SlideShare ist ein Scribd-Unternehmen logo

Qemu Introduction

Chiawei Wang
Chiawei Wang

This slide briefly introduce QEMU, a whole-system emulator.

Software
1 von 52
Downloaden Sie, um offline zu lesen
QEMU Intro. Chiawei, Wang 2015/07/17 1
Story Time • Emulation V.S. Virtualization • Why we love emulator ? • QEMU • ISA translation of QEMU • Guest Insn.  Intermediate Representation  Host Insn. • Code Block Translation • Translation Block Cache • Translation Block Chaining • Helper Feature of QEMU 2
Emulation V.S. Virtualization • Both can be used to host VM (a.k.a hypervisor) • Virtualization • Share the underlying hardware as disjoin set for each VM instance. • Host ISA is the same as Guest ISA. • Guest operations can be directly dispatched to hardware • Fast • Emulation • Everything of Guest ISA are realized by software. • Register, Memory, I/O • Host ISA can be differ from Guest ISA. • Guest operations are translated into operations to the emulated devices • Slow 3
Why we LOVE Emulator ? • Everything is implemented by software! • Everything can be customized on demands! • Welcome to the code-tracing hell…. • Popular emulator • QEMU • Bochs • QEMU is preferred in our use due to its better performance. • We will give more details later. 4
QEMU • QEMU, a Fast and Portable Dynamic Translator • http://static.usenix.org/event/usenix05/tech/freenix/full_pap ers/bellard/bellard.pdf • Supporting numerous ISA emulation • i386 • x86_64 • arm • mips • ppc • Etc. • QEMU is also the client of Linux KVM (virtualization). • Herein we focus only on its emulation functionality. 5
QEMU Snapshot & Console 6
Before we dig into QEMU … Let us go through an emulation of a code snippets for example. 7
Example of Emulation • Emulate ARM Guest on x86 Host ARM Register Value R0 0 R1 0 code: E3 A0 00 01 MOV R0, #1 E3 A0 10 02 MOV R1, #2 E0 80 00 01 ADD R0, R0, R1 8
Example of Emulation • Emulate ARM Guest on x86 Host ARM Register Value R0 0 R1 0 code: E3 A0 00 01 MOV R0, #1 E3 A0 10 02 MOV R1, #2 E0 80 00 01 ADD R0, R0, R1 x86 Register Value EAX 0 ECX 0 Emulate R0, R1 w/ EAX, ECX 9
Example of Emulation • Emulate ARM Guest on x86 Host ARM Register Value R0 1 R1 0 code: E3 A0 00 01 MOV R0, #1 E3 A0 10 02 MOV R1, #2 E0 80 00 01 ADD R0, R0, R1 x86 Register Value EAX 0 ECX 0 Emulate R0, R1 w/ EAX, ECX 10
Example of Emulation • Emulate ARM Guest on x86 Host ARM Register Value R0 1 R1 0 code: E3 A0 00 01 MOV R0, #1 E3 A0 10 02 MOV R1, #2 E0 80 00 01 ADD R0, R0, R1 x86 Register Value EAX 1 ECX 0 Emulate R0, R1 w/ EAX, ECX translate code: B8 01 00 00 00 MOV EAX, 0x1 11
Example of Emulation • Emulate ARM Guest on x86 Host ARM Register Value R0 1 R1 2 code: E3 A0 00 01 MOV R0, #1 E3 A0 10 02 MOV R1, #2 E0 80 00 01 ADD R0, R0, R1 x86 Register Value EAX 1 ECX 0 Emulate R0, R1 w/ EAX, ECX code: B8 01 00 00 00 MOV EAX, 0x1 12
Example of Emulation • Emulate ARM Guest on x86 Host ARM Register Value R0 1 R1 2 code: E3 A0 00 01 MOV R0, #1 E3 A0 10 02 MOV R1, #2 E0 80 00 01 ADD R0, R0, R1 x86 Register Value EAX 1 ECX 2 Emulate R0, R1 w/ EAX, ECX translate code: B8 01 00 00 00 MOV EAX, 0x1 B9 02 00 00 00 MOV ECX, 0x2 13
Example of Emulation • Emulate ARM Guest on x86 Host ARM Register Value R0 3 R1 2 code: E3 A0 00 01 MOV R0, #1 E3 A0 10 02 MOV R1, #2 E0 80 00 01 ADD R0, R0, R1 x86 Register Value EAX 1 ECX 2 Emulate R0, R1 w/ EAX, ECX code: B8 01 00 00 00 MOV EAX, 0x1 B9 02 00 00 00 MOV ECX, 0x2 14
Example of Emulation • Emulate ARM Guest on x86 Host ARM Register Value R0 3 R1 2 code: E3 A0 00 01 MOV R0, #1 E3 A0 10 02 MOV R1, #2 E0 80 00 01 ADD R0, R0, R1 x86 Register Value EAX 3 ECX 2 Emulate R0, R1 w/ EAX, ECX code: B8 01 00 00 00 MOV EAX, 0x1 B9 02 00 00 00 MOV ECX, 0x2 01 C8 ADD EAX, ECX translate 15
Translation Between Different ISA Guest Host 16
Translation Between Different ISA Guest Host code translation 17
Translation Between Different ISA Guest Host code translation 18
Translation Between Different ISA Guest Host code translation 19
Translation Between Different ISA Guest Host code translation 20
Translation Between Different ISA Guest Host code translation Are you fucking kidding me ? 21
Translation Between Different ISA of QEMU • QEMU adopts an abstraction layer between the translation. • Tiny Code Generator (TCG), an intermediate representation (IR) code. Guest Host TCG 22
Translation Between Different ISA of QEMU • QEMU adopts an abstraction layer between the translation. • Tiny Code Generator (TCG), an intermediate representation (IR) code. Guest Host TCG 23
Translation Between Different ISA of QEMU • QEMU adopts an abstraction layer between the translation. • Tiny Code Generator (TCG), an intermediate representation (IR) code. Guest Host TCG 24
Translation Between Different ISA of QEMU • QEMU adopts an abstraction layer between the translation. • Tiny Code Generator (TCG), an intermediate representation (IR) code. Guest Host TCG 25
Example of QEMU Code Translation Guest Code TCG mov eax, ds mov_i64 tmp0, rax movi_i64 tmp3, 0xfd194 st_i64 tmp3, env, 0x80 mov_i32 tmp5, tmp0 movi_i32 tmp11, 0x3 call load_seg, 0x0, 0, env, tmp11, tmp5 movi_i64 tmp3, 0xfd196 st_i64 tmp3, env, 0x80 exit_tb 0x0 set_label L0 exit_tb 0x7f77499ff3cb • x86_64 (Guest)  TCG 26
Example of QEMU Code Translation TCG Host Code mov_i64 tmp0, rax movi_i64 tmp3, 0xfd194 st_i64 tmp3, env, 0x80 mov_i32 tmp5, tmp0 movi_i32 tmp11, 0x3 call load_seg, 0x0, 0, env, tmp11, tmp5 movi_i64 tmp3, 0xfd196 st_i64 tmp3, env, 0x80 exit_tb 0x0 set_label L0 exit_tb 0x7f77499ff3cb mov rax, 0x3 mov [0x7f779478f008], rax mov [r14 + 0x80], 0xfd194 mov rdi, r14 mov esi, 0x3 mov edx, 0x10 call 0x7f776ce8e500 mov [r14 + 0x80], 0xfd196 xor eax, eax jmp 0x7f776a9fec16 lea rax, [rip – 0x110005ed] jmp 0x7f776a9fec16 • TCG  x86_64 (Host) 27
Example of QEMU Code Translation TCG Host Code mov_i64 tmp0, rax movi_i64 tmp3, 0xfd194 st_i64 tmp3, env, 0x80 mov_i32 tmp5, tmp0 movi_i32 tmp11, 0x3 call load_seg, 0x0, 0, env, tmp11, tmp5 movi_i64 tmp3, 0xfd196 st_i64 tmp3, env, 0x80 exit_tb 0x0 set_label L0 exit_tb 0x7f77499ff3cb mov rax, 0x3 mov [0x7f779478f008], rax mov [r14 + 0x80], 0xfd194 mov rdi, r14 mov esi, 0x3 mov edx, 0x10 call 0x7f776ce8e500 mov [r14 + 0x80], 0xfd196 xor eax, eax jmp 0x7f776a9fec16 lea rax, [rip – 0x110005ed] jmp 0x7f776a9fec16 • TCG  x86_64 (Host) 28 I just wanna execute mov eax, ds
Code Block-based Translation • First thought of code translation • Interpret each encountered Guest instruction and execute the translated code in Host (Bochs’ way). • Recall the emulation example in page 7. • QEMU use code block-based translation instead of one-by-one interpretation. • Performance improvement 29
What is Code Block • Code Block/Basic Block (also called Translation Block in QEMU) • A collection of instructions that can be SEQUENTIALLY executed. • Each block is ended with a control-flow transfer instruction. 30
Performance Improvement 31 • Translation block optimization mov eax, 1 add eax, 2 mov eax, 3 • Translation block cache (coming up)
Performance Improvement 32 • Translation block optimization mov eax, 1 add eax, 2 mov eax, 3 • Translation block cache (coming up)
Translation Block Cache • Since executing code doesn’t change often, why don’t we stop translating the code previously translated ? 33
Translation Block Cache • Since executing code doesn’t change often, why don’t we stop translating the code previously translated ? • YES! QEMU caches the translation block and index it with the Guest physical address where the code resides in. 34
Translation Block Cache • Workflow 35 main: mov dword ptr [esp+18], 0 mov dword ptr [esp+14], 80 mov dword ptr [esp+10], 1 mov dword ptr [esp+C], 0 mov dword ptr [esp+8], 0 mov dword ptr [esp+4], C0000000 mov dword ptr [esp], 00404020 mov eax, dword ptr[00406120] call eax // f = CreateFileA( … ) sub esp, 1C mov dword ptr[ebp-C], eax cmp dword ptr[ebp-C], -1 jnz short 00401557 // if(f == -1) mov eax, -1 jmp short 0040156C // return -1 mov eax, dword ptr [ebp-C] mov dword ptr [esp], eax mov eax, dword ptr[0040611C] call eax // CloseHandle( f ) sub esp, 4 mov eax, 0 mov ecx, dword ptr [ebp-4] leave // return 0 EIP = 0x11223344 GVA = 0x11223344 GPA = 0x5566 Is TB_cache[GPA] Valid ? Execute the TB Code Translation mov dword ptr [esp+18], 0 mov dword ptr [esp+14], 80 mov dword ptr [esp+10], 1 mov dword ptr [esp+C], 0 mov dword ptr [esp+8], 0 mov dword ptr [esp+4], C0000000 mov dword ptr [esp], 00404020 mov eax, dword ptr[00406120] call eax TB_cache[GPA] = TB GVA: Guest Virtual Address GPA: Guest Physical Address Guest Host True False Lookup the Guest page table for GVA TB (Translated code inside)
Translation Block Cache • Cache space is limited. • Policy for cache replacement upon full cache is required. 36
Translation Block Cache • Cache space is limited. • Policy for cache replacement upon full cache is required. 37
• Assume TB1, TB2, and TB3 are all cached and going to be sequentially executed. • Six control flow transfer. Translation Block Chaining 38 QEMU TB 1 TB 2 TB 3 Find TB1 in cache & Exec Return Find TB2 in cache & Exec Return Find TB3 in cache & Exec Return Time
• When TB1, TB2, and TB3 are executed sequentially in most case … • Four control flow transfer. Faster Translation Block Chaining 39 QEMU TB 1 TB 2 TB 3 Find TB1 in cache & Exec Return Find TB2 in cache & Exec Return Find TB3 in cache & Exec Return Time
• What if the end of a TB is a conditional branch ? ( e.g. JCC group of x86 ) • Each TB has two slots for chaining Translation Block Chaining 40 TB 1 TB 2 TB 3 True Chain False Chain
41 So far so good ?
Helper Feature of QEMU • Helper makes the TB execution be transferred immediately to C-function Host code. • Advantage • Ease of the burden of coding on complex code translation • Interception during TB execution • Disadvantage • Overhead caused by transmitting the QEMU state from “executing translated Guest code” to “executing Host code” 42
Example of Helper Use 43 qemu/helper.c void helper_div( arg1, arg2 ) { // Do the division job & // Update the emulated Guest CPU/Memory } Guest Code TCG IR Host Code • x86_64  TCG  x86_64
Example of Helper Use 44 qemu/helper.c void helper_div( arg1, arg2 ) { // Do the division job & // Update the emulated Guest CPU/Memory } Guest Code TCG IR Host Code • x86_64  TCG  x86_64 compile helper_div: 0x7f776ce80440: push rbp 0x7f776ce80441: mov rbp, rsp …
Example of Helper Use 45 qemu/helper.c void helper_div( arg1, arg2 ) { // Do the division job & // Update the emulated Guest CPU/Memory } Guest Code TCG IR Host Code div ecx • x86_64  TCG  x86_64 compile helper_div: 0x7f776ce80440: push rbp 0x7f776ce80441: mov rbp, rsp …
Example of Helper Use 46 qemu/helper.c void helper_div( arg1, arg2 ) { // Do the division job & // Update the emulated Guest CPU/Memory } Guest Code TCG IR Host Code div ecx mov_i64 tmp0,rcx movi_i64 tmp3,$0xf0544 st_i64 tmp3,env,$0x80 call divl_EAX,$0x0,$0,env,tmp0 • x86_64  TCG  x86_64 compile helper_div: 0x7f776ce80440: push rbp 0x7f776ce80441: mov rbp, rsp … Translation by calling gen_helper_div
Example of Helper Use 47 qemu/helper.c void helper_div( arg1, arg2 ) { // Do the division job & // Update the emulated Guest CPU/Memory } Guest Code TCG IR Host Code div ecx mov_i64 tmp0,rcx movi_i64 tmp3,$0xf0544 st_i64 tmp3,env,$0x80 call divl_EAX,$0x0,$0,env,tmp0 movq $0xf0544,0x80(%r14) mov %r14,%rdi mov $0xa,%esi callq 0x7f776ce80440 • x86_64  TCG  x86_64 compile helper_div: 0x7f776ce80440: push rbp 0x7f776ce80441: mov rbp, rsp … Translation by calling gen_helper_div Generate Host Code for div ecx emulation
Example of Helper Use 48 qemu/helper.c void helper_div( arg1, arg2 ) { // Do the division job & // Update the emulated Guest CPU/Memory } Guest Code TCG IR Host Code div ecx mov_i64 tmp0,rcx movi_i64 tmp3,$0xf0544 st_i64 tmp3,env,$0x80 call divl_EAX,$0x0,$0,env,tmp0 movq $0xf0544,0x80(%r14) mov %r14,%rdi mov $0xa,%esi callq 0x7f776ce80440 • x86_64  TCG  x86_64 compile helper_div: 0x7f776ce80440: push rbp 0x7f776ce80441: mov rbp, rsp … Translation by calling gen_helper_div Generate Host Code for div ecx emulation
Example of Helper Use 49 qemu/helper.c void helper_div( arg1, arg2 ) { // Do the division job & // Update the emulated Guest CPU/Memory } Guest Code TCG IR Host Code div ecx mov_i64 tmp0,rcx movi_i64 tmp3,$0xf0544 st_i64 tmp3,env,$0x80 call divl_EAX,$0x0,$0,env,tmp0 movq $0xf0544,0x80(%r14) mov %r14,%rdi mov $0xa,%esi callq 0x7f776ce80440 • x86_64  TCG  x86_64 compile helper_div: 0x7f776ce80440: push rbp 0x7f776ce80441: mov rbp, rsp … Translation by calling gen_helper_div Generate Host Code for div ecx emulation
When does QEMU Use Helper ? • Translating an instruction which results in complex and numerous TCG IR generation. • e.g. div of x86 • Interception to the execution of translated instruction is required. (like hook) • e.g. jcc of x86 • … (might be more cases. I haven’t fully comprehended) 50
More QEMU-related System of DSNSLab • SecMap • Two-layer Disk Forensics • MrKIP • VMaware Detector • Cloudebug • ProbeBuilder • Android Taint 51
Q & A 52

Empfohlen

Qemu
QemuQemu
QemuKoganti Ravikumar
 
QEMU - Binary Translation
QEMU - Binary Translation QEMU - Binary Translation
QEMU - Binary Translation Jiann-Fuh Liaw
 
Qemu JIT Code Generator and System Emulation
Qemu JIT Code Generator and System EmulationQemu JIT Code Generator and System Emulation
Qemu JIT Code Generator and System EmulationNational Cheng Kung University
 
from Binary to Binary: How Qemu Works
from Binary to Binary: How Qemu Worksfrom Binary to Binary: How Qemu Works
from Binary to Binary: How Qemu WorksZhen Wei
 
Dave Gilbert - KVM and QEMU
Dave Gilbert - KVM and QEMUDave Gilbert - KVM and QEMU
Dave Gilbert - KVM and QEMUDanny Abukalam
 
BPF Internals (eBPF)
BPF Internals (eBPF)BPF Internals (eBPF)
BPF Internals (eBPF)Brendan Gregg
 
Virtual Machine Constructions for Dummies
Virtual Machine Constructions for DummiesVirtual Machine Constructions for Dummies
Virtual Machine Constructions for DummiesNational Cheng Kung University
 
BusyBox for Embedded Linux
BusyBox for Embedded LinuxBusyBox for Embedded Linux
BusyBox for Embedded LinuxEmertxe Information Technologies Pvt Ltd
 

Empfohlen

Qemu
QemuQemu
QemuKoganti Ravikumar
 
QEMU - Binary Translation
QEMU - Binary Translation QEMU - Binary Translation
QEMU - Binary Translation Jiann-Fuh Liaw
 
Qemu JIT Code Generator and System Emulation
Qemu JIT Code Generator and System EmulationQemu JIT Code Generator and System Emulation
Qemu JIT Code Generator and System EmulationNational Cheng Kung University
 
from Binary to Binary: How Qemu Works
from Binary to Binary: How Qemu Worksfrom Binary to Binary: How Qemu Works
from Binary to Binary: How Qemu WorksZhen Wei
 
Dave Gilbert - KVM and QEMU
Dave Gilbert - KVM and QEMUDave Gilbert - KVM and QEMU
Dave Gilbert - KVM and QEMUDanny Abukalam
 
BPF Internals (eBPF)
BPF Internals (eBPF)BPF Internals (eBPF)
BPF Internals (eBPF)Brendan Gregg
 
Virtual Machine Constructions for Dummies
Virtual Machine Constructions for DummiesVirtual Machine Constructions for Dummies
Virtual Machine Constructions for DummiesNational Cheng Kung University
 
BusyBox for Embedded Linux
BusyBox for Embedded LinuxBusyBox for Embedded Linux
BusyBox for Embedded LinuxEmertxe Information Technologies Pvt Ltd
 
A practical guide to buildroot
A practical guide to buildrootA practical guide to buildroot
A practical guide to buildrootEmertxe Information Technologies Pvt Ltd
 
How Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar LeibovichHow Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar LeibovichDevOpsDays Tel Aviv
 
Linux Internals - Part II
Linux Internals - Part IILinux Internals - Part II
Linux Internals - Part IIEmertxe Information Technologies Pvt Ltd
 
Making Linux do Hard Real-time
Making Linux do Hard Real-timeMaking Linux do Hard Real-time
Making Linux do Hard Real-timeNational Cheng Kung University
 
Embedded_Linux_Booting
Embedded_Linux_BootingEmbedded_Linux_Booting
Embedded_Linux_BootingRashila Rr
 
LCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted FirmwareLCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted FirmwareLinaro
 
HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...
HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...
HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...Linaro
 
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLinaro
 
Embedded Linux Quick Start Guide v1.5
Embedded Linux Quick Start Guide v1.5Embedded Linux Quick Start Guide v1.5
Embedded Linux Quick Start Guide v1.5Chris Simmonds
 
eBPF maps 101
eBPF maps 101eBPF maps 101
eBPF maps 101SUSE Labs Taipei
 
Arm device tree and linux device drivers
Arm device tree and linux device driversArm device tree and linux device drivers
Arm device tree and linux device driversHoucheng Lin
 
Understanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicUnderstanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicJoseph Lu
 
Building Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCBuilding Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCKernel TLV
 
Xdp and ebpf_maps
Xdp and ebpf_mapsXdp and ebpf_maps
Xdp and ebpf_mapslcplcp1
 
Boosting I/O Performance with KVM io_uring
Boosting I/O Performance with KVM io_uringBoosting I/O Performance with KVM io_uring
Boosting I/O Performance with KVM io_uringShapeBlue
 
Hands-on ethernet driver
Hands-on ethernet driverHands-on ethernet driver
Hands-on ethernet driverSUSE Labs Taipei
 
Ixgbe internals
Ixgbe internalsIxgbe internals
Ixgbe internalsSUSE Labs Taipei
 
Linux MMAP & Ioremap introduction
Linux MMAP & Ioremap introductionLinux MMAP & Ioremap introduction
Linux MMAP & Ioremap introductionGene Chang
 
eBPF/XDP
eBPF/XDP eBPF/XDP
eBPF/XDP Netronome
 
Linux Network Stack
Linux Network StackLinux Network Stack
Linux Network StackAdrien Mahieux
 
QEMU and Raspberry Pi. Instant Embedded Development
QEMU and Raspberry Pi. Instant Embedded DevelopmentQEMU and Raspberry Pi. Instant Embedded Development
QEMU and Raspberry Pi. Instant Embedded DevelopmentGlobalLogic Ukraine
 
Translation Cache Policies for Dynamic Binary Translation
Translation Cache Policies for Dynamic Binary TranslationTranslation Cache Policies for Dynamic Binary Translation
Translation Cache Policies for Dynamic Binary TranslationSaber Ferjani
 

Weitere ähnliche Inhalte

Was ist angesagt?

How Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar LeibovichHow Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar LeibovichDevOpsDays Tel Aviv
 
Embedded_Linux_Booting
Embedded_Linux_BootingEmbedded_Linux_Booting
Embedded_Linux_BootingRashila Rr
 
LCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted FirmwareLCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted FirmwareLinaro
 
HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...
HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...
HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...Linaro
 
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLinaro
 
Embedded Linux Quick Start Guide v1.5
Embedded Linux Quick Start Guide v1.5Embedded Linux Quick Start Guide v1.5
Embedded Linux Quick Start Guide v1.5Chris Simmonds
 
Arm device tree and linux device drivers
Arm device tree and linux device driversArm device tree and linux device drivers
Arm device tree and linux device driversHoucheng Lin
 
Understanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicUnderstanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicJoseph Lu
 
Building Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCBuilding Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCKernel TLV
 
Xdp and ebpf_maps
Xdp and ebpf_mapsXdp and ebpf_maps
Xdp and ebpf_mapslcplcp1
 
Boosting I/O Performance with KVM io_uring
Boosting I/O Performance with KVM io_uringBoosting I/O Performance with KVM io_uring
Boosting I/O Performance with KVM io_uringShapeBlue
 
Linux MMAP & Ioremap introduction
Linux MMAP & Ioremap introductionLinux MMAP & Ioremap introduction
Linux MMAP & Ioremap introductionGene Chang
 

Was ist angesagt? (20)

A practical guide to buildroot
A practical guide to buildrootA practical guide to buildroot
A practical guide to buildroot
 
How Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar LeibovichHow Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar Leibovich
 
Linux Internals - Part II
Linux Internals - Part IILinux Internals - Part II
Linux Internals - Part II
 
Making Linux do Hard Real-time
Making Linux do Hard Real-timeMaking Linux do Hard Real-time
Making Linux do Hard Real-time
 
Embedded_Linux_Booting
Embedded_Linux_BootingEmbedded_Linux_Booting
Embedded_Linux_Booting
 
LCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted FirmwareLCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted Firmware
 
HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...
HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...
HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...
 
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
 
Embedded Linux Quick Start Guide v1.5
Embedded Linux Quick Start Guide v1.5Embedded Linux Quick Start Guide v1.5
Embedded Linux Quick Start Guide v1.5
 
eBPF maps 101
eBPF maps 101eBPF maps 101
eBPF maps 101
 
Arm device tree and linux device drivers
Arm device tree and linux device driversArm device tree and linux device drivers
Arm device tree and linux device drivers
 
Understanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicUnderstanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panic
 
Building Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCBuilding Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCC
 
Xdp and ebpf_maps
Xdp and ebpf_mapsXdp and ebpf_maps
Xdp and ebpf_maps
 
Boosting I/O Performance with KVM io_uring
Boosting I/O Performance with KVM io_uringBoosting I/O Performance with KVM io_uring
Boosting I/O Performance with KVM io_uring
 
Hands-on ethernet driver
Hands-on ethernet driverHands-on ethernet driver
Hands-on ethernet driver
 
Ixgbe internals
Ixgbe internalsIxgbe internals
Ixgbe internals
 
Linux MMAP & Ioremap introduction
Linux MMAP & Ioremap introductionLinux MMAP & Ioremap introduction
Linux MMAP & Ioremap introduction
 
eBPF/XDP
eBPF/XDP eBPF/XDP
eBPF/XDP
 
Linux Network Stack
Linux Network StackLinux Network Stack
Linux Network Stack
 

Andere mochten auch

QEMU and Raspberry Pi. Instant Embedded Development
QEMU and Raspberry Pi. Instant Embedded DevelopmentQEMU and Raspberry Pi. Instant Embedded Development
QEMU and Raspberry Pi. Instant Embedded DevelopmentGlobalLogic Ukraine
 
Translation Cache Policies for Dynamic Binary Translation
Translation Cache Policies for Dynamic Binary TranslationTranslation Cache Policies for Dynamic Binary Translation
Translation Cache Policies for Dynamic Binary TranslationSaber Ferjani
 
OpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationOpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationMirantis
 
Bridging and its use in KVM
Bridging and its use in KVMBridging and its use in KVM
Bridging and its use in KVMSaravana Kumar
 
Virtualization support by intel
Virtualization support by intelVirtualization support by intel
Virtualization support by intelInzemamul Haque
 
Hypervisor Security - OpenStack Summit Hong Kong
Hypervisor Security - OpenStack Summit Hong KongHypervisor Security - OpenStack Summit Hong Kong
Hypervisor Security - OpenStack Summit Hong KongRobert Clark
 
Mastering kvm virtualization- A complete guide of KVM virtualization
Mastering kvm virtualization- A complete guide of KVM virtualizationMastering kvm virtualization- A complete guide of KVM virtualization
Mastering kvm virtualization- A complete guide of KVM virtualizationHumble Chirammal
 
Virtualization - Kernel Virtual Machine (KVM)
Virtualization - Kernel Virtual Machine (KVM)Virtualization - Kernel Virtual Machine (KVM)
Virtualization - Kernel Virtual Machine (KVM)Wan Leung Wong
 
Docker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversDocker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversBrent Salisbury
 
Hardware support for efficient virtualization
Hardware support for efficient virtualizationHardware support for efficient virtualization
Hardware support for efficient virtualizationLennox Wu
 
Toward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malwareToward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malwareZongXian Shen
 
KVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStackKVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStackBoden Russell
 

Andere mochten auch (16)

QEMU and Raspberry Pi. Instant Embedded Development
QEMU and Raspberry Pi. Instant Embedded DevelopmentQEMU and Raspberry Pi. Instant Embedded Development
QEMU and Raspberry Pi. Instant Embedded Development
 
Translation Cache Policies for Dynamic Binary Translation
Translation Cache Policies for Dynamic Binary TranslationTranslation Cache Policies for Dynamic Binary Translation
Translation Cache Policies for Dynamic Binary Translation
 
OpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationOpenStack as the Platform for Innovation
OpenStack as the Platform for Innovation
 
Bridging and its use in KVM
Bridging and its use in KVMBridging and its use in KVM
Bridging and its use in KVM
 
Aplura virtualization slides
Aplura virtualization slidesAplura virtualization slides
Aplura virtualization slides
 
nested-kvm
nested-kvmnested-kvm
nested-kvm
 
Virtualization support by intel
Virtualization support by intelVirtualization support by intel
Virtualization support by intel
 
The kvm virtualization way
The kvm virtualization wayThe kvm virtualization way
The kvm virtualization way
 
macvlan and ipvlan
macvlan and ipvlanmacvlan and ipvlan
macvlan and ipvlan
 
Hypervisor Security - OpenStack Summit Hong Kong
Hypervisor Security - OpenStack Summit Hong KongHypervisor Security - OpenStack Summit Hong Kong
Hypervisor Security - OpenStack Summit Hong Kong
 
Mastering kvm virtualization- A complete guide of KVM virtualization
Mastering kvm virtualization- A complete guide of KVM virtualizationMastering kvm virtualization- A complete guide of KVM virtualization
Mastering kvm virtualization- A complete guide of KVM virtualization
 
Virtualization - Kernel Virtual Machine (KVM)
Virtualization - Kernel Virtual Machine (KVM)Virtualization - Kernel Virtual Machine (KVM)
Virtualization - Kernel Virtual Machine (KVM)
 
Docker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversDocker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan Drivers
 
Hardware support for efficient virtualization
Hardware support for efficient virtualizationHardware support for efficient virtualization
Hardware support for efficient virtualization
 
Toward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malwareToward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malware
 
KVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStackKVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStack
 

Ähnlich wie Qemu Introduction

Java on arm theory, applications, and workloads [dev5048]
Java on arm theory, applications, and workloads [dev5048]Java on arm theory, applications, and workloads [dev5048]
Java on arm theory, applications, and workloads [dev5048]Aleksei Voitylov
 
Windows debugging sisimon
Windows debugging sisimonWindows debugging sisimon
Windows debugging sisimonSisimon Soman
 
Finding Xori: Malware Analysis Triage with Automated Disassembly
Finding Xori: Malware Analysis Triage with Automated DisassemblyFinding Xori: Malware Analysis Triage with Automated Disassembly
Finding Xori: Malware Analysis Triage with Automated DisassemblyPriyanka Aash
 
Finding Xori: Malware Analysis Triage with Automated Disassembly
Finding Xori: Malware Analysis Triage with Automated DisassemblyFinding Xori: Malware Analysis Triage with Automated Disassembly
Finding Xori: Malware Analysis Triage with Automated DisassemblyPriyanka Aash
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJapneet Singh
 
Super scaling singleton inserts
Super scaling singleton insertsSuper scaling singleton inserts
Super scaling singleton insertsChris Adkin
 
How Triton can help to reverse virtual machine based software protections
How Triton can help to reverse virtual machine based software protectionsHow Triton can help to reverse virtual machine based software protections
How Triton can help to reverse virtual machine based software protectionsJonathan Salwan
 
AVX512 assembly language in FFmpeg
AVX512 assembly language in FFmpegAVX512 assembly language in FFmpeg
AVX512 assembly language in FFmpegKieran Kunhya
 
Using Python3 to Build a Cloud Computing Service for my Superboard II
Using Python3 to Build a Cloud Computing Service for my Superboard IIUsing Python3 to Build a Cloud Computing Service for my Superboard II
Using Python3 to Build a Cloud Computing Service for my Superboard IIDavid Beazley (Dabeaz LLC)
 
Practical reverse engineering and exploit development for AVR-based Embedded ...
Practical reverse engineering and exploit development for AVR-based Embedded ...Practical reverse engineering and exploit development for AVR-based Embedded ...
Practical reverse engineering and exploit development for AVR-based Embedded ...Alexander Bolshev
 
Performance evaluation with Arm HPC tools for SVE
Performance evaluation with Arm HPC tools for SVEPerformance evaluation with Arm HPC tools for SVE
Performance evaluation with Arm HPC tools for SVELinaro
 
Assembly Language Tutorials for Windows - 04 Data Transfers Part-2
Assembly Language Tutorials for Windows - 04 Data Transfers Part-2Assembly Language Tutorials for Windows - 04 Data Transfers Part-2
Assembly Language Tutorials for Windows - 04 Data Transfers Part-2Sangram Kesari Ray
 
Writing Metasploit Plugins
Writing Metasploit PluginsWriting Metasploit Plugins
Writing Metasploit Pluginsamiable_indian
 
Demystifying Secure enclave processor
Demystifying Secure enclave processorDemystifying Secure enclave processor
Demystifying Secure enclave processorPriyanka Aash
 
Binary Obfuscation from the Top Down: Obfuscation Executables without Writing...
Binary Obfuscation from the Top Down: Obfuscation Executables without Writing...Binary Obfuscation from the Top Down: Obfuscation Executables without Writing...
Binary Obfuscation from the Top Down: Obfuscation Executables without Writing...frank2
 
Make ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKMake ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKSaumil Shah
 

Ähnlich wie Qemu Introduction (20)

Coal (1)
Coal (1)Coal (1)
Coal (1)
 
Emulating With JavaScript
Emulating With JavaScriptEmulating With JavaScript
Emulating With JavaScript
 
Java on arm theory, applications, and workloads [dev5048]
Java on arm theory, applications, and workloads [dev5048]Java on arm theory, applications, and workloads [dev5048]
Java on arm theory, applications, and workloads [dev5048]
 
Windows debugging sisimon
Windows debugging sisimonWindows debugging sisimon
Windows debugging sisimon
 
Architecture of pentium family
Architecture of pentium familyArchitecture of pentium family
Architecture of pentium family
 
Finding Xori: Malware Analysis Triage with Automated Disassembly
Finding Xori: Malware Analysis Triage with Automated DisassemblyFinding Xori: Malware Analysis Triage with Automated Disassembly
Finding Xori: Malware Analysis Triage with Automated Disassembly
 
Finding Xori: Malware Analysis Triage with Automated Disassembly
Finding Xori: Malware Analysis Triage with Automated DisassemblyFinding Xori: Malware Analysis Triage with Automated Disassembly
Finding Xori: Malware Analysis Triage with Automated Disassembly
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
Super scaling singleton inserts
Super scaling singleton insertsSuper scaling singleton inserts
Super scaling singleton inserts
 
How Triton can help to reverse virtual machine based software protections
How Triton can help to reverse virtual machine based software protectionsHow Triton can help to reverse virtual machine based software protections
How Triton can help to reverse virtual machine based software protections
 
AVX512 assembly language in FFmpeg
AVX512 assembly language in FFmpegAVX512 assembly language in FFmpeg
AVX512 assembly language in FFmpeg
 
Using Python3 to Build a Cloud Computing Service for my Superboard II
Using Python3 to Build a Cloud Computing Service for my Superboard IIUsing Python3 to Build a Cloud Computing Service for my Superboard II
Using Python3 to Build a Cloud Computing Service for my Superboard II
 
Practical reverse engineering and exploit development for AVR-based Embedded ...
Practical reverse engineering and exploit development for AVR-based Embedded ...Practical reverse engineering and exploit development for AVR-based Embedded ...
Practical reverse engineering and exploit development for AVR-based Embedded ...
 
Performance evaluation with Arm HPC tools for SVE
Performance evaluation with Arm HPC tools for SVEPerformance evaluation with Arm HPC tools for SVE
Performance evaluation with Arm HPC tools for SVE
 
Java Memory Model
Java Memory ModelJava Memory Model
Java Memory Model
 
Assembly Language Tutorials for Windows - 04 Data Transfers Part-2
Assembly Language Tutorials for Windows - 04 Data Transfers Part-2Assembly Language Tutorials for Windows - 04 Data Transfers Part-2
Assembly Language Tutorials for Windows - 04 Data Transfers Part-2
 
Writing Metasploit Plugins
Writing Metasploit PluginsWriting Metasploit Plugins
Writing Metasploit Plugins
 
Demystifying Secure enclave processor
Demystifying Secure enclave processorDemystifying Secure enclave processor
Demystifying Secure enclave processor
 
Binary Obfuscation from the Top Down: Obfuscation Executables without Writing...
Binary Obfuscation from the Top Down: Obfuscation Executables without Writing...Binary Obfuscation from the Top Down: Obfuscation Executables without Writing...
Binary Obfuscation from the Top Down: Obfuscation Executables without Writing...
 
Make ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKMake ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEK
 

Kürzlich hochgeladen

Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...OnePlan Solutions
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identityteam-WIBU
 
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesAmazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesKrzysztofKkol1
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
eSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration toolseSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration toolsosttopstonverter
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsJean Silva
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingShane Coughlan
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencessuser9e7c64
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptxVinzoCenzo
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxRTS corp
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingShane Coughlan
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 
Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024Anthony Dahanne
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...OnePlan Solutions
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogueitservices996
 
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfEnhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfRTS corp
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 

Kürzlich hochgeladen (20)

Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesAmazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
eSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration toolseSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration tools
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero results
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conference
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptx
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 
Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogue
 
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfEnhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 

Qemu Introduction

  • 2. Story Time • Emulation V.S. Virtualization • Why we love emulator ? • QEMU • ISA translation of QEMU • Guest Insn.  Intermediate Representation  Host Insn. • Code Block Translation • Translation Block Cache • Translation Block Chaining • Helper Feature of QEMU 2
  • 3. Emulation V.S. Virtualization • Both can be used to host VM (a.k.a hypervisor) • Virtualization • Share the underlying hardware as disjoin set for each VM instance. • Host ISA is the same as Guest ISA. • Guest operations can be directly dispatched to hardware • Fast • Emulation • Everything of Guest ISA are realized by software. • Register, Memory, I/O • Host ISA can be differ from Guest ISA. • Guest operations are translated into operations to the emulated devices • Slow 3
  • 4. Why we LOVE Emulator ? • Everything is implemented by software! • Everything can be customized on demands! • Welcome to the code-tracing hell…. • Popular emulator • QEMU • Bochs • QEMU is preferred in our use due to its better performance. • We will give more details later. 4
  • 5. QEMU • QEMU, a Fast and Portable Dynamic Translator • http://static.usenix.org/event/usenix05/tech/freenix/full_pap ers/bellard/bellard.pdf • Supporting numerous ISA emulation • i386 • x86_64 • arm • mips • ppc • Etc. • QEMU is also the client of Linux KVM (virtualization). • Herein we focus only on its emulation functionality. 5
  • 6. QEMU Snapshot & Console 6
  • 7. Before we dig into QEMU … Let us go through an emulation of a code snippets for example. 7
  • 8. Example of Emulation • Emulate ARM Guest on x86 Host ARM Register Value R0 0 R1 0 code: E3 A0 00 01 MOV R0, #1 E3 A0 10 02 MOV R1, #2 E0 80 00 01 ADD R0, R0, R1 8
  • 9. Example of Emulation • Emulate ARM Guest on x86 Host ARM Register Value R0 0 R1 0 code: E3 A0 00 01 MOV R0, #1 E3 A0 10 02 MOV R1, #2 E0 80 00 01 ADD R0, R0, R1 x86 Register Value EAX 0 ECX 0 Emulate R0, R1 w/ EAX, ECX 9
  • 10. Example of Emulation • Emulate ARM Guest on x86 Host ARM Register Value R0 1 R1 0 code: E3 A0 00 01 MOV R0, #1 E3 A0 10 02 MOV R1, #2 E0 80 00 01 ADD R0, R0, R1 x86 Register Value EAX 0 ECX 0 Emulate R0, R1 w/ EAX, ECX 10
  • 11. Example of Emulation • Emulate ARM Guest on x86 Host ARM Register Value R0 1 R1 0 code: E3 A0 00 01 MOV R0, #1 E3 A0 10 02 MOV R1, #2 E0 80 00 01 ADD R0, R0, R1 x86 Register Value EAX 1 ECX 0 Emulate R0, R1 w/ EAX, ECX translate code: B8 01 00 00 00 MOV EAX, 0x1 11
  • 12. Example of Emulation • Emulate ARM Guest on x86 Host ARM Register Value R0 1 R1 2 code: E3 A0 00 01 MOV R0, #1 E3 A0 10 02 MOV R1, #2 E0 80 00 01 ADD R0, R0, R1 x86 Register Value EAX 1 ECX 0 Emulate R0, R1 w/ EAX, ECX code: B8 01 00 00 00 MOV EAX, 0x1 12
  • 13. Example of Emulation • Emulate ARM Guest on x86 Host ARM Register Value R0 1 R1 2 code: E3 A0 00 01 MOV R0, #1 E3 A0 10 02 MOV R1, #2 E0 80 00 01 ADD R0, R0, R1 x86 Register Value EAX 1 ECX 2 Emulate R0, R1 w/ EAX, ECX translate code: B8 01 00 00 00 MOV EAX, 0x1 B9 02 00 00 00 MOV ECX, 0x2 13
  • 14. Example of Emulation • Emulate ARM Guest on x86 Host ARM Register Value R0 3 R1 2 code: E3 A0 00 01 MOV R0, #1 E3 A0 10 02 MOV R1, #2 E0 80 00 01 ADD R0, R0, R1 x86 Register Value EAX 1 ECX 2 Emulate R0, R1 w/ EAX, ECX code: B8 01 00 00 00 MOV EAX, 0x1 B9 02 00 00 00 MOV ECX, 0x2 14
  • 15. Example of Emulation • Emulate ARM Guest on x86 Host ARM Register Value R0 3 R1 2 code: E3 A0 00 01 MOV R0, #1 E3 A0 10 02 MOV R1, #2 E0 80 00 01 ADD R0, R0, R1 x86 Register Value EAX 3 ECX 2 Emulate R0, R1 w/ EAX, ECX code: B8 01 00 00 00 MOV EAX, 0x1 B9 02 00 00 00 MOV ECX, 0x2 01 C8 ADD EAX, ECX translate 15
  • 16. Translation Between Different ISA Guest Host 16
  • 17. Translation Between Different ISA Guest Host code translation 17
  • 18. Translation Between Different ISA Guest Host code translation 18
  • 19. Translation Between Different ISA Guest Host code translation 19
  • 20. Translation Between Different ISA Guest Host code translation 20
  • 21. Translation Between Different ISA Guest Host code translation Are you fucking kidding me ? 21
  • 22. Translation Between Different ISA of QEMU • QEMU adopts an abstraction layer between the translation. • Tiny Code Generator (TCG), an intermediate representation (IR) code. Guest Host TCG 22
  • 23. Translation Between Different ISA of QEMU • QEMU adopts an abstraction layer between the translation. • Tiny Code Generator (TCG), an intermediate representation (IR) code. Guest Host TCG 23
  • 24. Translation Between Different ISA of QEMU • QEMU adopts an abstraction layer between the translation. • Tiny Code Generator (TCG), an intermediate representation (IR) code. Guest Host TCG 24
  • 25. Translation Between Different ISA of QEMU • QEMU adopts an abstraction layer between the translation. • Tiny Code Generator (TCG), an intermediate representation (IR) code. Guest Host TCG 25
  • 26. Example of QEMU Code Translation Guest Code TCG mov eax, ds mov_i64 tmp0, rax movi_i64 tmp3, 0xfd194 st_i64 tmp3, env, 0x80 mov_i32 tmp5, tmp0 movi_i32 tmp11, 0x3 call load_seg, 0x0, 0, env, tmp11, tmp5 movi_i64 tmp3, 0xfd196 st_i64 tmp3, env, 0x80 exit_tb 0x0 set_label L0 exit_tb 0x7f77499ff3cb • x86_64 (Guest)  TCG 26
  • 27. Example of QEMU Code Translation TCG Host Code mov_i64 tmp0, rax movi_i64 tmp3, 0xfd194 st_i64 tmp3, env, 0x80 mov_i32 tmp5, tmp0 movi_i32 tmp11, 0x3 call load_seg, 0x0, 0, env, tmp11, tmp5 movi_i64 tmp3, 0xfd196 st_i64 tmp3, env, 0x80 exit_tb 0x0 set_label L0 exit_tb 0x7f77499ff3cb mov rax, 0x3 mov [0x7f779478f008], rax mov [r14 + 0x80], 0xfd194 mov rdi, r14 mov esi, 0x3 mov edx, 0x10 call 0x7f776ce8e500 mov [r14 + 0x80], 0xfd196 xor eax, eax jmp 0x7f776a9fec16 lea rax, [rip – 0x110005ed] jmp 0x7f776a9fec16 • TCG  x86_64 (Host) 27
  • 28. Example of QEMU Code Translation TCG Host Code mov_i64 tmp0, rax movi_i64 tmp3, 0xfd194 st_i64 tmp3, env, 0x80 mov_i32 tmp5, tmp0 movi_i32 tmp11, 0x3 call load_seg, 0x0, 0, env, tmp11, tmp5 movi_i64 tmp3, 0xfd196 st_i64 tmp3, env, 0x80 exit_tb 0x0 set_label L0 exit_tb 0x7f77499ff3cb mov rax, 0x3 mov [0x7f779478f008], rax mov [r14 + 0x80], 0xfd194 mov rdi, r14 mov esi, 0x3 mov edx, 0x10 call 0x7f776ce8e500 mov [r14 + 0x80], 0xfd196 xor eax, eax jmp 0x7f776a9fec16 lea rax, [rip – 0x110005ed] jmp 0x7f776a9fec16 • TCG  x86_64 (Host) 28 I just wanna execute mov eax, ds
  • 29. Code Block-based Translation • First thought of code translation • Interpret each encountered Guest instruction and execute the translated code in Host (Bochs’ way). • Recall the emulation example in page 7. • QEMU use code block-based translation instead of one-by-one interpretation. • Performance improvement 29
  • 30. What is Code Block • Code Block/Basic Block (also called Translation Block in QEMU) • A collection of instructions that can be SEQUENTIALLY executed. • Each block is ended with a control-flow transfer instruction. 30
  • 31. Performance Improvement 31 • Translation block optimization mov eax, 1 add eax, 2 mov eax, 3 • Translation block cache (coming up)
  • 32. Performance Improvement 32 • Translation block optimization mov eax, 1 add eax, 2 mov eax, 3 • Translation block cache (coming up)
  • 33. Translation Block Cache • Since executing code doesn’t change often, why don’t we stop translating the code previously translated ? 33
  • 34. Translation Block Cache • Since executing code doesn’t change often, why don’t we stop translating the code previously translated ? • YES! QEMU caches the translation block and index it with the Guest physical address where the code resides in. 34
  • 35. Translation Block Cache • Workflow 35 main: mov dword ptr [esp+18], 0 mov dword ptr [esp+14], 80 mov dword ptr [esp+10], 1 mov dword ptr [esp+C], 0 mov dword ptr [esp+8], 0 mov dword ptr [esp+4], C0000000 mov dword ptr [esp], 00404020 mov eax, dword ptr[00406120] call eax // f = CreateFileA( … ) sub esp, 1C mov dword ptr[ebp-C], eax cmp dword ptr[ebp-C], -1 jnz short 00401557 // if(f == -1) mov eax, -1 jmp short 0040156C // return -1 mov eax, dword ptr [ebp-C] mov dword ptr [esp], eax mov eax, dword ptr[0040611C] call eax // CloseHandle( f ) sub esp, 4 mov eax, 0 mov ecx, dword ptr [ebp-4] leave // return 0 EIP = 0x11223344 GVA = 0x11223344 GPA = 0x5566 Is TB_cache[GPA] Valid ? Execute the TB Code Translation mov dword ptr [esp+18], 0 mov dword ptr [esp+14], 80 mov dword ptr [esp+10], 1 mov dword ptr [esp+C], 0 mov dword ptr [esp+8], 0 mov dword ptr [esp+4], C0000000 mov dword ptr [esp], 00404020 mov eax, dword ptr[00406120] call eax TB_cache[GPA] = TB GVA: Guest Virtual Address GPA: Guest Physical Address Guest Host True False Lookup the Guest page table for GVA TB (Translated code inside)
  • 36. Translation Block Cache • Cache space is limited. • Policy for cache replacement upon full cache is required. 36
  • 37. Translation Block Cache • Cache space is limited. • Policy for cache replacement upon full cache is required. 37
  • 38. • Assume TB1, TB2, and TB3 are all cached and going to be sequentially executed. • Six control flow transfer. Translation Block Chaining 38 QEMU TB 1 TB 2 TB 3 Find TB1 in cache & Exec Return Find TB2 in cache & Exec Return Find TB3 in cache & Exec Return Time
  • 39. • When TB1, TB2, and TB3 are executed sequentially in most case … • Four control flow transfer. Faster Translation Block Chaining 39 QEMU TB 1 TB 2 TB 3 Find TB1 in cache & Exec Return Find TB2 in cache & Exec Return Find TB3 in cache & Exec Return Time
  • 40. • What if the end of a TB is a conditional branch ? ( e.g. JCC group of x86 ) • Each TB has two slots for chaining Translation Block Chaining 40 TB 1 TB 2 TB 3 True Chain False Chain
  • 41. 41 So far so good ?
  • 42. Helper Feature of QEMU • Helper makes the TB execution be transferred immediately to C-function Host code. • Advantage • Ease of the burden of coding on complex code translation • Interception during TB execution • Disadvantage • Overhead caused by transmitting the QEMU state from “executing translated Guest code” to “executing Host code” 42
  • 43. Example of Helper Use 43 qemu/helper.c void helper_div( arg1, arg2 ) { // Do the division job & // Update the emulated Guest CPU/Memory } Guest Code TCG IR Host Code • x86_64  TCG  x86_64
  • 44. Example of Helper Use 44 qemu/helper.c void helper_div( arg1, arg2 ) { // Do the division job & // Update the emulated Guest CPU/Memory } Guest Code TCG IR Host Code • x86_64  TCG  x86_64 compile helper_div: 0x7f776ce80440: push rbp 0x7f776ce80441: mov rbp, rsp …
  • 45. Example of Helper Use 45 qemu/helper.c void helper_div( arg1, arg2 ) { // Do the division job & // Update the emulated Guest CPU/Memory } Guest Code TCG IR Host Code div ecx • x86_64  TCG  x86_64 compile helper_div: 0x7f776ce80440: push rbp 0x7f776ce80441: mov rbp, rsp …
  • 46. Example of Helper Use 46 qemu/helper.c void helper_div( arg1, arg2 ) { // Do the division job & // Update the emulated Guest CPU/Memory } Guest Code TCG IR Host Code div ecx mov_i64 tmp0,rcx movi_i64 tmp3,$0xf0544 st_i64 tmp3,env,$0x80 call divl_EAX,$0x0,$0,env,tmp0 • x86_64  TCG  x86_64 compile helper_div: 0x7f776ce80440: push rbp 0x7f776ce80441: mov rbp, rsp … Translation by calling gen_helper_div
  • 47. Example of Helper Use 47 qemu/helper.c void helper_div( arg1, arg2 ) { // Do the division job & // Update the emulated Guest CPU/Memory } Guest Code TCG IR Host Code div ecx mov_i64 tmp0,rcx movi_i64 tmp3,$0xf0544 st_i64 tmp3,env,$0x80 call divl_EAX,$0x0,$0,env,tmp0 movq $0xf0544,0x80(%r14) mov %r14,%rdi mov $0xa,%esi callq 0x7f776ce80440 • x86_64  TCG  x86_64 compile helper_div: 0x7f776ce80440: push rbp 0x7f776ce80441: mov rbp, rsp … Translation by calling gen_helper_div Generate Host Code for div ecx emulation
  • 48. Example of Helper Use 48 qemu/helper.c void helper_div( arg1, arg2 ) { // Do the division job & // Update the emulated Guest CPU/Memory } Guest Code TCG IR Host Code div ecx mov_i64 tmp0,rcx movi_i64 tmp3,$0xf0544 st_i64 tmp3,env,$0x80 call divl_EAX,$0x0,$0,env,tmp0 movq $0xf0544,0x80(%r14) mov %r14,%rdi mov $0xa,%esi callq 0x7f776ce80440 • x86_64  TCG  x86_64 compile helper_div: 0x7f776ce80440: push rbp 0x7f776ce80441: mov rbp, rsp … Translation by calling gen_helper_div Generate Host Code for div ecx emulation
  • 49. Example of Helper Use 49 qemu/helper.c void helper_div( arg1, arg2 ) { // Do the division job & // Update the emulated Guest CPU/Memory } Guest Code TCG IR Host Code div ecx mov_i64 tmp0,rcx movi_i64 tmp3,$0xf0544 st_i64 tmp3,env,$0x80 call divl_EAX,$0x0,$0,env,tmp0 movq $0xf0544,0x80(%r14) mov %r14,%rdi mov $0xa,%esi callq 0x7f776ce80440 • x86_64  TCG  x86_64 compile helper_div: 0x7f776ce80440: push rbp 0x7f776ce80441: mov rbp, rsp … Translation by calling gen_helper_div Generate Host Code for div ecx emulation
  • 50. When does QEMU Use Helper ? • Translating an instruction which results in complex and numerous TCG IR generation. • e.g. div of x86 • Interception to the execution of translated instruction is required. (like hook) • e.g. jcc of x86 • … (might be more cases. I haven’t fully comprehended) 50
  • 51. More QEMU-related System of DSNSLab • SecMap • Two-layer Disk Forensics • MrKIP • VMaware Detector • Cloudebug • ProbeBuilder • Android Taint 51