on implementing the concept of ‘load-on-demand’ for the program-segments in an ELF executable file.

Deferred segment-loading An exercise on implementing the concept of ‘load-on-demand’ for the program-segments in an ELF executable file.
OS Fall ’ 02 Introduction Operating Systems Fall 2002.

OS Fall ’ 02 Introduction Operating Systems Fall 2002.
Resolving interrupt conflicts An introduction to reprogramming of the 8259A Interrupt Controllers.

Resolving interrupt conflicts An introduction to reprogramming of the 8259A Interrupt Controllers.
Prelude to Multiprocessing Detecting cpu and system-board capabilities with CPUID and the MP Configuration Table.

Prelude to Multiprocessing Detecting cpu and system-board capabilities with CPUID and the MP Configuration Table.
The i/o-sensitive instructions An introduction to the software emulation of i/o-sensitive instructions in Virtual-8086 mode.

The i/o-sensitive instructions An introduction to the software emulation of i/o-sensitive instructions in Virtual-8086 mode.
Chapter 3.2 : Virtual Memory

Chapter 3.2 : Virtual Memory
OS Spring’03 Introduction Operating Systems Spring 2003.

OS Spring’03 Introduction Operating Systems Spring 2003.
Setup for VM launch Using ‘vmxwrite’ and ‘vmxread’ for access to state-information in a Virtual Machine Control Structure.

Setup for VM launch Using ‘vmxwrite’ and ‘vmxread’ for access to state-information in a Virtual Machine Control Structure.
Midterm Tuesday October 23 Covers Chapters 3 through 6 - Buses, Clocks, Timing, Edge Triggering, Level Triggering - Cache Memory Systems - Internal Memory.

Midterm Tuesday October 23 Covers Chapters 3 through 6 - Buses, Clocks, Timing, Edge Triggering, Level Triggering - Cache Memory Systems - Internal Memory.

Similar presentations

Ads by Google