SlideShare ist ein Scribd-Unternehmen logo

Implements BIOS emulation support for BHyVe

Takuya ASADA
Takuya ASADA
Technologie
1 von 40
Downloaden Sie, um offline zu lesen
Implements BIOS emulation support for BHyVe Takuya ASADA<syuu@freebsd.org> 13年3月17日日曜日
Before talk about BIOS Emulation on BHyVe Let’s quickly looking into BHyVe internal structure and Intel VT-x 13年3月17日日曜日
BHyVe Overview 2. Run VM instace Disk image • bhyveload loads guest 1. Create VM instance, tap device OS load guest kernel stdin/stdout Guest kernel N Console 3. Destroy VM • bhyve is userland part of H D I C instance Hypervisor bhyveload bhyve bhyvectl Emulates devices • libvmmapi mmap/ioctl bhyvectl is a management tool /dev/vmm/${vm_name} (vmm.ko) FreeBSD kernel • libvmmapi is userland API • vmm.ko is kernel part of Hypervisor 13年3月17日日曜日
vmm.ko • Provides /dev/vmm/${vmname} • Each vmm device file contains each VM instance state • The device file can create via sysctl: hw.vmm.create • Destroy via sysctl: hw.vmm.destroy 13年3月17日日曜日
/dev/vmm/${vmname} interfaces • read/write/mmap Can access guest memory area by standard syscall (Which means you even can dump guest memory by dd command) • ioctl Provides various operation to VM 13年3月17日日曜日
/dev/vmm/${vmname} ioctls • VM_MAP_MEMORY: Map guest memory area as requested size • VM_SET/GET_REGISTER: Access registers • VM_RUN: Run guest machine, until virtual devices accessed (Or some other trap happened) 13年3月17日日曜日
bhyveload • FreeBSD bootloader ported to userland: userboot • bhyveload loads userboot.so as dynamic link library, call loader_main function • Once it called, it does following things: • Parse UFS on diskimage, find kernel • Load kernel to guest memory area (using mmap) • Set initial guest register values (using VM_SET_REGISTER ioctl) • RIP = kernel entry point • CR0 = Paging enable | Protected mode enable • EFER = Long mode enable | Long mode active • Initialize Page Table, set addr to CR3 • Create GDT, IDT, LDT, set addr to GDTR, IDTR, LDTR • Initialize TR • Guest machine starts from kernel entry point, with 64bit mode enabled 13年3月17日日曜日
bhyve • bhyve command runs like following rules: while (1) { ioctl(VM_RUN); device_io_emulation(); } 13年3月17日日曜日
Intel VT-x: Hardware assisted virtualization VMX VMX root mode non-root mode User User (Ring 3) VMEntry (Ring 3) Kernel VMExit Kernel (Ring 0) (Ring 0) • New CPU mode: VMX root mode(hypervisor) / VMX non-root mode(guest) • If some event which need to emulate in hypervisor, CPU stops guest, exit to hypervisor → VMExit 13年3月17日日曜日
VT-x configuration • Which event should be handled by hypervisor? It depends hypervisor implementation! • VT-x is configurable! You can disable/enable each event • Also can change some behavior of CPU 13年3月17日日曜日
BHyVe BIOS emulation project • Google Summer of Code ’12 “BHyVe BIOS emulation to boot legacy systems” • Project Goal: Implement BIOS emulation on BHyVe hypervisor, to make BHyVe able to support more guest OSes 13年3月17日日曜日
Limitation of bhyveload • It’s legacy free! yay! • But... • Only supports FreeBSD/amd64 • You need to implement kernel loader for each OSes • Want to run more OSes on BHyVe! 13年3月17日日曜日
Why don’t you just implement OS loader? • Better than supporting legacy ugly BIOS? True! But... • OS loader will be heavily dependent kernel implementation • You’ll be need to implement OS loader for each OSes ex: Linux loader, NetBSD loader, OpenBSD loader... • Maybe it’s very hard to implement proprietary OS loader • Even OS loader could worked, Guest OS may call BIOS interrupt handler → DIE! It’s common on 32bit x86 OSes. Most 64bit OS are legacy free. 13年3月17日日曜日
BIOS interrupt call • Ex: sys/boot/i386/mbr/mbr.s main.5: movw %sp,%di # Save stack pointer movb 0x1(%si),%dh # Load head movw 0x2(%si),%cx # Load cylinder:sector movw $LOAD,%bx # Transfer buffer testb $FL_PACKET,flags # Try EDD? jz main.7 # No. pushw %cx # Save %cx pushw %bx # Save %bx movw $0x55aa,%bx # Magic movb $0x41,%ah # BIOS: EDD extensions int $0x13 # present?    ↑BIOS Interrupt Call 13年3月17日日曜日
What happen when it called? int 13h Software interrupt(INTx) CPU reads interrupt vector On the ROM Execute BIOS call handler Perform IO by in/out or MMIO Hardware 13年3月17日日曜日
How Linux KVM handles BIOS • KVM uses QEMU for userland process • QEMU has real BIOS called “SeaBIOS”, opensource BIOS • SeaBIOS perform I/O by in/out instruction or MMIO • KVM handles these I/O, emulate devices 13年3月17日日曜日
BIOS call handling on KVM int 13h Software interrupt(INTx) CPU reads interrupt vector Execute interrupt handler SeaBIOS preforms IO VMExit by in/out or MMIO to virtual HW QEMU HW Guest Emulation HyperVisor QEMU emulates HW IO 13年3月17日日曜日
Bring SeaBIOS in BHyVe? • I wanted to use it • But we can’t bring the code in FreeBSD • Because it’s GPLv3 licensed 13年3月17日日曜日
OK then, is there BSDL BIOS? • Unfortunately, we haven’t find any BSDL BIOS • But, there’s BSDL DOS emulator on Ports: doscmd • It has DOS & BIOS interrupt call emulator runs on FreeBSD/i386 13年3月17日日曜日
How doscmd works • Map pages on low memory area to place DOS app(<1MB) • Setup interrupt vector / interrupt handler(It just issues HLT;IRET) • Load DOS app on low memory area • Enter virtual 8086 mode(i386_vm86(2)), entry DOS app entry address • CPU executes DOS app in virtual 8086 mode • When DOS app calls DOS/BIOS interrupt call, it handled by interrupt handler, the handler issues HLT instruction • Once HLT instruction issued, CPU leaves from virtual 8086 mode • doscmd emulates DOS/BIOS interrupt call virtual 8086 • return to virtual 8086 mode mode 13年3月17日日曜日
How doscmd works int 13h Software interrupt(INTx) CPU reads interrupt vector Issue HLT instruction Execute interrupt handler HLT instruction Trap DOS app on BIOS Emulation v8086 mode doscmd emulates BIOS call doscmd on FreeBSD/i386 13年3月17日日曜日
Difference of BIOS handling on QEMU vs doscmd • QEMU Runs real BIOS in guest machine Interrupt handler handles BIOS interrupt call QEMU just emulates hardware devices • doscmd Hasn’t real BIOS Interrupt handler is just for trap vm86 machine doscmd emulates BIOS interrupt call handler 13年3月17日日曜日
Plan to emulate BIOS on BHyVe • Extract only necessary code from doscmd, make it library Export two function: biosemul_init() / biosemul_call() • In biosemul_init(), perform BIOS compatible initialization (initialize register value, boot sector loading, initialize interrupt vector, install interrupt handler) • On interrupt handler, use VMCALL instruction instead of HLT instruction Because GuestOS also may use HLT, and we don’t want to handle it by BIOS emulation code • biosemul_call() handles BIOS interrupt call Executes BIOS interrupt call emulation using doscmd code 13年3月17日日曜日
How to handle BIOS interrupt call in BHyVe int 13h Software interrupt(INTx) CPU reads interrupt vector Execute interrupt call handler Issue VMCALL VMExit by VMCALL instruction BIOS Emulation Guest HyperVisor doscmd emulates BIOS call 13年3月17日日曜日
Why don’t you trap interrupt directly? • Intel VT-x has ability to trap interrupt directly (no need to issue VMCALL instruction in interrupt handler) • Why we shouldn’t use it for BIOS emulation? Because guest OS may use BIOS interrupt call vector numbers for different software interrupt after entering protected mode • Bootloaders may invoke interrupt handler by jumping address (btx does it) 13年3月17日日曜日
Problems(1) • doscmd is 64bit unsafe! Need to rewrite some type definition Ex: u_long → uint32_t • doscmd maps guest memory area at 0x0 Maybe we also can mmap guest memry area at 0x0 on BHyVe, but I rewrited code Ex: *(char *)(0x400) = 0;       ↓ *(char *)(0x400 + guest_mem) = 0; 13年3月17日日曜日
Problems(2) • Guest register storage doscmd stores register value in their structure, but BHyVe requires to issue ioctl to set/get guest register I decided to copy all register first, then emulate BIOS interrupt call, writeback modified register after that 13年3月17日日曜日
Debugging BIOS emulator • When I started implementing BIOS emulation, I inserted register dump for each BIOS interrupt call • Actually, dumping for each BIOS interrupt call is too few to determine what’s going on • And the emulation doesn’t worked fine, it finally jumped away to strange EIP and commit suicide, I have no idea • I haven’t find a way to run BHyVe on an emulator and getting instruction level trace • BHyVe can run on VMware, but I haven’t find a way to do tracing on it • Decided to implement instruction level trace on BHyVe 13年3月17日日曜日
Implement instruction level tracer on BHyVe(1) • If guest CPU is emulated, dumping each instruction is very easy Just dump everything when instruction decoder called • But, on BHyVe guest program runs natively Because it uses VT-x • This means, you have no way to inspect instruction or dump registers until VMExit caused • Then, we can raise exception on every instruction • You can insert instruction to raise exception, but x86 has a flag to single step debugging (TF bit on EFLAGS) 13年3月17日日曜日
Implement instruction level tracer on BHyVe(2) • At first, I implemented following rule: • Sets TF bit on EFLAGS, enables VMExit on #DB exception • bhyve handle #DB exception, disassembly instruction on EIP, step forward EIP address,VMEnter again • I suddenly realized VMExit causing BEFORE executing instruction! USELESS!! 13年3月17日日曜日
Implement instruction level tracer on BHyVe(3) • I changed my mind to handle it just same as BIOS interrupt call (interrupt handler issue VMCALL instruction→VMExit) • EIP and some register are pushed on stack because it’s not returned Need to fetch from stack to dump • OLD_EIP = *(uint16_t *)(ESP) • OLD_CS = * (uint16_t *)(ESP + 2) • OLD_EFLAGS = * (uint16_t *)(ESP + 4) • OLD_ESP = * (uint16_t *)(ESP + 6) 13年3月17日日曜日
Instruction level tracer output [trace] 16bit ip:7c3e cs:0 flags:102 ss:0 sp:7ffe ds:0 cr0:30 eax:0 ebx:0 ecx:0 edx:80 insn:cld [trace] 16bit ip:7c3f cs:0 flags:102 ss:0 sp:7ffe ds:0 cr0:30 eax:0 ebx:0 ecx:0 edx:80 insn:xor %cx, %cx [trace] 16bit ip:7c41 cs:0 flags:146 ss:0 sp:7ffe ds:0 cr0:30 eax:0 ebx:0 ecx:0 edx:80 insn:mov %cx, %es [trace] 16bit ip:7c43 cs:0 flags:146 ss:0 sp:7ffe ds:0 cr0:30 eax:0 ebx:0 ecx:0 edx:80 insn:mov %cx, %ds [trace] 16bit ip:7c45 cs:0 flags:146 ss:0 sp:7ffe ds:0 cr0:30 eax:0 ebx:0 ecx:0 edx:80 insn:mov %cx, %ss [trace] 16bit ip:7c4a cs:0 flags:146 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:0 edx:80 insn:mov %sp, %si [trace] 16bit ip:7c4c cs:0 flags:146 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:0 edx:80 insn:mov $0x700, %di [trace] 16bit ip:7c4f cs:0 flags:146 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:0 edx:80 insn:incb %ch [trace] 16bit ip:7c51 cs:0 flags:102 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:100 edx:80 insn:rep movsw [trace] 16bit ip:7c51 cs:0 flags:102 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:ff edx:80 insn:rep movsw [trace] 16bit ip:7c51 cs:0 flags:102 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:fe edx:80 insn:rep movsw [trace] 16bit ip:7c51 cs:0 flags:102 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:fd edx:80 insn:rep movsw [trace] 16bit ip:7c51 cs:0 flags:102 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:fc edx:80 insn:rep movsw [trace] 16bit ip:7c51 cs:0 flags:102 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:fb edx:80 insn:rep movsw [trace] 16bit ip:7c51 cs:0 flags:102 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:fa edx:80 insn:rep movsw [trace] 16bit ip:7c51 cs:0 flags:102 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:f9 edx:80 insn:rep movsw [trace] 16bit ip:7c51 cs:0 flags:102 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:f8 edx:80 insn:rep movsw [trace] 16bit ip:7c51 cs:0 flags:102 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:f7 edx:80 insn:rep movsw 13年3月17日日曜日
Tracing suddenly stops! (1) • EFLAGS can be cleared on some conditions • popf clears EFLAGS: #DB exception still causes immediately after popf instruction issued, so setting TF bit on OLD_FLAGS(on stack) can solve the issue (Guest machine restores EFLAGS by IRET) 13年3月17日日曜日
Tracing suddenly stops! (2) • EFLAGS can be cleared on some conditions • BIOS interrupt call VMExit: Looks like CPU clears TF flag when it interrupted doscmd uses following interrupt call handler for handle BIOS interrupt call: VMCALL; STI; RETF 2 RETF 2 means don’t restore CS and EFLAGS, so changing OLD_EFLAGS(on stack) has no effect Just sets TF bit on EFLAGS can solve the issue • But we must not set TF bit on EFLAGS when interrupt is #DB exception It causes infinite loop 13年3月17日日曜日
Tracing suddenly stops! (3) • lidt just before switching protected mode • After IDTR changed, #DB exception cannot handle anymore • Because #DB handler only installed on real mode interrupt vector, not on IDT • Modified IDT and implement #DB handler on btx • #DB exception haven’t caused in real mode after the lidt instruction • Probably because IDT for protected mode is not valid for real mode • After switching protected mode, tracing could resumed by set TF flag on EFLAGS 13年3月17日日曜日
Exception causes exception • Not really sure, but it looks like exception raises at an exception handler • Because of this, it can’t print error on console • Inserted VMCALL at the beginning of exception handler, dump it all 13年3月17日日曜日
BTX interrupt call causes exception [trace] 32bit-kern eip:9332 cs:18 eflags:106 ss:10 esp:17b8 ds:10 cr0:31 eax:31 ebx:9357 ecx:0 edx:70000 insn:decb %al [trace] 32bit-kern eip:9334 cs:18 eflags:106 ss:10 esp:17b8 ds:10 cr0:31 eax:30 ebx:9357 ecx:0 edx:70000 insn:mov %eax, %cr0 [trace] 32bit-kern eip:9097 cs:8 eflags:146 ss:0 esp:1800 ds:0 cr0:31 eax:102 ebx:2820 ecx:0 edx:708ee insn:mov $0x10, %cl [trace] 32bit-kern eip:9099 cs:8 eflags:146 ss:0 esp:1800 ds:0 cr0:31 eax:102 ebx:2820 ecx:10 edx:708ee insn:mov %ecx, %ss [trace] 32bit-kern eip:909d cs:8 eflags:146 ss:10 esp:1800 ds:0 cr0:31 eax:102 ebx:2820 ecx:38 edx:708ee insn:ltr %cx [except] 32bit-kern exception:13 error_code:38 eip:909d cs:8 eflags:10146 ss: 10 esp:1800 insn:ltr %cx ds:0 cr0:31 eax:102 ebx:2820 ecx:38 edx:708ee • INT 0x31 (BIOS call from BTX app) causes an exception at LTR instruction • I Have no idea... → Tried to skips all BIOS call on boot2 & loader, use in/out 13年3月17日日曜日
rep causes exception in loader [trace] 32bit-kern eip:2000c4 cs:8 eflags:10106 ss:10 esp:ffc ds:10 cr0:31 eax:a0200 ebx:201000 ecx:52f edx:50000a insn:rep movsb [trace] 32bit-kern eip:2000c4 cs:8 eflags:10106 ss:10 esp:ffc ds:10 cr0:31 eax:a0200 ebx:201000 ecx:52e edx:50000a insn:rep movsb [trace] 32bit-kern eip:2000c4 cs:8 eflags:10106 ss:10 esp:ffc ds:10 cr0:31 eax:a0200 ebx:201000 ecx:52d edx:50000a insn:rep movsb [trace] 32bit-kern eip:2000c4 cs:8 eflags:10106 ss:10 esp:ffc ds:10 cr0:31 eax:a0200 ebx:201000 ecx:52c edx:50000a insn:rep movsb [trace] 32bit-kern eip:2000c4 cs:8 eflags:10106 ss:10 esp:ffc ds:10 cr0:31 eax:a0290 ebx:201000 ecx:52b edx:50000a insn:rep movsb [trace] 32bit-kern eip:2000c4 cs:8 eflags:10106 ss:10 esp:ffc ds:10 cr0:31 eax:a027b ebx:201000 ecx:52a edx:50000a insn:rep movsb [except] 32bit-kern exception:3 error_code:0 eip:2000c4 cs:8 eflags:10106 ss:10 esp:ffc insn:rep movsb ds:10 cr0:31 eax:a0236 ebx:201000 ecx:529 edx:50000a • Really haven’t good idea... 13年3月17日日曜日
Demonstration 13年3月17日日曜日
Conclusion • Test implementation of BIOS emulator for BHyVe implemented • Instruction level tracer implemented on it for debugging • Reached at /boot/loader stage, but it dies before loading a kernel • Advices by bootloader developers are really needed • Advices for better debugging method is also needed (Is there hardware debugger for x86? Or, maybe VMware has cool debugging feature?) 13年3月17日日曜日

Empfohlen

Implements BIOS emulation support for BHyVe: A BSD Hypervisor
Implements BIOS emulation support for BHyVe: A BSD HypervisorImplements BIOS emulation support for BHyVe: A BSD Hypervisor
Implements BIOS emulation support for BHyVe: A BSD Hypervisor
Takuya ASADA
 
Qemu
QemuQemu
Qemu
robertsong
 
Qemu
QemuQemu
Qemu
Koganti Ravikumar
 
ARMvisor @ COSCUP2012
ARMvisor @ COSCUP2012ARMvisor @ COSCUP2012
ARMvisor @ COSCUP2012
Peter Chang
 
Dave Gilbert - KVM and QEMU
Dave Gilbert - KVM and QEMUDave Gilbert - KVM and QEMU
Dave Gilbert - KVM and QEMU
Danny Abukalam
 
Virtualization - Kernel Virtual Machine (KVM)
Virtualization - Kernel Virtual Machine (KVM)Virtualization - Kernel Virtual Machine (KVM)
Virtualization - Kernel Virtual Machine (KVM)
Wan Leung Wong
 
Introduction to Virtualization, Virsh and Virt-Manager
Introduction to Virtualization, Virsh and Virt-ManagerIntroduction to Virtualization, Virsh and Virt-Manager
Introduction to Virtualization, Virsh and Virt-Manager
walkerchang
 
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj MishraMalicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
OWASP Delhi
 

Empfohlen

Implements BIOS emulation support for BHyVe: A BSD Hypervisor
Implements BIOS emulation support for BHyVe: A BSD HypervisorImplements BIOS emulation support for BHyVe: A BSD Hypervisor
Implements BIOS emulation support for BHyVe: A BSD Hypervisor
Takuya ASADA
 
Qemu
QemuQemu
Qemu
robertsong
 
Qemu
QemuQemu
Qemu
Koganti Ravikumar
 
ARMvisor @ COSCUP2012
ARMvisor @ COSCUP2012ARMvisor @ COSCUP2012
ARMvisor @ COSCUP2012
Peter Chang
 
Dave Gilbert - KVM and QEMU
Dave Gilbert - KVM and QEMUDave Gilbert - KVM and QEMU
Dave Gilbert - KVM and QEMU
Danny Abukalam
 
Virtualization - Kernel Virtual Machine (KVM)
Virtualization - Kernel Virtual Machine (KVM)Virtualization - Kernel Virtual Machine (KVM)
Virtualization - Kernel Virtual Machine (KVM)
Wan Leung Wong
 
Introduction to Virtualization, Virsh and Virt-Manager
Introduction to Virtualization, Virsh and Virt-ManagerIntroduction to Virtualization, Virsh and Virt-Manager
Introduction to Virtualization, Virsh and Virt-Manager
walkerchang
 
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj MishraMalicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
OWASP Delhi
 
Virtualization Technology Overview
Virtualization Technology OverviewVirtualization Technology Overview
Virtualization Technology Overview
OpenCity Community
 
PV-Drivers for SeaBIOS using Upstream Qemu
PV-Drivers for SeaBIOS using Upstream QemuPV-Drivers for SeaBIOS using Upstream Qemu
PV-Drivers for SeaBIOS using Upstream Qemu
The Linux Foundation
 
Kvm virtualization in_rhel_7
Kvm virtualization in_rhel_7Kvm virtualization in_rhel_7
Kvm virtualization in_rhel_7
Urgen Sherpa
 
Kvm setup
Kvm setupKvm setup
Kvm setup
Pradeep Yadav 🌩️
 
I/O仮想化最前線〜ネットワークI/Oを中心に〜
I/O仮想化最前線〜ネットワークI/Oを中心に〜I/O仮想化最前線〜ネットワークI/Oを中心に〜
I/O仮想化最前線〜ネットワークI/Oを中心に〜
Ryousei Takano
 
Nakajima hvm-be final
Nakajima hvm-be finalNakajima hvm-be final
Nakajima hvm-be final
The Linux Foundation
 
Hyper V - Minasi Forum 2009
Hyper V - Minasi Forum 2009Hyper V - Minasi Forum 2009
Hyper V - Minasi Forum 2009
Aidan Finn
 
Realtime scheduling for virtual machines in SKT
Realtime scheduling for virtual machines in SKTRealtime scheduling for virtual machines in SKT
Realtime scheduling for virtual machines in SKT
The Linux Foundation
 
2014.08.30 Virtual Machine Threat 세미나
2014.08.30 Virtual Machine Threat 세미나2014.08.30 Virtual Machine Threat 세미나
2014.08.30 Virtual Machine Threat 세미나
용환 노
 
Embedded Systems Conference 2014 Presentation
Embedded Systems Conference 2014 PresentationEmbedded Systems Conference 2014 Presentation
Embedded Systems Conference 2014 Presentation
Manish Jaggi
 
Share point-easy-setup
Share point-easy-setupShare point-easy-setup
Share point-easy-setup
LOPSUY
 
Linux-without-a-bootloader
Linux-without-a-bootloaderLinux-without-a-bootloader
Linux-without-a-bootloader
Nishanth Menon
 
Kvm virtualization platform
Kvm virtualization platformKvm virtualization platform
Kvm virtualization platform
Ahmad Hafeezi
 
Drive into kvm
Drive into kvmDrive into kvm
Drive into kvm
Udayendu Kar
 
Comando kvm terminal
Comando kvm terminalComando kvm terminal
Comando kvm terminal
Carlos Eduardo
 
Linux PV on HVM
Linux PV on HVMLinux PV on HVM
Linux PV on HVM
The Linux Foundation
 
Development platform virtualization using qemu
Development platform virtualization using qemuDevelopment platform virtualization using qemu
Development platform virtualization using qemu
Premjith Achemveettil
 
[Ruxcon] Breaking virtualization by switching the cpu to virtual 8086 mode
[Ruxcon] Breaking virtualization by switching the cpu to virtual 8086 mode[Ruxcon] Breaking virtualization by switching the cpu to virtual 8086 mode
[Ruxcon] Breaking virtualization by switching the cpu to virtual 8086 mode
Moabi.com
 
Using QEMU for cross development
Using QEMU for cross developmentUsing QEMU for cross development
Using QEMU for cross development
Tetsuyuki Kobayashi
 
VM - Talk
VM - TalkVM - Talk
VM - Talk
Wan Leung Wong
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - Brief
Ashley Deuble
 
Security Onion
Security OnionSecurity Onion
Security Onion
johndegruyter
 

Weitere ähnliche Inhalte

Was ist angesagt?

Realtime scheduling for virtual machines in SKT
Realtime scheduling for virtual machines in SKTRealtime scheduling for virtual machines in SKT
Realtime scheduling for virtual machines in SKT
The Linux Foundation
 
Share point-easy-setup
Share point-easy-setupShare point-easy-setup
Share point-easy-setup
LOPSUY
 
Development platform virtualization using qemu
Development platform virtualization using qemuDevelopment platform virtualization using qemu
Development platform virtualization using qemu
Premjith Achemveettil
 

Was ist angesagt? (20)

Virtualization Technology Overview
Virtualization Technology OverviewVirtualization Technology Overview
Virtualization Technology Overview
 
PV-Drivers for SeaBIOS using Upstream Qemu
PV-Drivers for SeaBIOS using Upstream QemuPV-Drivers for SeaBIOS using Upstream Qemu
PV-Drivers for SeaBIOS using Upstream Qemu
 
Kvm virtualization in_rhel_7
Kvm virtualization in_rhel_7Kvm virtualization in_rhel_7
Kvm virtualization in_rhel_7
 
Kvm setup
Kvm setupKvm setup
Kvm setup
 
I/O仮想化最前線〜ネットワークI/Oを中心に〜
I/O仮想化最前線〜ネットワークI/Oを中心に〜I/O仮想化最前線〜ネットワークI/Oを中心に〜
I/O仮想化最前線〜ネットワークI/Oを中心に〜
 
Nakajima hvm-be final
Nakajima hvm-be finalNakajima hvm-be final
Nakajima hvm-be final
 
Hyper V - Minasi Forum 2009
Hyper V - Minasi Forum 2009Hyper V - Minasi Forum 2009
Hyper V - Minasi Forum 2009
 
Realtime scheduling for virtual machines in SKT
Realtime scheduling for virtual machines in SKTRealtime scheduling for virtual machines in SKT
Realtime scheduling for virtual machines in SKT
 
2014.08.30 Virtual Machine Threat 세미나
2014.08.30 Virtual Machine Threat 세미나2014.08.30 Virtual Machine Threat 세미나
2014.08.30 Virtual Machine Threat 세미나
 
Embedded Systems Conference 2014 Presentation
Embedded Systems Conference 2014 PresentationEmbedded Systems Conference 2014 Presentation
Embedded Systems Conference 2014 Presentation
 
Share point-easy-setup
Share point-easy-setupShare point-easy-setup
Share point-easy-setup
 
Linux-without-a-bootloader
Linux-without-a-bootloaderLinux-without-a-bootloader
Linux-without-a-bootloader
 
Kvm virtualization platform
Kvm virtualization platformKvm virtualization platform
Kvm virtualization platform
 
Drive into kvm
Drive into kvmDrive into kvm
Drive into kvm
 
Comando kvm terminal
Comando kvm terminalComando kvm terminal
Comando kvm terminal
 
Linux PV on HVM
Linux PV on HVMLinux PV on HVM
Linux PV on HVM
 
Development platform virtualization using qemu
Development platform virtualization using qemuDevelopment platform virtualization using qemu
Development platform virtualization using qemu
 
[Ruxcon] Breaking virtualization by switching the cpu to virtual 8086 mode
[Ruxcon] Breaking virtualization by switching the cpu to virtual 8086 mode[Ruxcon] Breaking virtualization by switching the cpu to virtual 8086 mode
[Ruxcon] Breaking virtualization by switching the cpu to virtual 8086 mode
 
Using QEMU for cross development
Using QEMU for cross developmentUsing QEMU for cross development
Using QEMU for cross development
 
VM - Talk
VM - TalkVM - Talk
VM - Talk
 

Andere mochten auch

Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - Brief
Ashley Deuble
 
An idea of bios emulation on b hy ve
An idea of bios emulation on b hy veAn idea of bios emulation on b hy ve
An idea of bios emulation on b hy ve
Takuya ASADA
 
Sharpest tool in the box: Choosing the right authoring tool for your learning...
Sharpest tool in the box: Choosing the right authoring tool for your learning...Sharpest tool in the box: Choosing the right authoring tool for your learning...
Sharpest tool in the box: Choosing the right authoring tool for your learning...
Brightwave Group
 
I Ovo Ce Proci
I Ovo Ce ProciI Ovo Ce Proci
I Ovo Ce Proci
verka 123
 
รายงานคู่มือการใช้งาน
รายงานคู่มือการใช้งานรายงานคู่มือการใช้งาน
รายงานคู่มือการใช้งาน
guest8ec15d
 
Sitecore. Digital Marketing System. Use Cases. Namics.
Sitecore. Digital Marketing System. Use Cases. Namics.Sitecore. Digital Marketing System. Use Cases. Namics.
Sitecore. Digital Marketing System. Use Cases. Namics.
Namics – A Merkle Company
 

Andere mochten auch (20)

Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - Brief
 
Security Onion
Security OnionSecurity Onion
Security Onion
 
GitBucketで社内OSSしませんか?
GitBucketで社内OSSしませんか?GitBucketで社内OSSしませんか?
GitBucketで社内OSSしませんか?
 
Drone.io のご紹介
Drone.io のご紹介Drone.io のご紹介
Drone.io のご紹介
 
Lista projektów kluczowych
Lista projektów kluczowychLista projektów kluczowych
Lista projektów kluczowych
 
An idea of bios emulation on b hy ve
An idea of bios emulation on b hy veAn idea of bios emulation on b hy ve
An idea of bios emulation on b hy ve
 
7&7 - 7 Years and 7 Lessons from Design Commisison
7&7 - 7 Years and 7 Lessons from Design Commisison7&7 - 7 Years and 7 Lessons from Design Commisison
7&7 - 7 Years and 7 Lessons from Design Commisison
 
FSO Presentation June 2011
FSO Presentation June 2011FSO Presentation June 2011
FSO Presentation June 2011
 
Mens Health Week 2011 Toolkit
Mens Health Week 2011 ToolkitMens Health Week 2011 Toolkit
Mens Health Week 2011 Toolkit
 
Secondthoughts
SecondthoughtsSecondthoughts
Secondthoughts
 
Kelly C. Ruggless
Kelly C. RugglessKelly C. Ruggless
Kelly C. Ruggless
 
Sharpest tool in the box: Choosing the right authoring tool for your learning...
Sharpest tool in the box: Choosing the right authoring tool for your learning...Sharpest tool in the box: Choosing the right authoring tool for your learning...
Sharpest tool in the box: Choosing the right authoring tool for your learning...
 
I Ovo Ce Proci
I Ovo Ce ProciI Ovo Ce Proci
I Ovo Ce Proci
 
POSO - podsumowanie
POSO - podsumowaniePOSO - podsumowanie
POSO - podsumowanie
 
Leon Chartarifsky
Leon ChartarifskyLeon Chartarifsky
Leon Chartarifsky
 
รายงานคู่มือการใช้งาน
รายงานคู่มือการใช้งานรายงานคู่มือการใช้งาน
รายงานคู่มือการใช้งาน
 
Kelly C.Ruggles
Kelly C.RugglesKelly C.Ruggles
Kelly C.Ruggles
 
Hssh0910
Hssh0910Hssh0910
Hssh0910
 
A road map to 2020 - how can learning technologies support fast-changing busi...
A road map to 2020 - how can learning technologies support fast-changing busi...A road map to 2020 - how can learning technologies support fast-changing busi...
A road map to 2020 - how can learning technologies support fast-changing busi...
 
Sitecore. Digital Marketing System. Use Cases. Namics.
Sitecore. Digital Marketing System. Use Cases. Namics.Sitecore. Digital Marketing System. Use Cases. Namics.
Sitecore. Digital Marketing System. Use Cases. Namics.
 

Ähnlich wie Implements BIOS emulation support for BHyVe

Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0
guest72e8c1
 
IT109 Microsoft Windows 7 Operating Systems Unit 02
IT109 Microsoft Windows 7 Operating Systems Unit 02IT109 Microsoft Windows 7 Operating Systems Unit 02
IT109 Microsoft Windows 7 Operating Systems Unit 02
blusmurfydot1
 
Installation vm
Installation vmInstallation vm
Installation vm
kiwimjg
 
Linux On V Mware ESXi
Linux On V Mware ESXiLinux On V Mware ESXi
Linux On V Mware ESXi
Masafumi Ohta
 
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
The Linux Foundation
 

Ähnlich wie Implements BIOS emulation support for BHyVe (20)

RMLL / LSM 2009
RMLL / LSM 2009RMLL / LSM 2009
RMLL / LSM 2009
 
Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0
 
IT109 Microsoft Windows 7 Operating Systems Unit 02
IT109 Microsoft Windows 7 Operating Systems Unit 02IT109 Microsoft Windows 7 Operating Systems Unit 02
IT109 Microsoft Windows 7 Operating Systems Unit 02
 
XS Boston 2008 Self IO Emulation
XS Boston 2008 Self IO EmulationXS Boston 2008 Self IO Emulation
XS Boston 2008 Self IO Emulation
 
20120729bhyve hackathon hasegaw_en
20120729bhyve hackathon hasegaw_en20120729bhyve hackathon hasegaw_en
20120729bhyve hackathon hasegaw_en
 
Unikernels: the rise of the library hypervisor in MirageOS
Unikernels: the rise of the library hypervisor in MirageOSUnikernels: the rise of the library hypervisor in MirageOS
Unikernels: the rise of the library hypervisor in MirageOS
 
Unikernels: Rise of the Library Hypervisor
Unikernels: Rise of the Library HypervisorUnikernels: Rise of the Library Hypervisor
Unikernels: Rise of the Library Hypervisor
 
Virtualization with KVM (Kernel-based Virtual Machine)
Virtualization with KVM (Kernel-based Virtual Machine)Virtualization with KVM (Kernel-based Virtual Machine)
Virtualization with KVM (Kernel-based Virtual Machine)
 
Installation vm
Installation vmInstallation vm
Installation vm
 
[HackInTheBox] Breaking virtualization by any means
[HackInTheBox] Breaking virtualization by any means[HackInTheBox] Breaking virtualization by any means
[HackInTheBox] Breaking virtualization by any means
 
Joyent's Bryan Cantrill: Experiences Porting KVM to SmartOS at KVM Forum, Aug...
Joyent's Bryan Cantrill: Experiences Porting KVM to SmartOS at KVM Forum, Aug...Joyent's Bryan Cantrill: Experiences Porting KVM to SmartOS at KVM Forum, Aug...
Joyent's Bryan Cantrill: Experiences Porting KVM to SmartOS at KVM Forum, Aug...
 
Experiences porting KVM to SmartOS
Experiences porting KVM to SmartOSExperiences porting KVM to SmartOS
Experiences porting KVM to SmartOS
 
Linux On V Mware ESXi
Linux On V Mware ESXiLinux On V Mware ESXi
Linux On V Mware ESXi
 
Linux booting process, Dual booting, Components involved
Linux booting process, Dual booting, Components involvedLinux booting process, Dual booting, Components involved
Linux booting process, Dual booting, Components involved
 
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
 
Virtualization Primer for Java Developers
Virtualization Primer for Java DevelopersVirtualization Primer for Java Developers
Virtualization Primer for Java Developers
 
Cis222 2
Cis222 2Cis222 2
Cis222 2
 
Bridging the Semantic Gap in Virtualized Environment
Bridging the Semantic Gap in Virtualized EnvironmentBridging the Semantic Gap in Virtualized Environment
Bridging the Semantic Gap in Virtualized Environment
 
The kvm virtualization way
The kvm virtualization wayThe kvm virtualization way
The kvm virtualization way
 
Linux virtualization
Linux virtualizationLinux virtualization
Linux virtualization
 

Mehr von Takuya ASADA

Seastar in 歌舞伎座.tech#8「C++初心者会」
Seastar in 歌舞伎座.tech#8「C++初心者会」Seastar in 歌舞伎座.tech#8「C++初心者会」
Seastar in 歌舞伎座.tech#8「C++初心者会」
Takuya ASADA
 
Seastar:高スループットなサーバアプリケーションの為の新しいフレームワーク
Seastar:高スループットなサーバアプリケーションの為の新しいフレームワークSeastar:高スループットなサーバアプリケーションの為の新しいフレームワーク
Seastar:高スループットなサーバアプリケーションの為の新しいフレームワーク
Takuya ASADA
 
僕のIntel nucが起動しないわけがない
僕のIntel nucが起動しないわけがない僕のIntel nucが起動しないわけがない
僕のIntel nucが起動しないわけがない
Takuya ASADA
 
Interrupt Affinityについて
Interrupt AffinityについてInterrupt Affinityについて
Interrupt Affinityについて
Takuya ASADA
 
OSvパンフレット
OSvパンフレットOSvパンフレット
OSvパンフレット
Takuya ASADA
 
BHyVeでOSvを起動したい
〜BIOSがなくてもこの先生きのこるには〜
BHyVeでOSvを起動したい
〜BIOSがなくてもこの先生きのこるには〜BHyVeでOSvを起動したい
〜BIOSがなくてもこの先生きのこるには〜
BHyVeでOSvを起動したい
〜BIOSがなくてもこの先生きのこるには〜
Takuya ASADA
 
「ハイパーバイザの作り方」読書会#2
「ハイパーバイザの作り方」読書会#2「ハイパーバイザの作り方」読書会#2
「ハイパーバイザの作り方」読書会#2
Takuya ASADA
 
「ハイパーバイザの作り方」読書会#1
「ハイパーバイザの作り方」読書会#1「ハイパーバイザの作り方」読書会#1
「ハイパーバイザの作り方」読書会#1
Takuya ASADA
 

Mehr von Takuya ASADA (20)

Seastar in 歌舞伎座.tech#8「C++初心者会」
Seastar in 歌舞伎座.tech#8「C++初心者会」Seastar in 歌舞伎座.tech#8「C++初心者会」
Seastar in 歌舞伎座.tech#8「C++初心者会」
 
Seastar:高スループットなサーバアプリケーションの為の新しいフレームワーク
Seastar:高スループットなサーバアプリケーションの為の新しいフレームワークSeastar:高スループットなサーバアプリケーションの為の新しいフレームワーク
Seastar:高スループットなサーバアプリケーションの為の新しいフレームワーク
 
高スループットなサーバアプリケーションの為の新しいフレームワーク
「Seastar」
高スループットなサーバアプリケーションの為の新しいフレームワーク
「Seastar」高スループットなサーバアプリケーションの為の新しいフレームワーク
「Seastar」
高スループットなサーバアプリケーションの為の新しいフレームワーク
「Seastar」
 
ヤマノススメ〜秋山郷 de ハッカソン〜
ヤマノススメ〜秋山郷 de ハッカソン〜ヤマノススメ〜秋山郷 de ハッカソン〜
ヤマノススメ〜秋山郷 de ハッカソン〜
 
UEFI時代のブートローダ
UEFI時代のブートローダUEFI時代のブートローダ
UEFI時代のブートローダ
 
OSvのご紹介 in 
Java 8 HotSpot meeting
OSvのご紹介 in 
Java 8 HotSpot meetingOSvのご紹介 in 
Java 8 HotSpot meeting
OSvのご紹介 in 
Java 8 HotSpot meeting
 
OSvパンフレット v3
OSvパンフレット v3OSvパンフレット v3
OSvパンフレット v3
 
OSvのご紹介 in OSC2014 Tokyo/Fall
OSvのご紹介 in OSC2014 Tokyo/FallOSvのご紹介 in OSC2014 Tokyo/Fall
OSvのご紹介 in OSC2014 Tokyo/Fall
 
OSv噺
OSv噺OSv噺
OSv噺
 
OSvの概要と実装
OSvの概要と実装OSvの概要と実装
OSvの概要と実装
 
Linux network stack
Linux network stackLinux network stack
Linux network stack
 
Ethernetの受信処理
Ethernetの受信処理Ethernetの受信処理
Ethernetの受信処理
 
Presentation on your terminal
Presentation on your terminalPresentation on your terminal
Presentation on your terminal
 
僕のIntel nucが起動しないわけがない
僕のIntel nucが起動しないわけがない僕のIntel nucが起動しないわけがない
僕のIntel nucが起動しないわけがない
 
Interrupt Affinityについて
Interrupt AffinityについてInterrupt Affinityについて
Interrupt Affinityについて
 
OSvパンフレット
OSvパンフレットOSvパンフレット
OSvパンフレット
 
BHyVeでOSvを起動したい
〜BIOSがなくてもこの先生きのこるには〜
BHyVeでOSvを起動したい
〜BIOSがなくてもこの先生きのこるには〜BHyVeでOSvを起動したい
〜BIOSがなくてもこの先生きのこるには〜
BHyVeでOSvを起動したい
〜BIOSがなくてもこの先生きのこるには〜
 
「ハイパーバイザの作り方」読書会#2
「ハイパーバイザの作り方」読書会#2「ハイパーバイザの作り方」読書会#2
「ハイパーバイザの作り方」読書会#2
 
「ハイパーバイザの作り方」読書会#1
「ハイパーバイザの作り方」読書会#1「ハイパーバイザの作り方」読書会#1
「ハイパーバイザの作り方」読書会#1
 
10GbE時代のネットワークI/O高速化
10GbE時代のネットワークI/O高速化10GbE時代のネットワークI/O高速化
10GbE時代のネットワークI/O高速化
 

Kürzlich hochgeladen

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 

Kürzlich hochgeladen (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Implements BIOS emulation support for BHyVe

  • 1. Implements BIOS emulation support for BHyVe Takuya ASADA<syuu@freebsd.org> 13年3月17日日曜日
  • 2. Before talk about BIOS Emulation on BHyVe Let’s quickly looking into BHyVe internal structure and Intel VT-x 13年3月17日日曜日
  • 3. BHyVe Overview 2. Run VM instace Disk image • bhyveload loads guest 1. Create VM instance, tap device OS load guest kernel stdin/stdout Guest kernel N Console 3. Destroy VM • bhyve is userland part of H D I C instance Hypervisor bhyveload bhyve bhyvectl Emulates devices • libvmmapi mmap/ioctl bhyvectl is a management tool /dev/vmm/${vm_name} (vmm.ko) FreeBSD kernel • libvmmapi is userland API • vmm.ko is kernel part of Hypervisor 13年3月17日日曜日
  • 4. vmm.ko • Provides /dev/vmm/${vmname} • Each vmm device file contains each VM instance state • The device file can create via sysctl: hw.vmm.create • Destroy via sysctl: hw.vmm.destroy 13年3月17日日曜日
  • 5. /dev/vmm/${vmname} interfaces • read/write/mmap Can access guest memory area by standard syscall (Which means you even can dump guest memory by dd command) • ioctl Provides various operation to VM 13年3月17日日曜日
  • 6. /dev/vmm/${vmname} ioctls • VM_MAP_MEMORY: Map guest memory area as requested size • VM_SET/GET_REGISTER: Access registers • VM_RUN: Run guest machine, until virtual devices accessed (Or some other trap happened) 13年3月17日日曜日
  • 7. bhyveload • FreeBSD bootloader ported to userland: userboot • bhyveload loads userboot.so as dynamic link library, call loader_main function • Once it called, it does following things: • Parse UFS on diskimage, find kernel • Load kernel to guest memory area (using mmap) • Set initial guest register values (using VM_SET_REGISTER ioctl) • RIP = kernel entry point • CR0 = Paging enable | Protected mode enable • EFER = Long mode enable | Long mode active • Initialize Page Table, set addr to CR3 • Create GDT, IDT, LDT, set addr to GDTR, IDTR, LDTR • Initialize TR • Guest machine starts from kernel entry point, with 64bit mode enabled 13年3月17日日曜日
  • 8. bhyve • bhyve command runs like following rules: while (1) { ioctl(VM_RUN); device_io_emulation(); } 13年3月17日日曜日
  • 9. Intel VT-x: Hardware assisted virtualization VMX VMX root mode non-root mode User User (Ring 3) VMEntry (Ring 3) Kernel VMExit Kernel (Ring 0) (Ring 0) • New CPU mode: VMX root mode(hypervisor) / VMX non-root mode(guest) • If some event which need to emulate in hypervisor, CPU stops guest, exit to hypervisor → VMExit 13年3月17日日曜日
  • 10. VT-x configuration • Which event should be handled by hypervisor? It depends hypervisor implementation! • VT-x is configurable! You can disable/enable each event • Also can change some behavior of CPU 13年3月17日日曜日
  • 11. BHyVe BIOS emulation project • Google Summer of Code ’12 “BHyVe BIOS emulation to boot legacy systems” • Project Goal: Implement BIOS emulation on BHyVe hypervisor, to make BHyVe able to support more guest OSes 13年3月17日日曜日
  • 12. Limitation of bhyveload • It’s legacy free! yay! • But... • Only supports FreeBSD/amd64 • You need to implement kernel loader for each OSes • Want to run more OSes on BHyVe! 13年3月17日日曜日
  • 13. Why don’t you just implement OS loader? • Better than supporting legacy ugly BIOS? True! But... • OS loader will be heavily dependent kernel implementation • You’ll be need to implement OS loader for each OSes ex: Linux loader, NetBSD loader, OpenBSD loader... • Maybe it’s very hard to implement proprietary OS loader • Even OS loader could worked, Guest OS may call BIOS interrupt handler → DIE! It’s common on 32bit x86 OSes. Most 64bit OS are legacy free. 13年3月17日日曜日
  • 14. BIOS interrupt call • Ex: sys/boot/i386/mbr/mbr.s main.5: movw %sp,%di # Save stack pointer movb 0x1(%si),%dh # Load head movw 0x2(%si),%cx # Load cylinder:sector movw $LOAD,%bx # Transfer buffer testb $FL_PACKET,flags # Try EDD? jz main.7 # No. pushw %cx # Save %cx pushw %bx # Save %bx movw $0x55aa,%bx # Magic movb $0x41,%ah # BIOS: EDD extensions int $0x13 # present?    ↑BIOS Interrupt Call 13年3月17日日曜日
  • 15. What happen when it called? int 13h Software interrupt(INTx) CPU reads interrupt vector On the ROM Execute BIOS call handler Perform IO by in/out or MMIO Hardware 13年3月17日日曜日
  • 16. How Linux KVM handles BIOS • KVM uses QEMU for userland process • QEMU has real BIOS called “SeaBIOS”, opensource BIOS • SeaBIOS perform I/O by in/out instruction or MMIO • KVM handles these I/O, emulate devices 13年3月17日日曜日
  • 17. BIOS call handling on KVM int 13h Software interrupt(INTx) CPU reads interrupt vector Execute interrupt handler SeaBIOS preforms IO VMExit by in/out or MMIO to virtual HW QEMU HW Guest Emulation HyperVisor QEMU emulates HW IO 13年3月17日日曜日
  • 18. Bring SeaBIOS in BHyVe? • I wanted to use it • But we can’t bring the code in FreeBSD • Because it’s GPLv3 licensed 13年3月17日日曜日
  • 19. OK then, is there BSDL BIOS? • Unfortunately, we haven’t find any BSDL BIOS • But, there’s BSDL DOS emulator on Ports: doscmd • It has DOS & BIOS interrupt call emulator runs on FreeBSD/i386 13年3月17日日曜日
  • 20. How doscmd works • Map pages on low memory area to place DOS app(<1MB) • Setup interrupt vector / interrupt handler(It just issues HLT;IRET) • Load DOS app on low memory area • Enter virtual 8086 mode(i386_vm86(2)), entry DOS app entry address • CPU executes DOS app in virtual 8086 mode • When DOS app calls DOS/BIOS interrupt call, it handled by interrupt handler, the handler issues HLT instruction • Once HLT instruction issued, CPU leaves from virtual 8086 mode • doscmd emulates DOS/BIOS interrupt call virtual 8086 • return to virtual 8086 mode mode 13年3月17日日曜日
  • 21. How doscmd works int 13h Software interrupt(INTx) CPU reads interrupt vector Issue HLT instruction Execute interrupt handler HLT instruction Trap DOS app on BIOS Emulation v8086 mode doscmd emulates BIOS call doscmd on FreeBSD/i386 13年3月17日日曜日
  • 22. Difference of BIOS handling on QEMU vs doscmd • QEMU Runs real BIOS in guest machine Interrupt handler handles BIOS interrupt call QEMU just emulates hardware devices • doscmd Hasn’t real BIOS Interrupt handler is just for trap vm86 machine doscmd emulates BIOS interrupt call handler 13年3月17日日曜日
  • 23. Plan to emulate BIOS on BHyVe • Extract only necessary code from doscmd, make it library Export two function: biosemul_init() / biosemul_call() • In biosemul_init(), perform BIOS compatible initialization (initialize register value, boot sector loading, initialize interrupt vector, install interrupt handler) • On interrupt handler, use VMCALL instruction instead of HLT instruction Because GuestOS also may use HLT, and we don’t want to handle it by BIOS emulation code • biosemul_call() handles BIOS interrupt call Executes BIOS interrupt call emulation using doscmd code 13年3月17日日曜日
  • 24. How to handle BIOS interrupt call in BHyVe int 13h Software interrupt(INTx) CPU reads interrupt vector Execute interrupt call handler Issue VMCALL VMExit by VMCALL instruction BIOS Emulation Guest HyperVisor doscmd emulates BIOS call 13年3月17日日曜日
  • 25. Why don’t you trap interrupt directly? • Intel VT-x has ability to trap interrupt directly (no need to issue VMCALL instruction in interrupt handler) • Why we shouldn’t use it for BIOS emulation? Because guest OS may use BIOS interrupt call vector numbers for different software interrupt after entering protected mode • Bootloaders may invoke interrupt handler by jumping address (btx does it) 13年3月17日日曜日
  • 26. Problems(1) • doscmd is 64bit unsafe! Need to rewrite some type definition Ex: u_long → uint32_t • doscmd maps guest memory area at 0x0 Maybe we also can mmap guest memry area at 0x0 on BHyVe, but I rewrited code Ex: *(char *)(0x400) = 0;       ↓ *(char *)(0x400 + guest_mem) = 0; 13年3月17日日曜日
  • 27. Problems(2) • Guest register storage doscmd stores register value in their structure, but BHyVe requires to issue ioctl to set/get guest register I decided to copy all register first, then emulate BIOS interrupt call, writeback modified register after that 13年3月17日日曜日
  • 28. Debugging BIOS emulator • When I started implementing BIOS emulation, I inserted register dump for each BIOS interrupt call • Actually, dumping for each BIOS interrupt call is too few to determine what’s going on • And the emulation doesn’t worked fine, it finally jumped away to strange EIP and commit suicide, I have no idea • I haven’t find a way to run BHyVe on an emulator and getting instruction level trace • BHyVe can run on VMware, but I haven’t find a way to do tracing on it • Decided to implement instruction level trace on BHyVe 13年3月17日日曜日
  • 29. Implement instruction level tracer on BHyVe(1) • If guest CPU is emulated, dumping each instruction is very easy Just dump everything when instruction decoder called • But, on BHyVe guest program runs natively Because it uses VT-x • This means, you have no way to inspect instruction or dump registers until VMExit caused • Then, we can raise exception on every instruction • You can insert instruction to raise exception, but x86 has a flag to single step debugging (TF bit on EFLAGS) 13年3月17日日曜日
  • 30. Implement instruction level tracer on BHyVe(2) • At first, I implemented following rule: • Sets TF bit on EFLAGS, enables VMExit on #DB exception • bhyve handle #DB exception, disassembly instruction on EIP, step forward EIP address,VMEnter again • I suddenly realized VMExit causing BEFORE executing instruction! USELESS!! 13年3月17日日曜日
  • 31. Implement instruction level tracer on BHyVe(3) • I changed my mind to handle it just same as BIOS interrupt call (interrupt handler issue VMCALL instruction→VMExit) • EIP and some register are pushed on stack because it’s not returned Need to fetch from stack to dump • OLD_EIP = *(uint16_t *)(ESP) • OLD_CS = * (uint16_t *)(ESP + 2) • OLD_EFLAGS = * (uint16_t *)(ESP + 4) • OLD_ESP = * (uint16_t *)(ESP + 6) 13年3月17日日曜日
  • 32. Instruction level tracer output [trace] 16bit ip:7c3e cs:0 flags:102 ss:0 sp:7ffe ds:0 cr0:30 eax:0 ebx:0 ecx:0 edx:80 insn:cld [trace] 16bit ip:7c3f cs:0 flags:102 ss:0 sp:7ffe ds:0 cr0:30 eax:0 ebx:0 ecx:0 edx:80 insn:xor %cx, %cx [trace] 16bit ip:7c41 cs:0 flags:146 ss:0 sp:7ffe ds:0 cr0:30 eax:0 ebx:0 ecx:0 edx:80 insn:mov %cx, %es [trace] 16bit ip:7c43 cs:0 flags:146 ss:0 sp:7ffe ds:0 cr0:30 eax:0 ebx:0 ecx:0 edx:80 insn:mov %cx, %ds [trace] 16bit ip:7c45 cs:0 flags:146 ss:0 sp:7ffe ds:0 cr0:30 eax:0 ebx:0 ecx:0 edx:80 insn:mov %cx, %ss [trace] 16bit ip:7c4a cs:0 flags:146 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:0 edx:80 insn:mov %sp, %si [trace] 16bit ip:7c4c cs:0 flags:146 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:0 edx:80 insn:mov $0x700, %di [trace] 16bit ip:7c4f cs:0 flags:146 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:0 edx:80 insn:incb %ch [trace] 16bit ip:7c51 cs:0 flags:102 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:100 edx:80 insn:rep movsw [trace] 16bit ip:7c51 cs:0 flags:102 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:ff edx:80 insn:rep movsw [trace] 16bit ip:7c51 cs:0 flags:102 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:fe edx:80 insn:rep movsw [trace] 16bit ip:7c51 cs:0 flags:102 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:fd edx:80 insn:rep movsw [trace] 16bit ip:7c51 cs:0 flags:102 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:fc edx:80 insn:rep movsw [trace] 16bit ip:7c51 cs:0 flags:102 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:fb edx:80 insn:rep movsw [trace] 16bit ip:7c51 cs:0 flags:102 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:fa edx:80 insn:rep movsw [trace] 16bit ip:7c51 cs:0 flags:102 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:f9 edx:80 insn:rep movsw [trace] 16bit ip:7c51 cs:0 flags:102 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:f8 edx:80 insn:rep movsw [trace] 16bit ip:7c51 cs:0 flags:102 ss:0 sp:7c00 ds:0 cr0:30 eax:0 ebx:0 ecx:f7 edx:80 insn:rep movsw 13年3月17日日曜日
  • 33. Tracing suddenly stops! (1) • EFLAGS can be cleared on some conditions • popf clears EFLAGS: #DB exception still causes immediately after popf instruction issued, so setting TF bit on OLD_FLAGS(on stack) can solve the issue (Guest machine restores EFLAGS by IRET) 13年3月17日日曜日
  • 34. Tracing suddenly stops! (2) • EFLAGS can be cleared on some conditions • BIOS interrupt call VMExit: Looks like CPU clears TF flag when it interrupted doscmd uses following interrupt call handler for handle BIOS interrupt call: VMCALL; STI; RETF 2 RETF 2 means don’t restore CS and EFLAGS, so changing OLD_EFLAGS(on stack) has no effect Just sets TF bit on EFLAGS can solve the issue • But we must not set TF bit on EFLAGS when interrupt is #DB exception It causes infinite loop 13年3月17日日曜日
  • 35. Tracing suddenly stops! (3) • lidt just before switching protected mode • After IDTR changed, #DB exception cannot handle anymore • Because #DB handler only installed on real mode interrupt vector, not on IDT • Modified IDT and implement #DB handler on btx • #DB exception haven’t caused in real mode after the lidt instruction • Probably because IDT for protected mode is not valid for real mode • After switching protected mode, tracing could resumed by set TF flag on EFLAGS 13年3月17日日曜日
  • 36. Exception causes exception • Not really sure, but it looks like exception raises at an exception handler • Because of this, it can’t print error on console • Inserted VMCALL at the beginning of exception handler, dump it all 13年3月17日日曜日
  • 37. BTX interrupt call causes exception [trace] 32bit-kern eip:9332 cs:18 eflags:106 ss:10 esp:17b8 ds:10 cr0:31 eax:31 ebx:9357 ecx:0 edx:70000 insn:decb %al [trace] 32bit-kern eip:9334 cs:18 eflags:106 ss:10 esp:17b8 ds:10 cr0:31 eax:30 ebx:9357 ecx:0 edx:70000 insn:mov %eax, %cr0 [trace] 32bit-kern eip:9097 cs:8 eflags:146 ss:0 esp:1800 ds:0 cr0:31 eax:102 ebx:2820 ecx:0 edx:708ee insn:mov $0x10, %cl [trace] 32bit-kern eip:9099 cs:8 eflags:146 ss:0 esp:1800 ds:0 cr0:31 eax:102 ebx:2820 ecx:10 edx:708ee insn:mov %ecx, %ss [trace] 32bit-kern eip:909d cs:8 eflags:146 ss:10 esp:1800 ds:0 cr0:31 eax:102 ebx:2820 ecx:38 edx:708ee insn:ltr %cx [except] 32bit-kern exception:13 error_code:38 eip:909d cs:8 eflags:10146 ss: 10 esp:1800 insn:ltr %cx ds:0 cr0:31 eax:102 ebx:2820 ecx:38 edx:708ee • INT 0x31 (BIOS call from BTX app) causes an exception at LTR instruction • I Have no idea... → Tried to skips all BIOS call on boot2 & loader, use in/out 13年3月17日日曜日
  • 38. rep causes exception in loader [trace] 32bit-kern eip:2000c4 cs:8 eflags:10106 ss:10 esp:ffc ds:10 cr0:31 eax:a0200 ebx:201000 ecx:52f edx:50000a insn:rep movsb [trace] 32bit-kern eip:2000c4 cs:8 eflags:10106 ss:10 esp:ffc ds:10 cr0:31 eax:a0200 ebx:201000 ecx:52e edx:50000a insn:rep movsb [trace] 32bit-kern eip:2000c4 cs:8 eflags:10106 ss:10 esp:ffc ds:10 cr0:31 eax:a0200 ebx:201000 ecx:52d edx:50000a insn:rep movsb [trace] 32bit-kern eip:2000c4 cs:8 eflags:10106 ss:10 esp:ffc ds:10 cr0:31 eax:a0200 ebx:201000 ecx:52c edx:50000a insn:rep movsb [trace] 32bit-kern eip:2000c4 cs:8 eflags:10106 ss:10 esp:ffc ds:10 cr0:31 eax:a0290 ebx:201000 ecx:52b edx:50000a insn:rep movsb [trace] 32bit-kern eip:2000c4 cs:8 eflags:10106 ss:10 esp:ffc ds:10 cr0:31 eax:a027b ebx:201000 ecx:52a edx:50000a insn:rep movsb [except] 32bit-kern exception:3 error_code:0 eip:2000c4 cs:8 eflags:10106 ss:10 esp:ffc insn:rep movsb ds:10 cr0:31 eax:a0236 ebx:201000 ecx:529 edx:50000a • Really haven’t good idea... 13年3月17日日曜日
  • 40. Conclusion • Test implementation of BIOS emulator for BHyVe implemented • Instruction level tracer implemented on it for debugging • Reached at /boot/loader stage, but it dies before loading a kernel • Advices by bootloader developers are really needed • Advices for better debugging method is also needed (Is there hardware debugger for x86? Or, maybe VMware has cool debugging feature?) 13年3月17日日曜日