Qemu code fault automatic discovery with symbolic search. Paul Marinescu, Cristian Cadar, Chunjie Zhu, Philippe Gabriel
|
|
- Estella Pearson
- 5 years ago
- Views:
Transcription
1 Qemu code fault automatic discovery with symbolic search Paul Marinescu, Cristian Cadar, Chunjie Zhu, Philippe Gabriel
2 Goals of this presentation Introduction of KLEE (symbolic execution tool) Qemu fault/patch retrospective Understand how Qemu-dm works Qemu code check by symbolic execution Work on the way
3 Introduction of KLEE (symbolic execution tool) klee_make_symbolic(&a, sizeof(a), a ) klee_make_symbolic(&b, sizeof(b), b ) int foo(int x, int y) { int ret = 0; if (x + y < 15) { if (y!= 10) ret = 1; else ret = 2; } else { if (y!= 10) ret = 3; else ret = 4; } return ret; } foo(a, b);
4 Introduction of KLEE (symbolic execution tool) See real execution paths explored by KLEE test ktest test ktest test ktest test ktest (int32 overflow) args : ['test.o'] num objects: 2 object 0: name: b'a' object 0: size: 4 object 0: data: object 1: name: b'b' object 1: size: 4 object 1: data: 10 args : ['test.o'] num objects: 2 object 0: name: b'a' object 0: size: 4 object 0: data: 0 object 1: name: b'b' object 1: size: 4 object 1: data: 0 args : ['test.o'] num objects: 2 object 0: name: b'a' object 0: size: 4 object 0: data: object 1: name: b'b' object 1: size: 4 object 1: data: args : ['test.o'] num objects: 2 object 0: name: b'a' object 0: size: 4 object 0: data: object 1: name: b'b' object 1: size: 4 object 1: data: 10
5 Introduction of KLEE (symbolic execution tool) How does KLEE work compile target program to LLVM bitcode core engine plays the role of a virtual machine for LLVM bitcode symbolic execution traverses as many possible code paths in a given time budget (dead loop?) 1. depth-first search/breadth-first search/non-uniform-random search 2. query-cost-optimization/code-coverage-optimization requests constraint solver to give a solution once run into code branch special case handling 1. constraint solver does not support symbolic-sized objects, e.g. malloc(size) external environment modeling (e.g. file system access) one test case is generated once a code path reaches its end or encounters an error replay the test case after klee code check is completed
6 Introduction of KLEE (symbolic execution tool) Successful story (see
7 Qemu fault/patch retrospective - 1 Qemu buffer overflow CVE , does not restrict PCI config space write access for PCI pass-through CVE , floppy disk controller issue CVE , XEN_DOMCTL_memory_mapping hypercall issue others Postmortem idea to spot any potential vulnerability automatically?
8 Qemu fault/patch retrospective - 2 Solutions fuzz testing a) treat Qemu as a black box b) generate random input to Qemu, easy to implement c) a very hard time reaching some code paths (e.g. int32 x == , 1/2^32 chance to hit the branch without any guidance) d) not reproducible symbolic execution a) have internal state representation of Qemu b) generate stable test case to reproduce any code fault c) higher code coverage d) difficult to adopt
9 Understand how Qemu-dm works - 1
10 Understand how Qemu-dm works - 2 guest os <-> xen hypervisor guest os issues IN AL, 0x10 VM exit traps guest os into hypervisor hypervisor packages an ioreq and fills it into ioreq queue (shared memory between hypervisor and qemu), notifies qemu to handle this request and waits the io instruction done (hypervisor schedules other task to execute on CPU, but does not block forever) qemu gives response, hypervisor reads the data out, and then copies it to guest os registers in VMCS (See x86 VT-x spec) xen-hypervisor <-> qemu process (qemu calls libxc to map the shared memory into its own virtual memory address space at startsup) qemu event loop polls ioreq from queue qemu gets an ioreq and parse it (0x10, read, memory to store 0x10 data) qemu calls xen_platform ioport read function (xen_platform registers ioport 0x10) qemu writes the data into the memory block (ioreq contains a memory point which is used to store the data) qemu notifies hypervisor that job is done
11 Qemu code check by symbolic search Rebuild Qemu in LLVM bitcode (libxc dependencies?) Minimal Qemu image necessary load/startup instructions ioport in/out instructions Run check klee core engine loads Qemu LLVM bitcode and the minimal image klee generates input and traverses Qemu program state space klee records the input sequence (change on klee?) watchdog monitor, restart if klee terminates when it runs into Qemu code fault code coverage report? Alternative option start Qemu from an actual instruction trace and treat various instruction arguments as symbolic input, see if some input causes errors
12 Work on the way Rebuild Qemu remove dependency stub libxc? klee libxc modeling? achievement boot toy OS using klee and do some initial symbolic checks KLEE symbolic variable input -> instruction input? restart after crash, next crash at the same location? (using klee seeds) others We are still on the way...
13 Q & A Thanks. Questions?
Qiang Li && Zhibin Hu/Qihoo 360 Gear Team Ruxcon 2016
Qiang Li && Zhibin Hu/Qihoo 360 Gear Team Ruxcon 2016 Who are we Security researcher in Qihoo 360 Inc(Gear Team) Vulnerability discovery and analysis Specialize in QEMU currently 50+ security issues, 33
More informationVirtual Machines. Part 2: starting 19 years ago. Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.
Virtual Machines Part 2: starting 19 years ago Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved. Operating Systems In Depth IX 2 Copyright 2018 Thomas W. Doeppner.
More informationCrashOS: Hypervisor testing tool
ISSRE 2017 Anaïs GANTET - Airbus Digital Security October 2017 Outline 1 Why CrashOS? 2 CrashOS presentation 3 Vulnerability research and results October 2017 2 ISSRE Outline 1 Why CrashOS? 2 CrashOS presentation
More informationProgram Testing via Symbolic Execution
Program Testing via Symbolic Execution Daniel Dunbar Program Testing via Symbolic Execution p. 1/26 Introduction Motivation Manual testing is difficult Program Testing via Symbolic Execution p. 2/26 Introduction
More informationXen is not just paravirtualization
Xen is not just paravirtualization Dongli Zhang Oracle Asia Research and Development Centers (Beijing) dongli.zhang@oracle.com December 16, 2016 Dongli Zhang (Oracle) Xen is not just paravirtualization
More informationMonitoring Hypervisor Integrity at Runtime. Student: Cuong Pham PIs: Prof. Zbigniew Kalbarczyk, Prof. Ravi K. Iyer ACC Meeting, Oct 2015
Monitoring Hypervisor Integrity at Runtime Student: Cuong Pham PIs: Prof. Zbigniew Kalbarczyk, Prof. Ravi K. Iyer ACC Meeting, Oct 2015 Motivation - Server Virtualization Trend x86 servers were virtualized
More informationLecture 7. Xen and the Art of Virtualization. Paul Braham, Boris Dragovic, Keir Fraser et al. 16 November, Advanced Operating Systems
Lecture 7 Xen and the Art of Virtualization Paul Braham, Boris Dragovic, Keir Fraser et al. Advanced Operating Systems 16 November, 2011 SOA/OS Lecture 7, Xen 1/38 Contents Virtualization Xen Memory CPU
More informationIntroduction to Symbolic Execution
Introduction to Symbolic Execution Classic Symbolic Execution 1 Problem 1: Infinite execution path Problem 2: Unsolvable formulas 2 Problem 3: symbolic modeling External function calls and system calls
More informationJunhong Jiang, Kevin Tian, Chris Wright, Don Dugger
Updating Xen for the Client Environment Junhong Jiang, Kevin Tian, Chris Wright, Don Dugger Legal Content INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. EXCEPT AS PROVIDED
More informationVirtualization Device Emulator Testing Technology. Speaker: Qinghao Tang Title 360 Marvel Team Leader
Virtualization Device Emulator Testing Technology Speaker: Qinghao Tang Title 360 Marvel Team Leader 1 360 Marvel Team Established in May 2015, the first professional could computing and virtualization
More informationCS-580K/480K Advanced Topics in Cloud Computing. VM Virtualization II
CS-580K/480K Advanced Topics in Cloud Computing VM Virtualization II 1 How to Build a Virtual Machine? 2 How to Run a Program Compiling Source Program Loading Instruction Instruction Instruction Instruction
More informationXen VT status and TODO lists for Xen-summit. Arun Sharma, Asit Mallick, Jun Nakajima, Sunil Saxena
Xen VT status and TODO lists for Xen-summit Arun Sharma, Asit Mallick, Jun Nakajima, Sunil Saxena R Outline VMX Guests Status Summary Status Domain0 restructuring PCI/IOAPIC X86-64 VMX guests enhancements
More informationCodeTickler: Automated Software Testing as a Service. Cris%an Zamfir, Vitaly Chipounov, George Candea
CodeTickler: Automated Software Testing as a Service Cris%an Zamfir, Vitaly Chipounov, George Candea Wouldn t it be nice to have reliable software? Vision Machines should find corner cases do tricky security
More informationIntel Graphics Virtualization on KVM. Aug KVM Forum 2011 Rev. 3
Intel Graphics Virtualization on KVM Aug-16-2011 allen.m.kay@intel.com KVM Forum 2011 Rev. 3 Agenda Background on IO Virtualization Device Operation on Native Platform QEMU IO Virtualization Device Direct
More informationSpring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand
Introduction to Virtual Machines Nima Honarmand Virtual Machines & Hypervisors Virtual Machine: an abstraction of a complete compute environment through the combined virtualization of the processor, memory,
More informationMalware
reloaded Malware Research Team @ @xabiugarte Motivation Design principles / architecture Features Use cases Future work Dynamic Binary Instrumentation Techniques to trace the execution of a binary (or
More informationDEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING UNIT I
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING Year and Semester : II / IV Subject Code : CS6401 Subject Name : Operating System Degree and Branch : B.E CSE UNIT I 1. Define system process 2. What is an
More informationAutomated Whitebox Fuzz Testing. by - Patrice Godefroid, - Michael Y. Levin and - David Molnar
Automated Whitebox Fuzz Testing by - Patrice Godefroid, - Michael Y. Levin and - David Molnar OUTLINE Introduction Methods Experiments Results Conclusion Introduction Fuzz testing is an effective Software
More informationHypervisor security. Evgeny Yakovlev, DEFCON NN, 2017
Hypervisor security Evgeny Yakovlev, DEFCON NN, 2017 whoami Low-level development in C and C++ on x86 UEFI, virtualization, security Jetico, Kaspersky Lab QEMU/KVM developer at Virtuozzo 2 Agenda Why hypervisor
More information24-vm.txt Mon Nov 21 22:13: Notes on Virtual Machines , Fall 2011 Carnegie Mellon University Randal E. Bryant.
24-vm.txt Mon Nov 21 22:13:36 2011 1 Notes on Virtual Machines 15-440, Fall 2011 Carnegie Mellon University Randal E. Bryant References: Tannenbaum, 3.2 Barham, et al., "Xen and the art of virtualization,"
More informationI/O virtualization. Jiang, Yunhong Yang, Xiaowei Software and Service Group 2009 虚拟化技术全国高校师资研讨班
I/O virtualization Jiang, Yunhong Yang, Xiaowei 1 Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE,
More informationTesting, Fuzzing, & Symbolic Execution
Testing, Fuzzing, & Symbolic Execution Software Testing The most common way of measuring & ensuring correctness Input 2 Software Testing The most common way of measuring & ensuring correctness Input Observed
More informationVirtualization. Pradipta De
Virtualization Pradipta De pradipta.de@sunykorea.ac.kr Today s Topic Virtualization Basics System Virtualization Techniques CSE506: Ext Filesystem 2 Virtualization? A virtual machine (VM) is an emulation
More informationLinux and Xen. Andrea Sarro. andrea.sarro(at)quadrics.it. Linux Kernel Hacking Free Course IV Edition
Linux and Xen Andrea Sarro andrea.sarro(at)quadrics.it Linux Kernel Hacking Free Course IV Edition Andrea Sarro (andrea.sarro(at)quadrics.it) Linux and Xen 07/05/2008 1 / 37 Introduction Xen and Virtualization
More informationMark Tuttle, Lee Rosenbaum, Oleksandr Bazhaniuk, John Loucaides, Vincent Zimmer Intel Corporation. August 10, 2015
Mark Tuttle, Lee Rosenbaum, Oleksandr Bazhaniuk, John Loucaides, Vincent Zimmer Intel Corporation August 10, 2015 Overview Message: Symbolic execution is now a believable path to BIOS validation Outline:
More informationLinux on Sun Logical Domains
Linux on Sun Logical Domains linux.conf.au, MEL8OURNE, 2008 Outline 1 Background SUN4V and Niagara Sun s Logical Domains 2 Userland Simulator 3 Implementation LDC: Logical Domain Channels VIO: Virtual
More informationVirtualization. Operating Systems, 2016, Meni Adler, Danny Hendler & Amnon Meisels
Virtualization Operating Systems, 2016, Meni Adler, Danny Hendler & Amnon Meisels 1 What is virtualization? Creating a virtual version of something o Hardware, operating system, application, network, memory,
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 16: Building Secure Software Department of Computer Science and Engineering University at Buffalo 1 Review A large number of software vulnerabilities various
More informationVirtual Virtual Memory
Virtual Virtual Memory Jason Power 3/20/2015 With contributions from Jayneel Gandhi and Lena Olson 4/17/2015 UNIVERSITY OF WISCONSIN 1 Virtual Machine History 1970 s: VMMs 1997: Disco 1999: VMWare (binary
More informationTest Automation. 20 December 2017
Test Automation 20 December 2017 The problem of test automation Testing has repetitive components, so automation is justified The problem is cost-benefit evaluation of automation [Kaner] Time for: test
More informationMWR InfoSecurity Security Advisory. Linux USB Device Driver - Buffer Overflow. 29 th October Contents
Contents MWR InfoSecurity Security Advisory Linux USB Device Driver - Buffer Overflow 29 th October 2009 2009-10-29 Page 1 of 8 Contents Contents 1 Detailed Vulnerability Description... 4 1.1 Technical
More informationModule 1: Virtualization. Types of Interfaces
Module 1: Virtualization Virtualization: extend or replace an existing interface to mimic the behavior of another system. Introduced in 1970s: run legacy software on newer mainframe hardware Handle platform
More informationVirtualization with XEN. Trusted Computing CS599 Spring 2007 Arun Viswanathan University of Southern California
Virtualization with XEN Trusted Computing CS599 Spring 2007 Arun Viswanathan University of Southern California A g e n d a Introduction Virtualization approaches Basic XEN Architecture Setting up XEN Bootstrapping
More informationAdvanced Operating Systems (CS 202) Virtualization
Advanced Operating Systems (CS 202) Virtualization Virtualization One of the natural consequences of the extensibility research we discussed What is virtualization and what are the benefits? 2 Virtualization
More informationCS 152 Computer Architecture and Engineering
CS 152 Computer Architecture and Engineering Lecture 12 -- Virtual Memory 2014-2-27 John Lazzaro (not a prof - John is always OK) TA: Eric Love www-inst.eecs.berkeley.edu/~cs152/ Play: CS 152 L12: Virtual
More informationTesting & Symbolic Execution
Testing & Symbolic Execution Software Testing The most common way of measuring & ensuring correctness Input 2 Software Testing The most common way of measuring & ensuring correctness Input Observed Behavior
More informationVirtual Machine Virtual Machine Types System Virtual Machine: virtualize a machine Container: virtualize an OS Program Virtual Machine: virtualize a process Language Virtual Machine: virtualize a language
More informationLecture Topics. Announcements. Today: Threads (Stallings, chapter , 4.6) Next: Concurrency (Stallings, chapter , 5.
Lecture Topics Today: Threads (Stallings, chapter 4.1-4.3, 4.6) Next: Concurrency (Stallings, chapter 5.1-5.4, 5.7) 1 Announcements Make tutorial Self-Study Exercise #4 Project #2 (due 9/20) Project #3
More informationShared Virtual Memory (SVM) in Xen. Feng Wu
Shared Virtual Memory (SVM) in Xen Feng Wu feng.wu@intel.com 1 Agenda Motivation Now and Future SVM in Hardware Why Xen needs SVM What needs to do in Xen Summary 2 Motivation OpenCL 2.0 supports sharing
More informationVT-d Posted Interrupts. Feng Wu, Jun Nakajima <Speaker> Intel Corporation
VT-d Posted Interrupts Feng Wu, Jun Nakajima Intel Corporation Agenda Motivation Difference btw CPU-based and VT-d Posted Interrupts Architecture Implementation Details Performance Summary 2
More informationCRAXweb: Web Testing and Attacks through QEMU in S2E. Shih-Kun Huang National Chiao Tung University Hsinchu, Taiwan
CRAXweb: Web Testing and Attacks through QEMU in S2E Shih-Kun Huang National Chiao Tung University Hsinchu, Taiwan skhuang@cs.nctu.edu.tw Motivation Symbolic Execution is effective to crash applications
More informationUnderstanding Undefined Behavior
Session Developer Tools #WWDC17 Understanding Undefined Behavior 407 Fred Riss, Clang Team Ryan Govostes, Security Engineering and Architecture Team Anna Zaks, Program Analysis Team 2017 Apple Inc. All
More informationNested Virtualization Update From Intel. Xiantao Zhang, Eddie Dong Intel Corporation
Nested Virtualization Update From Intel Xiantao Zhang, Eddie Dong Intel Corporation Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED,
More informationAbstractions for Practical Virtual Machine Replay. Anton Burtsev, David Johnson, Mike Hibler, Eric Eride, John Regehr University of Utah
Abstractions for Practical Virtual Machine Replay Anton Burtsev, David Johnson, Mike Hibler, Eric Eride, John Regehr University of Utah 2 3 Number of systems supporting replay: 0 Determinism 4 CPU is deterministic
More informationCSCE 410/611: Virtualization!
CSCE 410/611: Virtualization! Definitions, Terminology! Why Virtual Machines?! Mechanics of Virtualization! Virtualization of Resources (Memory)! Some slides made available Courtesy of Gernot Heiser, UNSW.!
More informationPre-virtualization internals
Pre-virtualization internals Joshua LeVasseur 3 March 2006 L4Ka.org Universität Karlsruhe (TH) Compile time overview Compiler C code Assembler code OS source code Hand-written assembler Afterburner Assembler
More informationVirtual machine architecture and KVM analysis D 陳彥霖 B 郭宗倫
Virtual machine architecture and KVM analysis D97942011 陳彥霖 B96902030 郭宗倫 Virtual machine monitor serves as an interface between hardware and software; no matter what kind of hardware under, software can
More informationSecure Containers with EPT Isolation
Secure Containers with EPT Isolation Chunyan Liu liuchunyan9@huawei.com Jixing Gu jixing.gu@intel.com Presenters Jixing Gu: Software Architect, from Intel CIG SW Team, working on secure container solution
More informationChecking out" the hypervisor
Debugging in virtual worlds: Checking out" the hypervisor In order to save money, the functions from several electronic devices are consolidated on a common hardware unit. A hypervisor separates the functions
More informationTesting System Virtual Machines
Testing System Virtual Machines Lorenzo Martignoni 1 Roberto Paleari 2 Giampaolo Fresi Roglia 2 Danilo Bruschi 2 1 Università degli Studi di Udine 2 Università degli Studi di Milano International Conference
More informationSystem Call. Preview. System Call. System Call. System Call 9/7/2018
Preview Operating System Structure Monolithic Layered System Microkernel Virtual Machine Process Management Process Models Process Creation Process Termination Process State Process Implementation Operating
More informationPVHVM Linux guest why doesn't kexec work? Vitaly Kuznetsov Red Hat Xen Developer Summit, 2015
PVHVM Linux guest why doesn't kexec work? Vitaly Kuznetsov Red Hat Xen Developer Summit, 2015 Why? We support Red Hat Enterprise Linux. Bare hardware, virtualized and cloud environments,... Kernel issues
More informationXen and the Art of Virtualiza2on
Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian PraF, Andrew Warfield University of Cambridge Computer Laboratory Kyle SchuF CS 5204 Virtualiza2on Abstrac2on
More informationTowards a configurable and slimmer x86 hypervisor
Towards a configurable and slimmer x86 hypervisor Liu Wei Budapest July 11-13, 2017 Current state of affairs PV mode: no hardware extension needed, used in legacy systems, useful in certain cases like
More informationSymbolic Computation via Program Transformation
Symbolic Computation via Program Transformation Henrich Lauko, Petr Ročkai and Jiří Barnat Masaryk University Brno, Czech Republic Symbolic Computation Motivation verify programs with inputs from the environment
More informationI/O Hardwares. Some typical device, network, and data base rates
Input/Output 1 I/O Hardwares Some typical device, network, and data base rates 2 Device Controllers I/O devices have components: mechanical component electronic component The electronic component is the
More informationIntroduction to Virtual Machines. Carl Waldspurger (SB SM 89 PhD 95) VMware R&D
Introduction to Virtual Machines Carl Waldspurger (SB SM 89 PhD 95) VMware R&D Overview Virtualization and VMs Processor Virtualization Memory Virtualization I/O Virtualization Typesof Virtualization Process
More informationOS Virtualization. Why Virtualize? Introduction. Virtualization Basics 12/10/2012. Motivation. Types of Virtualization.
Virtualization Basics Motivation OS Virtualization CSC 456 Final Presentation Brandon D. Shroyer Types of Virtualization Process virtualization (Java) System virtualization (classic, hosted) Emulation
More informationSymbolic Execution. Wei Le April
Symbolic Execution Wei Le 2016 April Agenda What is symbolic execution? Applications History Interal Design: The three challenges Path explosion Modeling statements and environments Constraint solving
More informationThe Kernel Abstraction
The Kernel Abstraction Debugging as Engineering Much of your time in this course will be spent debugging In industry, 50% of software dev is debugging Even more for kernel development How do you reduce
More informationAutomotive Software Security Testing
Detecting and Addressing Cybersecurity Issues V1.1 2018-03-05 Code ahead! 2 Automated vulnerability detection and triage + = 3 How did we get here? Vector was engaged with a large, US Tier 1 and we were
More informationEE 660: Computer Architecture Cloud Architecture: Virtualization
EE 660: Computer Architecture Cloud Architecture: Virtualization Yao Zheng Department of Electrical Engineering University of Hawaiʻi at Mānoa Based on the slides of Prof. Roy Campbell & Prof Reza Farivar
More informationLecture 5: February 3
CMPSCI 677 Operating Systems Spring 2014 Lecture 5: February 3 Lecturer: Prashant Shenoy Scribe: Aditya Sundarrajan 5.1 Virtualization Virtualization is a technique that extends or replaces an existing
More informationHostless Xen Deployment
Hostless Xen Deployment Xen Summit Fall 2007 David Lively dlively@virtualiron.com dave.lively@gmail.com Hostless Xen Deployment What Hostless Means Motivation System Architecture Challenges and Solutions
More informationVMWARE VREALIZE OPERATIONS MANAGEMENT PACK FOR. Xen Hypervisor. User Guide
VMWARE VREALIZE OPERATIONS MANAGEMENT PACK FOR Xen Hypervisor User Guide TABLE OF CONTENTS 1. Purpose... 3 2. Introduction to the Management Pack... 3 2.1 How the Management Pack Collects Data... 3 2.2
More informationCIS 21 Final Study Guide. Final covers ch. 1-20, except for 17. Need to know:
CIS 21 Final Study Guide Final covers ch. 1-20, except for 17. Need to know: I. Amdahl's Law II. Moore s Law III. Processes and Threading A. What is a process? B. What is a thread? C. Modes (kernel mode,
More informationXen on ARM ARMv7 with virtualization extensions
Xen on ARM ARMv7 with virtualization extensions Stefano Stabellini Why? Why? smartphones: getting smarter Quad-core 1.4 GHz Cortex-A9 ARM Servers coming to market 4GB RAM, 4 cores per node 3 x 6 x 4 x
More informationWhat is KVM? KVM patch. Modern hypervisors must do many things that are already done by OSs Scheduler, Memory management, I/O stacks
LINUX-KVM The need for KVM x86 originally virtualization unfriendly No hardware provisions Instructions behave differently depending on privilege context(popf) Performance suffered on trap-and-emulate
More informationXen and the Art of Virtualization. CSE-291 (Cloud Computing) Fall 2016
Xen and the Art of Virtualization CSE-291 (Cloud Computing) Fall 2016 Why Virtualization? Share resources among many uses Allow heterogeneity in environments Allow differences in host and guest Provide
More informationVirtualisation: The KVM Way. Amit Shah
Virtualisation: The KVM Way Amit Shah amit.shah@qumranet.com foss.in/2007 Virtualisation Simulation of computer system in software Components Processor Management: register state, instructions, exceptions
More informationVirtualization. Michael Tsai 2018/4/16
Virtualization Michael Tsai 2018/4/16 What is virtualization? Let s first look at a video from VMware http://www.vmware.com/tw/products/vsphere.html Problems? Low utilization Different needs DNS DHCP Web
More informationLive Migration of Virtual Machines
Live Migration of Virtual Machines Pre-copy :Christopher Clarke, Keir Fraser, et. al. NSDI 2005 Post-copy: Hines, Deshpande, Gopalan, VEE 2009 What is live migration? Move a VM from one physical machine
More informationMLSA: a static bugs analysis tool based on LLVM IR
International Journal of Networked and Distributed Computing, Vol. 4, No. 3 (July 2016), 137-144 MLSA: a static bugs analysis tool based on LLVM IR Hongliang Liang 1, Lei Wang 1, Dongyang Wu 1, Jiuyun
More informationThe Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36
The Challenges of X86 Hardware Virtualization GCC- Virtualization: Rajeev Wankar 36 The Challenges of X86 Hardware Virtualization X86 operating systems are designed to run directly on the bare-metal hardware,
More informationSR-IOV support in Xen. Yaozu (Eddie) Dong Yunhong Jiang Kun (Kevin) Tian
SR-IOV support in Xen Yaozu (Eddie) Dong (Eddie.Dong@intel.com) Yunhong Jiang Kun (Kevin) Tian Agenda SR-IOV specification overview Xen/SR-IOV architecture Discussions 2 SR-IOV specification overview Start
More informationDevice Passthrough to Driver Domain in Xen
Device Passthrough to Driver Domain in Xen Passthrough. List of terms. Passthrough: the process of passing access to DomD via Dom0 Dom0: Domain 0, a privileged domain DomD: Driver Domain, a domain with
More informationDynamic Symbolic Execution using Eclipse CDT
Dynamic Symbolic Execution using Eclipse CDT Andreas Ibing Chair for IT Security TU München Boltzmannstrasse 3, 85748 Garching, Germany Email: andreas.ibing@tum.de Abstract Finding software bugs before
More informationUNIX rewritten using C (Dennis Ritchie) UNIX (v7) released (ancestor of most UNIXs).
UNIX: HISTORY: 1. 1969 UNIX developed (Ken Thompson). 2. 1972 UNIX rewritten using C (Dennis Ritchie). 3. 1976 UNIX (v6) released for commercial use. 4. 1978 UNIX (v7) released (ancestor of most UNIXs).
More informationCS 550 Operating Systems Spring System Call
CS 550 Operating Systems Spring 2018 System Call 1 Recap: The need for protection When running user processes, the OS needs to protect itself and other system components For reliability: buggy programs
More informationXen and the Art of Virtualization
Xen and the Art of Virtualization Paul Barham,, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer,, Ian Pratt, Andrew Warfield University of Cambridge Computer Laboratory Presented
More informationCSE 120 Principles of Operating Systems
CSE 120 Principles of Operating Systems Spring 2018 Lecture 16: Virtual Machine Monitors Geoffrey M. Voelker Virtual Machine Monitors 2 Virtual Machine Monitors Virtual Machine Monitors (VMMs) are a hot
More informationCOMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy
COMPUTER ARCHITECTURE Virtualization and Memory Hierarchy 2 Contents Virtual memory. Policies and strategies. Page tables. Virtual machines. Requirements of virtual machines and ISA support. Virtual machines:
More informationI/O and virtualization
I/O and virtualization CSE-C3200 Operating systems Autumn 2015 (I), Lecture 8 Vesa Hirvisalo Today I/O management Control of I/O Data transfers, DMA (Direct Memory Access) Buffering Single buffering Double
More informationG Xen and Nooks. Robert Grimm New York University
G22.3250-001 Xen and Nooks Robert Grimm New York University Agenda! Altogether now: The three questions! The (gory) details of Xen! We already covered Disco, so let s focus on the details! Nooks! The grand
More informationCIT 480: Securing Computer Systems. Operating System Concepts
CIT 480: Securing Computer Systems Operating System Concepts Topics 1. What is an OS? 2. Processes 3. Memory management 4. Filesystems 5. Virtual machines A Computer Model An operating system has to deal
More informationCIS Operating Systems CPU Mode. Professor Qiang Zeng Spring 2018
CIS 3207 - Operating Systems CPU Mode Professor Qiang Zeng Spring 2018 CPU Modes Two common modes Kernel mode The CPU has to be in this mode to execute the kernel code User mode The CPU has to be in this
More informationKeeping customer data safe in EC2 a deep dive. Martin Pohlack Amazon Web Services
Keeping customer data safe in EC2 a deep dive Martin Pohlack Amazon Web Services 1 Bio... Principal Engineer with Amazon Web Services I like to play with Low-level stuff Synchronization, hardware transactional
More informationHypervisor-based Fault-tolerance. Where should RC be implemented? The Hypervisor as a State Machine. The Architecture. In hardware
Where should RC be implemented? In hardware sensitive to architecture changes At the OS level state transitions hard to track and coordinate At the application level requires sophisticated application
More informationKVM Weather Report. Amit Shah SCALE 14x
KVM Weather Report amit.shah@redhat.com SCALE 14x Copyright 2016, Licensed under the Creative Commons Attribution-ShareAlike License, CC-BY-SA. Virtualization Stack Virtualization Stack 3 QEMU Creates
More informationThree Important Testing Questions
Testing Part 2 1 Three Important Testing Questions How shall we generate/select test cases? Did this test execution succeed or fail? How do we know when we ve tested enough? 65 1. How do we know when we
More informationCS 470 Spring Virtualization and Cloud Computing. Mike Lam, Professor. Content taken from the following:
CS 470 Spring 2018 Mike Lam, Professor Virtualization and Cloud Computing Content taken from the following: A. Silberschatz, P. B. Galvin, and G. Gagne. Operating System Concepts, 9 th Edition (Chapter
More informationPractical Xen Testing at Intel
Practical Xen Testing at Intel Nov. 2009 Haicheng Li Jiajun Xu Xen Summit Asia 2009 Legal Information INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION
More informationCSCE 410/611: Virtualization
CSCE 410/611: Virtualization Definitions, Terminology Why Virtual Machines? Mechanics of Virtualization Virtualization of Resources (Memory) Some slides made available Courtesy of Gernot Heiser, UNSW.
More informationSCSI support improvement
SCSI support improvement Jun Kamada Akio Takebe Hitoshi Matsumoto Fujitsu Limited Background SCSI support for guest domain
More informationTypes of Virtualization. Types of virtualization
Types of Virtualization Emulation VM emulates/simulates complete hardware Unmodified guest OS for a different PC can be run Bochs, VirtualPC for Mac, QEMU Full/native Virtualization VM simulates enough
More informationCS 550 Operating Systems Spring Interrupt
CS 550 Operating Systems Spring 2019 Interrupt 1 Revisit -- Process MAX Stack Function Call Arguments, Return Address, Return Values Kernel data segment Kernel text segment Stack fork() exec() Heap Data
More informationSymbolic Execution, Dynamic Analysis
Symbolic Execution, Dynamic Analysis http://d3s.mff.cuni.cz Pavel Parízek CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics Symbolic execution Pavel Parízek Symbolic Execution, Dynamic Analysis
More informationVIRTUALIZATION: IBM VM/370 AND XEN
1 VIRTUALIZATION: IBM VM/370 AND XEN CS6410 Hakim Weatherspoon IBM VM/370 Robert Jay Creasy (1939-2005) Project leader of the first full virtualization hypervisor: IBM CP-40, a core component in the VM
More informationCSC369 Lecture 2. Larry Zhang
CSC369 Lecture 2 Larry Zhang 1 Announcements Lecture slides Midterm timing issue Assignment 1 will be out soon! Start early, and ask questions. We will have bonus for groups that finish early. 2 Assignment
More informationXentry: Hypervisor-Level Soft Error Detection
2014 43rd International Conference on Parallel Processing Xentry: Hypervisor-Level Soft Error Detection Xin Xu Ron C. Chiang H. Howie Huang George Washington University Abstract Cloud data centers leverage
More information