The World of (Para)Virtualization

The Ultimate Key Logger

2006-05-18T05:29:00.000-04:00

How to build the ultimate key logger? By ultimate, I mean, its not possible to detect it using a tool that operates in the conventional way that we are used to, in an x86 environment. More generally, any tool that operates within an operating system (which typically runs in 16-bit real mode (DOS) or 32-bit protected mode), or even a PCI card with a microprocessor will have no way to detect the kind of key logger that I am going to talk about. The technique exploits Intel's system management mode, the fourth operating mode (protected, real, and virtual 8086, are the other three operating modes) of the x86 processor that is rarely used. There are a lot of AMD processors that support this mode, too.

In system management mode, or SMM, the processor operates in a 16-bit environment (just like DOS) and has access to the whole of physical memory, i.e. 4GB. So, you would have to use operand and instruction override prefixes, if you plan to use instructions or data that lie beyond the traditional real-mode limit, 1MB. The space for code/data/stack comes from a reserved area of the system memory, called SMRAM, that an operating system has no way to access. SMRAM is designed to be accessible only during SMM and protected from normal operating modes as it could be used for critical operations like power management and legacy device emulation (USB keyboard/mouse). A processor enters an SMM when it receives a special non-maskable hardware signal, system management interrupt (SMI). When an SMI is received by a processor, it saves the state in SMRAM, switches to SMM, and starts executing from a predefined location reserved for SMI handler routine. Upon completion (marked by a special instruction, RSM), the states are restored and the execution resumes from the state it was interrupted, as if nothing happened. Thus, the semantics of the normal operating mode remains unchanged. In addition, almost all chipsets that support power management, provide chipset registers to enable/disable SMI generation when accesses to predefined or user-defined I/O port ranges (IN/OUT instructions in x86) are about to take place. I target this feature of the architecture to design a key logger. For example, enabling the SMI generation for accesses to ports 60H/64H (which belong the keyboard controller registers) would let an SMI handler get control whenever there is a keyboard/mouse event and before the input is read by the interrupt handler.

Come back in a couple of days to learn about the exact steps that are involved in the process. By then, readers not so familiar with the SMM, should get some time to refer to related materials and feel comfortable with it.

Recommend others, digg it.

Top Virtualization Stories this Month

2006-05-16T22:38:00.000-04:00

05/23/2006 | Tuesday

PlateSpin First-to-Market with Continuous Server Consolidation Product Suite; PlateSpin Delivers the Most Automated End-to-End Server Consolidation Solution on the Market

TORONTO--(BUSINESS WIRE)--May 23, 2006--PlateSpin today announced the general availability of the Consolidation Planning Module for PlateSpin PowerRecon, a completely automated analysis engine which determines optimal fit between application workloads and server resources. The Consolidation Planning Module takes hardware, software and performance information gathered by PlateSpin PowerRecon, and automatically recommends an optimal allocation of servers to the most appropriate virtual hosts, such as VMware ESX Server, VMware Server or Microsoft Virtual Server. It uniquely uses CPU, disk, network, memory and time to determine the proper distribution of servers to a set of virtual hosts. With the click of a mouse, data center managers can quickly and easily determine where to consolidate servers to minimize hardware, while maximizing application performance. ..."Deciding on how to consolidate servers without proper analysis, optimization and what-if modeling tools is far from easy," said John Stetic, PlateSpin Director of Product Management. "By using PowerRecon with the Consolidation Planning Module and PowerConvert, our customers can significantly accelerate their time to value and maximize their return on investment with virtualization." [full story]

Intel unleashes vPRO platform

The platform will include its Core dual-core CPU, the second generation of Intel's Active Management Technology (IAMT) and Intel VT virtualization features. Intel chief executive Paul Otellini said the “seed units” of vPro this quarter would be followed up by shipments in the third quarter. In 2007, Intel plans to build quad-core CPUs into vPro, and extend the virutalization capabilities of VT beyond microprocessors and into hard drives, I/O and other parts of the system. [full story]

Taming Virtual Machine Sprawl: How to Get Your Virtualization Under Control

Under-utilized servers are an enormous factor in today's IT budget crisis, with system utilization inside large corporate data centers rarely exceeding 10 percent. Virtualization has the potential to slash IT costs by letting organizations accomplish more work with fewer servers. ...But virtualization projects often don't deliver the expected cost savings. The problem is not virtualization itself, but the lack of a management strategy that addresses all of the costs and risks that result when you increase the number of applications that share each server. A comprehensive virtualization management strategy that addresses hardware, software, power, real estate, and administration costs is vital to realizing the cost-saving potential of virtualization technology. [full story]

05/22/2006 | Monday

MS Highlights Virtualization

SEATTLE -- Virtualization technology continues to be a hot topic in the industry and is sure to ignite spirited conversations at the 15th annual Microsoft Windows Hardware Engineering Conference (WinHEC) this week. Virtualization is a key technology for reducing the cost and complexity of IT management, and Microsoft has committed significant resources to making virtualization more broadly accessible and affordable for customers. ...At WinHEC, which runs May 23-25 at the Washington State Convention and Trade Center here), Bob Muglia. Microsoft’s senior vice president of the Server and Tools Business, will provide updates on Microsoft’s new virtualization solutions. Of special note:

Windows Server virtualization: Microsoft’s hypervisor-based solution is on track to be available with the upcoming Microsoft Windows Server “Longhorn” operating system. Microsoft anticipates having a beta release of Windows Server virtualization by the end of 2006 and plans to release to manufacturing (RTM) within 180 days of Windows Server “Longhorn” RTM.
Microsoft System Center Virtual Machine Manager: Formerly code-named “Carmine,” this technology is a centralized, enterprise management solution for the virtualized data center. System Center Virtual Machine Manager is part of the System Center family of products and is due for beta release within the next 90 days. Microsoft anticipates release to manufacturing (RTM) in the second half of 2007.
Intent to acquire Softricity, Inc: Softricity’s application virtualization and streaming technologies provide application compatibility and accelerate corporate desktop transitions to Windows Vista.

Together, these solutions will provide a comprehensive and well-managed virtualization solution for customers across servers and desktops. [full story]

Microsoft to spotlight virtualisation hypervisor

Microsoft will take a swing at VMware at WinHEC this week by announcing plans to accelerate the delivery of its planned virtualisation hypervisor, code-named Viridian, and will debut its virtualisation management platform, code-named Carmine. ...Also at WinHEC, Microsoft is expected to discuss a feature for Windows Vista developed with Softricity and informally dubbed Virtual DLL. ...The Virtual DLL feature developed by the two companies will enable users to virtualise application registries and end "DLL hell" once and for all, several sources said. ..."I know Microsoft has been talking to Softricity and working with engineers at Softricity," said one source familiar with the joint development work on Virtual DLL. "It allows you to have a virtual registry instead of a single registry so you have can have multiple DLLs sitting on the registry. The benefit for us is it removes application conflicts. With this, you can run Office 97 and Office 2003 on the same machine," the source said. [full story]

Virtual appliance scales up security

Linux-based firewall specialist Astaro has announced its new Security Gateway for VMware – a virtual machine configured to run Astaro’s firewall package. ...Astaro co-founder Gert Hansen said the new offering would appeal to customers that needed systems to scale up beyond the hardware limitations of Astaro’s firewall appliances. “The virtual appliance delivers the exact same functionality [as our existing firewall appliance] but in a virtualised environment that makes sense for ISPs and other managed service providers. These are the most obvious customers for this virtual appliance, although firms already using virtualisation could also be interested,” Hansen added. ...To deploy the firewall firms only need to copy the VM’s virtual disk and configuration files to a server running one of VMware’s virtualisation products. The Security Gateway for Linux is based on the iptables firewall feature built into the Linux kernel, and includes a proprietary web-based GUI to help firms apply a consistent policy across multiple firewalls. [full story]

SWSoft Partners with AHPHosting for Exclusive VPS Servers

Herndon, Virginia - (The Hosting News) - May 22, 2006 - Website hosting automation company, SWsoft, has partnered with AHPHosting, Inc. formerly known as CFHosting.net, to offer customers exclusive dedicated Virtuozzo Virtual Private Servers (VPS) for Windows 2003 operating systems. ...AHP will also provide the VPS bundled with a custom software package, including a choice of SQL server 2000, ColdFusionMX, .NET, PHPwith no setup fee and unlimited customer support. ...According to the company, Virtuozzo creates multiple isolated Virtual Private Servers (VPSs) on a single physical server to share hardware, licenses and management effort with maximum efficiency. Each VPS performs and executes exactly like a stand-alone server for its users and applications, as it can be rebooted independently and has its own root access, users, IP addresses, memory, processes, files, applications, system libraries and configuration files. [full story]

Microsoft Scurries to Virtualize Servers

Microsoft is ramping up its efforts to grow traction in the increasingly competitive server virtualization space, touting the newly released Virtual Server 2005 R2 and describing its first hypervisor technology, due in 2007 or so. ...But rivals such as VMware and analysts are claiming that the company is too far behind to catch up anytime soon. ..."The market is moving ahead of the basic hypervisor now," said Raghu Raghuram, vice president of data center and desktop platform products for VMware, in Palo Alto, Calif. [full story]

05/19/2006 | Friday

Symantec: Microsoft misappropriated trade secrets to build virtualization tools

Cupertino (CA) - Symantec's director of legal affairs, Michael Shallop, alleged in an interview this afternoon with TG Dailythat Microsoft employed its own programmers to take apart source code from storage virtualization leader Veritas to which Microsoft was not entitled, and then used the information it gleaned from that code to create storage virtualization device drivers for Windows 2000, Windows Server 2003, and forthcoming versions of Windows Vista and "Longhorn" Server. [full story]

VMware To Launch ESX3, VirtualCenter 2 In June

VMware plans to announce imminent availability of its ESX Server 3 and VirtualCenter 2 platform, along with a new per-user pricing model during the first week of June. ...VMware plans to offer aggressive pricing on its ESX Server 3 and launch a new per-user pricing model, in part to monetize its increasingly popular enterprise hosted desktop model. [full story]

Microsoft To Spotlight Virtualization Hypervisor, Manager At WinHEC

Microsoft will take a swing at VMware at WinHEC this week by announcing plans to accelerate the delivery of its planned virtualization hypervisor, code-named Viridian, and will debut its virtualization management platform, code-named Carmine. ...The plan is to try to get Viridian in private beta into a limited number of partners’ hands sometime in the fourth quarter of 2006 and make it available as an add-on service for Windows Longhorn Server in the next two years, sources said. It is currently slated for the R2 release of the Windows server expected in 2009 or 2010. [full story]

CERN launches second phase of openlab industry partnership

The second phase of CERN openlab, a partnership between CERN and leading IT companies, was officially launched at a ceremony at CERN today. The industrial partners in this second phase are HP , Intel and Oracle . The second phase of CERN openlab builds on experience from the last three years, where the partnership produced many excellent technical results in the field of cluster and Grid computing. Activities for the start-up of the second phase of CERN openlab are based around a Platform Competence Centre, a Grid Interoperability Centre, and an IT security initiative. ...The Platform Competence Centre focuses on platform virtualisation as well as software and hardware optimisation. Platform virtualisation enables Grid applications to benefit from a highly secure and standardized environment presented by a “virtual machine hypervisor”, independent of all the hardware intricacies. Software and hardware optimisation is seen as a vital part of the deployment of a global computing Grid for the Large Hadron Collider (LHC), CERN’s flagship accelerator which is due to start operations next year. [full story]

Parallels Desktop for Mac goes Release Candidate

Parallels Desktop for Mac Release Candidate for Mac is noy simply a "dual-boot" solution; rather, it provides the ability to use Windows, Linux and any other operating system at the same time as Mac OS X, enabling users to enjoy the comfort of their Mac OS X desktop while still being able to use critical applications from other OSes. ...Driven by full support for dual-core processors and Intel Virtualization Technology (included in almost every new Intel-powered Mac), virtual machines created using Parallels Desktop Release Candidate for Mac offer near-native performance and rock-solid stability. [full story]

Sources: Microsoft In Talks To Buy Softricity

Microsoft is in talks to buy application virtualization software vendor Softricity of Boston, CRN has learned. ..."It's coming down to the final stretches," said one source close to Microsoft who is familiar with the discussions. "It's not a done deal yet but it's just last minute haggling kind of stuff." ...That's not all. At its hardware conference for OEMs next week, Microsoft is expected to announce plans to accelerate the delivery of its homegrown virtualization hypervisor code-named "Viridian" and will formally debut plans for a virtualization management platform code-named Carmine. [full story]

05/18/2006 | Thursday

Two new tools that CIOs want

Among the many new technologies competing for the attention of CIOs, two in particular—server virtualization and software as a service—are high on their radar screens and have a strong potential to bring real savings. [full story]

IBM to Acquire Rembo Technology to Automate Software Installation Across Thousands of PCs and Servers

ARMONK, NY -- (MARKET WIRE) -- 05/18/2006 -- IBM today announced it has reached a definitive agreement to acquire Rembo Technology, a privately held software company based in Geneva, Switzerland. Financial details were not disclosed. The acquisition is expected to be completed in the second quarter of 2006. ...Rembo is a leading provider of software that helps organizations automatically install or upgrade operating systems on thousands of servers, laptops and desktop computers simultaneously, which eliminates the need for IT specialists to spend days or weeks installing software manually on each physical or virtualized computer. [ful story]

Accessing a multizone controller via browser

The master controller module from Red Lion Controls lets users create a 'virtual HMI', allowing machines to be controlled and monitored via any networked PC with a standard web browser. This feature also facilitates access and control of any connected device in the system, including PLCs and motor drives. The controller can also log system data directly to CompactFlash in Microsoft Excel-compatible CSV files; these files can be retrieved via USB or the web-server. [full story] [digg]

Virtual machine drives optical access platform

Wave7 Optics has selected the Aonix PERC Ultra virtual machine (VM) for its Trident7 optical access platform. Wave7, a leading supplier of fibre-to-the-home and -premises (FTTH/FTTP) broadband network equipment for residential and business services, chose to develop software based on Standard Edition Java (J2SE) for its portability, scalability, and productivity. [full story]

SafeDesk Launches STS Open-Source Hybrid Thin-Client Project with Virtualization Support

Liberty Lake, WA (PRWEB) May 18, 2006 -- SafeDesk is pleased to announce that Safedesk Terminal Server 3.1 (STS) has been released. STS is a new open source project leveraging Debian Live Net to create a robust Terminal Services Environment. STS is intended to provide a desktop experience for end-users while offering scalability that is not currently available in the thin-client market. A single STS server with a gigabit port can serve as many 100+ clients at a time. This significant improvement in performance translates directly to hardware cost savings as compared to Windows TS, Citrix or even LTSP, another Open Source thin-client project. [full story]

Executives from Transitive, Intel Deliver C3 Plenary Address:
Hardware Virtualization for Enterprise IT: Dramatically Reducing Barriers to Server Migration

PARAMUS, N.J., May 17 /PRNewswire/ -- Executives from Transitive and Intel will be on hand at C3, the Corporate Channel and Computing Expo, to deliver the plenary address on Tuesday, June 27 at 1:30 p.m., which is entitled: Hardware Virtualization for Enterprise IT: Dramatically Reducing Barriers to Server Migration. The second annual C3 takes place June 27-29 at the Jacob Javits Convention Center in New York. [full story]

05/17/2006 | Wednesday

Terracotta carves out new niche with clustering for JVMs

Terracotta's release today of Terracotta 2.0 at JavaOne aims to bring the benefits of clustering to the Java virtual machine (JVM) level, thereby allowing robust Java runtime environments for framework developers, freeing them from application-specific tinkering to enjoy fault-tolerance and on-demand linear performance scale. [full story]

Whatever happened to virtual machine charge-back?

Virtualisation technology is the current darling of the software business, data centre managers and financial directors alike. Everyone likes its ease of deployment, maintenance, and usage -- but above all, they like the money it saves. The problem is though, how to quantify how much you've just saved. [full story]

Virtuozzo Plays Well With Others

SWSoft's approach to server virtualization has some definite benefits over VMWare's. Among them, it requires much less overhead, so more virtual servers can be run from a single server without noticeable performance degradation. Further, the management of the servers is simpler. [full story]

CERN launches second phase of openlab industry partnership

Geneva, 17 May 2006. The second phase of CERN openlab, a partnership between CERN and leading IT companies, was officially launched at a ceremony at CERN today. The industrial partners in this second phase are HP, Intel and Oracle. The second phase of CERN openlab builds on experience from the last three years, where the partnership produced many excellent technical results in the field of cluster and Grid computing. Activities for the start-up of the second phase of CERN openlab are based around a Platform Competence Centre, a Grid Interoperability Centre, and an IT security initiative. [full story]

PlateSpin Announces 1000th Customer Milestone and New Executive Appointments; PlateSpin Appoints Key Executives, Strengthening Its Leadership Team to Match Accelerated Growth Path

TORONTO--(BUSINESS WIRE)--May 17, 2006--PlateSpin today announced that more than 1,000 enterprise customers have selected the company's data center software solutions to manage continuous server consolidations, hardware migration, virtualization, disaster recovery, and the ongoing optimization of their data centers. In recording its fifth consecutive quarter of record revenue, PlateSpin added significant customers this past quarter to surpass the 1000th customer milestone, including Aegon, Nationwide, Axa Tech, Hawaiian Airlines, BP and Fidelity Investments. [full story]

VMware users long for live data migration

CHICAGO -- VMware Inc. is all the rage among users at the Storage Decisions conference, as evidenced by the hundreds who packed a session on VMware data recovery Tuesday afternoon. However some users said they hope VMware's migration tool, VMotion, will be enhanced soon -- specifically to support dynamic migration of data between storage systems. [full story]

Diskeeper Warns the Industry About the Pitfalls of Server Virtualisation

EAST GRINSTEAD, England, May 17 /PRNewswire/ -- Diskeeper Corporation Europe, the leader in automatic disk defragmentation, is warning the industry about the rarely discussed pitfalls of server virtualisation. A newly released Diskeeper(R) whitepaper entitled, Virtualisation and Disk Performance, details how the industry's movement towards virtualisation is making the mechanical disk drive an even weaker link by consolidating I/O through this key performance bottleneck. [full story]

Sun lays out Java road maps

Sun Microsystems executives revealed at the JavaOne conference on Tuesday future Java technologies being pondered, including Project Semplice, which will enable Visual Basic developers to use Java. ... Also discussed were Project Phobos, which supports JavaScript in the server-side Web tier; the planned Mustang and Dolphin releases of Java Platform, Standard Edition (Java SE), and ideas for improving the enterprise edition of Java. [full story]

Enomaly Launches Virtualized Management Console Beta

Enomaly, Inc. today announced the Beta deployment of Enomalism, a pre-packaged virtualization infrastructure solution based on Xen 3.0 and available under LGPL open source license. The Enomalism Virtualized Management Console (VMC) is a web-based systems administrator management tool for XEN hypervisor that enables the management of multiple isolated Virtual Private Servers (VPS) to be managed from a central web based interface. [full story]

AMD Adds Dual-Core To Mobile PC Platform

AMD plans on Wednesday to introduce its next-generation dual-core Turion mobile processor, designed to compete with Intel's successful Centrino platform.

"This is the biggest launch for the mobile division this year," says Matt Mazzantini, division marketing manager for AMD's mobile division. "Our share has been steadily growing, and we have doubled our number of design wins since we first introduced Turion." [full story]

05/16/2006 | Tuesday

moka5(TM) to Deliver PC Virtualization Innovation

REDWOOD CITY, Calif., May 16 /PRNewswire/ -- moka5(TM) today announced its formation and entry into the desktop virtualization technology business. A spin off from Stanford University's Computer Science Department, moka5 plans to revolutionize the way consumers and businesses view and use everyday computing environments. The company also announced that it has received funding from Khosla Ventures and that Vinod Khosla has joined the board. [full story]

VMware Outlines Hardware Requirements for 64-Bit Guest Operating Systems

I bet if I took a short and informal poll and said the majority of virtualization users were excited to hear VMware's announcement of 64-bit guest operating system support, most of you would agree with that statement. And following up on that statement, I would also bet that only a small minority of those same individuals would know exactly which processors offered compatibility and met the hardware requirements. Personally, I didn't even think about it. I just assumed I could purchase a 64-bit processor and then be on my way enjoying a fun filled afternoon with my virtual machine running a 64-bit guest operating system. After all, what's the problem? [full story]

AMD Previews Next-Gen Microarchitecture

San Jose -- Framed by the mounting challenge of delivering increased customer value with higher performance while keeping the lid on power requirements, Advanced Micro Devices senior fellow Chuck Moore offered a peek at his company’s ninth generation microarchitecture during a keynote address at the In-Stat Spring Processor Forum here today.[full story]

Virtual Iron Demos Latest Release at SAP SAPPHIRE '06 with Intel

LOWELL, Mass.--(BUSINESS WIRE)--May 16, 2006--Virtual Iron Software (www.virtualiron.com), a provider of software solutions for creating and managing virtual infrastructure in the data center, is participating at SAP SAPPHIRE '06 in Orlando this week. The company is demonstrating the latest release of its advanced virtualization and management software with Intel Corp. at Booth #2974. SAPPHIRE opens today and runs through May 18th. [full story]

Intel Aims to Upgrade PCs with Virtual Appliances

Intel is eyeing a plan for using software to boost a PC's ability to fight hackers, talk on the phone and even capture television programs in the future.

The chip maker, which launched its security and manageability-focused vPro brandon April 24, is contemplating mounting an effort to establish a standard method for adding virtual appliances—purpose-built software applications that run on top of their own miniature operating systems inside virtualized partitions—to PCs, a company executive said. [full story]

Can you boot a remote machine using local CD/DVD-ROM?

2006-05-15T00:57:00.000-04:00

Apparently you can! In fact, it is possible to have a server node without any kind of boot device, such as a hard drive, a CD/DVD ROM drive, or a floppy drive, and still manage it remotely as long as the chipset contains a communication fabric of any kind. And even more, you can let it have access to the legacy ports (parallel and serial ports) that you possess on your local workstation, thus enabling you to see the console remotely. And all this is possible using the BIOS virtualization technology, for which egenera was awarded a patent (no. 7,032,108) recently.

Conventional boot sequences use a hardcoded instruction sequence contained in BIOS to read a local boot device, such as hard drive, to read the OS loader (e.g. lilo) into memory. The OS loader then proceeds by reading the operating system image and loading it into memory. During this early boot stage, BIOS also offers a rudimentary set of routines to perform I/O to/from the boot device. In these cases, the whole of BIOS is mapped from a ROM or flash storage provided by the system to the physical address space. With the new technology, the conventional BIOS would only contain an instruction sequence to read a special program from a predefined remote machine into memory using a simple protocol, such as tftp, on top of the communication fabric. This special program, which can be customized depending on the requirements, then reads a remote program and loads it into system RAM starting at a predefined memory location, which the pre-execution environment (PXE) specifies as the memory space for BIOS. This newly read program, then, acts as the real BIOS and provides runtime services to perform I/O to remote boot and legacy devices (and keyboard/mouse, if necessary) by emulating the operations using a corresponding hardware on the remote machine and communicating through the medium already provided. For example, when the processor issues a read command to a SCSI drive, the runtime service routine in BIOS responsible for its emulation wraps the request with some header information and sends it across the network. The remote machine, which runs a corresponding driver unwraps the request, reads real data from the local drive, wraps the data blocks, and sends them back to the server.

Following are the steps involved in this abovementioned boot sequence:

1. Processor is powered on and the instruction pointer jumps to a predefined location.

2. POST (power-on self test) instructions are executed from the conventional option ROM (firmware).

3. Instructions in the option ROM read a special program into memory using the underlying communication fabric, e.g. ethernet.

4. Trasfer the control of execution to the special program.

5. The special program reads the real BIOS image (I would call it, vBIOS) from a remote location, as specified in the special program. This vBIOS image contains the emulation code and virtualizes the boot and legacy devices. (You should be able to add code here to support emulation to your own device.)

6. The vBIOS image is loaded into the system RAM starting at a predefined memory location as specified by the pre-execution environment (often between 0-1MB in the physical address space). To facilitate transparent addressing by the processor, this area of system RAM needs to shadowed.

7. vBIOS loads the boot sector (or OS loader).

8. OS loader loads the operating system and device drivers.

9. OS loader transfers control to the operating system.

There are several implications of having such a technology at your disposal. For example, it should be possible to further forward the I/O requests from the remote machine to yet another machine by running an emulation code on the original target. In theory, it should be possible to reroute all the boot device I/O requests within a server farm to one machine (where administrator sits and looks up the console), which has the required OS/BIOS installations. Firmware upgrades should be easily supported by replacing the vBIOS image read by the special program (step 5). Cool, it looks like an interesting thing for the server market! The question, however, is can we extend the idea for desktops... like transparent upgrades of the firmware? May be in utility computing, too?

Wanna recommend people to read this article? Digg it here.

IOMMU and Virtualization

2006-05-13T20:25:00.000-04:00

I/O performance has been an important concern in the virtualization community. For a virtual machine monitor (VMM) to support complete virtualization, there is no way around but to emulate all the peripherals accessed by a guest operating system. The major factor that denies a VMM to let a guest directly access an I/O device is the insecurity involved in DMA. Since a DMA-capable device, on x86, operates on physical rather than virtual addresses (this may not be true in general, e.g. sparc supports direct virtual memory access), there is no way for a VMM to restrict the address ranges used in a DMA transfer to that belonging to the guest only. As a result, most of the hypervisors end up emulating some of the old I/O devices that are easy to implement lacking most of the advanced features that a modern device offers. With the AMD's newly proposed I/O memory management unit, or simply IOMMU, this problem seems to come to an end. In this article, I'll go a little bit deeper into this technology and discuss the differences it can make in the life of a system designer.

This paragraph is for the beginners, experts please move on to the next paragraph. IOMMU provides two main functionalities: virtual-to-physical address translation and access protection on the memory ranges that an I/O device is trying to operate on. To support these features, it architects several new data structures, out of which two are worth mentioning: device table and I/O page table. A device table is indexed by a device ID (the ones that we are used to, with bus, device and function numbers) and contains a domain ID (think of it as an address space ID) and a pointer to the I/O page table, among other things. The domain ID lets the host group a set of peripherals that share a virtual address space, which translates to I/O page table and IOTLB sharing. For example, a VMM could put all the hardware used by a VM into a common domain, saving memory on I/O page tables as well as preventing IOTLB thrashes. I/O page table provides the requisite virtual-to-physical translations as well as controls the access to those pages.

To me, IOMMU is more of an implementation (that we needed so badly) than an innovation in the I/O design aspect. For example, we already had graphics aperture remapping table (GART) to map aperture memory region to system DRAM. The difference in IOMMU is that, now it can map an arbitrary address and not just the pages belonging to the graphics aperture. Protection for DMA-targeted pages was already part of the AMD's Pacifica/SVM architecture using device exclusion vector (DEV) and also incorporated the idea of protection domains. IOMMU is thus an extension of these technologies with the additional communication infrastructure (with the processor) that includes command queuing (to support mutiple commands from the CPU, for efficiency), interrupts (on completion/error), and event logging (error information).

Hmm.. so it looks cool, now what do I do with it? Well, there are several implications of such a feature. It enables VMMs to cut down on the performance overhead that was part of the I/O virtualization process. With IOMMU, by setting up the I/O page tables that translate guest physical addresses to machine addresses, a VMM can let its guest directly control the device albeit with a catch. The catch here is that, IOMMU does not report when a page translation fails. As a result, now that the VMM is totally unaware of the guest physical pages that are undergoing a DMA, it has no way but to pin the entire guest physical addresses in memory. The next implication of an IOMMU is the consideration of an user-space driver. However, the interrupt handling still needs to be supported before a driver can move completely to user-space. With the current support, the user-space driver has to have a part of it in kernel that takes care of interrupts generated by the device. Another novel usage of this technology is to enable accesses to memory ranges beyond 4GB (on 64-bit machines) for legacy x86 32-bit devices by appropriately setting up the I/O page table to point to the high memory pages.

Now, what about devices that bypass IOMMU in a multipath set up like AMD64? Well, you are pretty much stuck here. Since IOMMU can translate/protect the I/O traffic only when it goes through it, it can't do much in a multipath scenario. The only solution, here, is to put multiple IOMMUs, one in each of the I/O hubs. Virtualizing IOMMU itself is not directly supported, and should the VMM need to virtualize, it has to emulate it using software techniques. However, these are the issues I wouldn't bother much for now and rather enjoy the facilities that come with it. With all major hypervisors waiting to jump on it, the I/O performance in VMs in the coming months is anyone's guess.

Wanna recommend people to read this article? Digg it here.

Are we gonna have a VMMM?

2006-05-11T20:57:00.000-04:00

The loadable kernel module (driver, in Windows' terminology) support in modern operating systems, raises questions on the trustworthiness that has been traditionally associated with an operating system kernel. For instance, when we are going to allow an arbitrary chunk of code to get loaded into the kernel space, how are we going to ensure it does what its supposed to do? In other words, what makes us so sure that the just loaded module is not going to modify the kernel itself, upon which the entire security of our system relies on?

In some sense, the problem is similar to "the power of attorney" in that, because an operating system should ideally have done what many modules intend to do, it has no other option but to grant the same privilege to the module as itself. But, wait a minute... where exactly do we need it? In other words, why can't we just build a kernel with all the necessary modules compiled in? Well, there are several issues here. First, the OS vendor might just not have it, as is the case for the drivers of non-standard third-party hardware. Second, an application might need some additional privileged system services that were either not envisioned during the OS design phase, or simply do not make sense to be part of the commodity OS. Examples of these are file system filter drivers used in antivirus software, backup agents, and disk encryption products, video hook drivers in Ultr@VNC servers for Windows-based systems, and drivers that support virtual network in hardware virtualization products, like VMware Workstation and Virtual PC. Third, in this dynamic world we want instant results, so we want to plug a new hardware into our system and want it to fly immediately. So what can the OS vendors do but for providing a support for plug-n-play along with the required kernel extensions? On desktop systems, typically in home usage scenarios, we just can't have enough of it, where we want our webcams, iPods, external hard drives, cellphones, camcorders, digicams, and what not, work with our PCs right away.

So, if we want all kind of flexibility then we have to face all kind of attacks that come with it too! Kernel-based rootkits are the ones that exercise this facility to take control of a system what earlier rootkits used to do at the user-space. In addition, thay can be much more dangerous. Imagine a system where all the interrupt/exception vectors getting rerouted to different handlers, system call table modified, DMA-writes to different memory pages than what was set up by the IDE controller, and you get to see a tip of the iceberg of problems that the system might get into. And now we have to deal with this rootkit-detection problem. At the end, its a rat-and-mouse scenario for rootkit detectors and rootkits that is never complete. Even more, the recently published rootkit, once installed, guarantees to circumvent any kind of rootkit detection that is carried out within the host system. So, in an environment as hostile as this, we never know when a PC gets into a racket of botnets.

Coming to the virtual machine monitors, or simply VMMs (for those of you who are new to the area, a VMM is a software layer that sits between an OS, often called a guest OS, and the hardware and mediates/virtualizes all accesses to underlying hardware in a trasparent manner, and while doing so, could host multiple such guest OSs), they have traditionally been secure and robost because of primarily two reasons. First, they are much simpler in terms of implementation complexity, i.e. a small code base, at least in theory (this is not true for type-I VMMs like VMware's ESX Server that run on the bare metal as they need to have drivers to support all the peripherals too). And second, they have no extensibility feature, i.e. they work more or less like a black box for the guest operating systems, and simply export the hardware interfaces that the gues OSs expect. However, with the paravirtualization, the game seems to be on! The hardware/software boundary is no more considered as strict as it used to be, and the main theme shifts to export a simpler hardware interface and port the guest operating systems to work on this modified interface. This has two repercussions. First, it reduces the implementation complexity on architectures like x86 where not all unprivileged instructions (instructions that do not fault/trap when executed in lower privileged modes) have the same behavior when they are executed in the highest privilege level, requiring the VMM to scan/patch the binary at the runtime. Second, the important one, it improves the performance of the virtual machines that run on top of the VMM. The two current VMMs that take this route of paravirtualization are, Xen and VMware's VMI-based hypervisor.

Now that the hardware interface has changed, the operating systems that were originally designed to work on native hardware, are now modified to communicate with the underlying hypervisor (or, should I say, paravisor?) through these new interface (hypercalls, for example). The trend seem to look familiar now, get the interface cleaner and closer to the upper layer in the software stack, which often is the first step towards supporting extensibility. Although I am not ready to speculate at this point in time, but who knows, we may see a type-I VMM letting a guest OS install its driver for some odd device that is not supported by itself. Or, who knows we may see a hypervisor that exports a hypercall to let the guest OS customize the interface to a virtual device (for example, I don't need "wall clock time," just a wild scenario). When we get to this point, even the VMM will start to feel the same heat as current OSs do. In addition, as we see more and more code going into the VMM, such as device drivers, the stability would be another concern.

So, are we heading towards a VMM Monitor now?

Wanna recommend people to read this article? Digg it here.