A Design for Comprehensive Kernel Instrumentation
|
|
|
- Thomasina Preston
- 5 years ago
- Views:
Transcription
1 Design for Comprehensive Kernel Instrumentation Peter Feiner ngela Demke Brown shvin Goel University of Toronto 011 / 16
2 Motivation Transparent fault isolation for device drivers Want to isolate existing driver binaries Inspired by Byte Granularity Isolation Requires source code Use Dynamic Binary Instrumentation (DBI) Does not require source code Inspect & modify instructions before they execute Kernel x86 Driver Code 012 / 16
3 Motivation Transparent fault isolation for device drivers Want to isolate existing driver binaries Inspired by Byte Granularity Isolation Requires source code Use Dynamic Binary Instrumentation (DBI) Does not require source code Inspect & modify instructions before they execute Kernel Instrumented x86 Driver Driver Code 012 / 16
4 Motivation Transparent fault isolation for device drivers Want to isolate existing driver binaries Inspired by Byte Granularity Isolation Requires source code Use Dynamic Binary Instrumentation (DBI) Does not require source code Inspect & modify instructions before they execute Kernel Instrumented x86 Driver Driver Code DBI x86 Driver Code 012 / 16
5 Motivation DBI applied for debugging and security at the user level Memcheck - checks memory errors Program Shepherding - control flow integrity Various user-level DBI frameworks are available PIs for inspecting and modifying instructions e.g., Valgrind, DynamoRIO, Pin These frameworks don t work in the kernel What would it take? 013 / 16
6 The Key Difference User frameworks sit between applications and the OS Interpose on system calls Take advantage of OS services, e.g. I/O DBI pps Kernel frameworks need to sit between the OS & CPU Isn t that what hypervisors do? OS CPU 014 / 16
7 Our pproach We need to combine a DBI framework with a hypervisor Choice 1: Port DBI to an existing hypervisor Pros: both exist Cons: both very complex Choice 2: Create a minimal hypervisor, similar to SecVisor s approach Pros: easier to do Pros: possibly higher performance We designed a minimal hypervisor around a DBI framework Let s see how DBI works & what it needs pps OS Kernel DBI CPU 015 / 16
8 DBI Technique Copy basic blocks of x86 code into code cache before execution Code executed from cache Start Dispatch x86 Code Instrumentation added to copy Manipulate copies to return control to the dispatcher Cached? No Copy Block Yes Execute from Code Cache 016 / 16
9 DBI Requirements Never execute machine s original code Necessary for security applications Hide framework from instrumented code Instrumented code should observe un-instrumented machine state Dispatcher should use instrumented code with care Implementation cannot use non-reentrant instrumented code Detect changes to the original code Invalidate stale code in the cache Preserve multicore concurrency Essential for performance and accuracy 017 / 16
10 Meeting DBI Requirements Never Execute Original Code Transparency Reentrance Detect Code Changes Concurrency User New Threads, Signals Signals Use OS Code System Calls mmap, mprotect, etc. Locking, Thread Private Kernel Kernel Entry Points Interrupts, Exceptions Implement Everything From Scratch Shadow Page Tables CPU Private We ll look at the first three in more detail 018 / 16
11 Never Execute Original Code User Mode Supervisor Mode User Code OS Binaries (kernel, drivers) Interrupts Exceptions 019 / 16
12 Never Execute Original Code User Mode Supervisor Mode User Code OS Binaries (kernel, drivers) Code Cache Dispatcher Load kernel module that redirects entry points to the dispatcher Interrupts Exceptions 019 / 16
13 Redirecting Entry Points Table Register Entry 1 Entry 2 Descriptor Table OS Binaries / 16
14 Redirecting Entry Points Code Cache Table Register Entry 1 Entry 2 Descriptor Table Entry 1 Entry 2 Shadow Table OS Binaries Dispatcher / 16
15 Redirecting Entry Points Code Cache Table Register Entry 1 Entry 2 Descriptor Table OS Binaries Entry 1 Dispatcher Entry 2 Shadow Table Can t write to table register, otherwise loose control / 16
16 Redirecting Entry Points Shadow Register Code Cache Table Register Entry 1 Entry 2 Descriptor Table OS Binaries Entry 1 Entry 2 Shadow Table Can t write to table register, otherwise loose control / 16 Dispatcher Can t drop the write, otherwise you loose transparency
17 Transparency Need to hide DBI framework from instrumented code Sometimes essential for correctness Many transparency issues, including Code cache return addresses Shadowed registers Exception stack frame Interrupt stack frame / 16
18 Exception Transparency Dispatching kernel s exception handlers is tricky because they inspect machine state Registers stolen by instrumentation ddress of instruction that triggers the exception Handlers need to see original instruction addresses Linux panics on page faults from non white-listed instructions Problem is that code cache isn t on the white list Solution is to translate from code cache to original address Solution for interrupt handlers is similar / 16
19 H = Interrupt Handler I = Instrumentation = Interrupt Interrupt Transparency / 16
20 Interrupt Transparency H = Interrupt Handler I = Instrumentation = Interrupt Original Code / 16
21 Interrupt Transparency H = Interrupt Handler I = Instrumentation = Interrupt Original Code / 16
22 Interrupt Transparency H = Interrupt Handler I = Instrumentation = Interrupt Original Code IH / 16
23 Interrupt Transparency H = Interrupt Handler I = Instrumentation = Interrupt Original Code IH / 16
24 Interrupt Transparency H = Interrupt Handler I = Instrumentation = Interrupt Original Code IH B / 16
25 Interrupt Transparency H = Interrupt Handler I = Instrumentation = Interrupt Original Code IH B Dispatcher Copy / 16
26 Interrupt Transparency H = Interrupt Handler I = Instrumentation = Interrupt Original Code IH B Dispatcher Code Cache Copy Original ddresses / 16
27 Interrupt Transparency H = Interrupt Handler I = Instrumentation = Interrupt Original Code IH B Dispatcher Code Cache Copy Original ddresses I / 16
28 Interrupt Transparency H = Interrupt Handler I = Instrumentation = Interrupt Original Code IH B Dispatcher Code Cache Copy Original ddresses I / 16
29 Interrupt Transparency H = Interrupt Handler I = Instrumentation = Interrupt Original Code IH B Dispatcher Code Cache Copy Original ddresses I Delay interrupts until next code-cache exit / 16
30 Interrupt Transparency H = Interrupt Handler I = Instrumentation = Interrupt Original Code IH B Dispatcher Code Cache Copy Original ddresses I Delay interrupts until next code-cache exit / 16
31 Interrupt Transparency H = Interrupt Handler I = Instrumentation = Interrupt Original Code IH B Dispatcher Code Cache Copy I Original ddresses Delay interrupts until next code-cache exit / 16
32 Interrupt Transparency H = Interrupt Handler I = Instrumentation = Interrupt Original Code IH B Dispatcher Code Cache Copy I Original ddresses Delay interrupts until next code-cache exit / 16
33 Interrupt Transparency H = Interrupt Handler I = Instrumentation = Interrupt Original Code IH B Dispatcher Code Cache Copy I Copy IH Original ddresses Delay interrupts until next code-cache exit / 16
34 Interrupt Transparency H = Interrupt Handler I = Instrumentation = Interrupt Original Code IH B Dispatcher Code Cache Copy I Copy IH IH Original ddresses IH Delay interrupts until next code-cache exit / 16
35 Interrupt Transparency H = Interrupt Handler I = Instrumentation = Interrupt Original Code IH B Dispatcher Code Cache Copy I Copy IH IH Copy B Original ddresses IH Delay interrupts until next code-cache exit / 16
36 Interrupt Transparency H = Interrupt Handler I = Instrumentation = Interrupt Original Code IH B Dispatcher Code Cache Copy I Copy IH IH Copy B B Original ddresses IH B Delay interrupts until next code-cache exit / 16
37 Reentrance Code is not reentrant if it is unsafe to execute before other executions of the same code finish Dispatcher cannot use any non-reentrant OS code, e.g. print, because the non-reentrant code might be currently executing Say, print consists of basic blocks P1, P2 P1 has executed from code cache Dispatcher copies P2 Dispatcher uses print for debugging and invokes P1 print fails because it is non-reentrant P1 Copy P2 P1 Code Cache Dispatcher / 16
38 Reentrance Solution Typical solution is to reimplement non-reentrant code using lower-level uninstrumented code e.g., user-level DBI has custom print that makes system calls OS-level framework has no lower-level code Dispatcher must be entirely self sufficient Implement our own heap Some code too difficult to implement from scratch Detach and reattach framework to use existing OS code Have custom user program make system calls on our behalf Framework cannot depend on user program s correctness / 16
39 Our Proposal We chose to port DynamoRIO to a minimal hypervisor because it is Open source Performance oriented Mature pplications Transparent fault isolation Dynamic optimization We will open source our port! What would you do with in-kernel DBI? / 16
40 Backup Slides / 16
41 VMWare Existing Hypervisors Uses a code cache to translate sensitive instructions Does not have an instrumentation PI PinOS Pin DBI + Xen Hypervisor Does whole-system instrumentation (user + kernel) Dispatching is much slower for whole-system (50x slowdown) Delegates I/O to a separate uninstrumented VM Neither is open source / 16
42 Minimal Hypervisor Simpler than a full-fledged hypervisor No multiplexing Shadow page tables have same address mappings, just more restrictive permissions Don t need to be completely transparent We can piggy-back on existing OS code, like segment selectors for CPU-private data / 16
43 Design ssumptions Once booted, OS runs exclusively in 64-bit long mode Emulating obsolete x86 modes would be a pain Confirmed validity on Linux by inspection We believe it is valid on Windows Can store dispatcher and code cache in pages that are in all page tables at the same virtual addresses Otherwise, we need to steal RM from the OS at bootup Provided by Linux We believe this is provided by Windows Design should work with OS that meets assumptions We are currently targeting Linux / 16
44 Hardware Virtualization Extensions Do not make implementation simpler Removes the need to inspect sensitive instructions However, we already can inspect sensitive instructions Could make implementation more complex Need to emulate instructions that cause exits Easier for us to emit fix-up code in the code cache Could improve performance Extended page tables might perform better than shadow We want to experiment with this / 16
Comprehensive Kernel Instrumentation via Dynamic Binary Translation
Comprehensive Kernel Instrumentation via Dynamic Binary Translation Peter Feiner Angela Demke Brown Ashvin Goel University of Toronto 011 Complexity of Operating Systems 012 Complexity of Operating Systems
A Design for Comprehensive Kernel Instrumentation
A Design for Comprehensive Kernel Instrumentation Peter Feiner Angela Demke Brown Ashvin Goel peter@cs.toronto.edu demke@cs.toronto.edu ashvin@eecg.toronto.edu University of Toronto Abstract Dynamic binary
MASSACHUSETTS INSTITUTE OF TECHNOLOGY Computer Systems Engineering: Spring Quiz I Solutions
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.033 Computer Systems Engineering: Spring 2011 Quiz I Solutions There are 10 questions and 12 pages in this
Background. IBM sold expensive mainframes to large organizations. Monitor sits between one or more OSes and HW
Virtual Machines Background IBM sold expensive mainframes to large organizations Some wanted to run different OSes at the same time (because applications were developed on old OSes) Solution: IBM developed
24-vm.txt Mon Nov 21 22:13: Notes on Virtual Machines , Fall 2011 Carnegie Mellon University Randal E. Bryant.
24-vm.txt Mon Nov 21 22:13:36 2011 1 Notes on Virtual Machines 15-440, Fall 2011 Carnegie Mellon University Randal E. Bryant References: Tannenbaum, 3.2 Barham, et al., "Xen and the art of virtualization,"
CS 326: Operating Systems. Process Execution. Lecture 5
CS 326: Operating Systems Process Execution Lecture 5 Today s Schedule Process Creation Threads Limited Direct Execution Basic Scheduling 2/5/18 CS 326: Operating Systems 2 Today s Schedule Process Creation
The Performance of µ-kernel-based Systems
Liedtke et al. presented by: Ryan O Connor October 7 th, 2009 Motivation By this time (1997) the OS research community had virtually abandoned research on pure µ-kernels. due primarily
OS Virtualization. Why Virtualize? Introduction. Virtualization Basics 12/10/2012. Motivation. Types of Virtualization.
Virtualization Basics Motivation OS Virtualization CSC 456 Final Presentation Brandon D. Shroyer Types of Virtualization Process virtualization (Java) System virtualization (classic, hosted) Emulation
PROCESS VIRTUAL MEMORY PART 2. CS124 Operating Systems Winter , Lecture 19
PROCESS VIRTUAL MEMORY PART 2 CS24 Operating Systems Winter 25-26, Lecture 9 2 Virtual Memory Abstraction Last time, officially introduced concept of virtual memory Programs use virtual addresses to refer
CSE 120 Principles of Operating Systems
CSE 120 Principles of Operating Systems Spring 2018 Lecture 16: Virtual Machine Monitors Geoffrey M. Voelker Virtual Machine Monitors 2 Virtual Machine Monitors Virtual Machine Monitors (VMMs) are a hot
Xen and the Art of Virtualization. CSE-291 (Cloud Computing) Fall 2016
Xen and the Art of Virtualization CSE-291 (Cloud Computing) Fall 2016 Why Virtualization? Share resources among many uses Allow heterogeneity in environments Allow differences in host and guest Provide
Advanced Operating Systems (CS 202) Virtualization
Advanced Operating Systems (CS 202) Virtualization Virtualization One of the natural consequences of the extensibility research we discussed What is virtualization and what are the benefits? 2 Virtualization
Virtual Machine Monitors (VMMs) are a hot topic in
CSE 120 Principles of Operating Systems Winter 2007 Lecture 16: Virtual Machine Monitors Keith Marzullo and Geoffrey M. Voelker Virtual Machine Monitors Virtual Machine Monitors (VMMs) are a hot topic
Lecture 5: February 3
CMPSCI 677 Operating Systems Spring 2014 Lecture 5: February 3 Lecturer: Prashant Shenoy Scribe: Aditya Sundarrajan 5.1 Virtualization Virtualization is a technique that extends or replaces an existing
Virtual Machines. Part 2: starting 19 years ago. Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.
Virtual Machines Part 2: starting 19 years ago Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved. Operating Systems In Depth IX 2 Copyright 2018 Thomas W. Doeppner.
Linux and Xen. Andrea Sarro. andrea.sarro(at)quadrics.it. Linux Kernel Hacking Free Course IV Edition
Linux and Xen Andrea Sarro andrea.sarro(at)quadrics.it Linux Kernel Hacking Free Course IV Edition Andrea Sarro (andrea.sarro(at)quadrics.it) Linux and Xen 07/05/2008 1 / 37 Introduction Xen and Virtualization
Darek Mihocka, Emulators.com Stanislav Shwartsman, Intel Corp. June
Darek Mihocka, Emulators.com Stanislav Shwartsman, Intel Corp. June 21 2008 Agenda Introduction Gemulator Bochs Proposed ISA Extensions Conclusions and Future Work Q & A Jun-21-2008 AMAS-BT 2008 2 Introduction
VIRTUALIZATION: IBM VM/370 AND XEN
1 VIRTUALIZATION: IBM VM/370 AND XEN CS6410 Hakim Weatherspoon IBM VM/370 Robert Jay Creasy (1939-2005) Project leader of the first full virtualization hypervisor: IBM CP-40, a core component in the VM
Distributed Systems Operation System Support
Hajussüsteemid MTAT.08.009 Distributed Systems Operation System Support slides are adopted from: lecture: Operating System(OS) support (years 2016, 2017) book: Distributed Systems: Concepts and Design,
COS 318: Operating Systems
COS 318: Operating Systems OS Structures and System Calls Jaswinder Pal Singh Computer Science Department Princeton University (http://www.cs.princeton.edu/courses/cos318/) Outline Protection mechanisms
CS 350 Winter 2011 Current Topics: Virtual Machines + Solid State Drives
CS 350 Winter 2011 Current Topics: Virtual Machines + Solid State Drives Virtual Machines Resource Virtualization Separating the abstract view of computing resources from the implementation of these resources
COS 318: Operating Systems
COS 318: Operating Systems OS Structures and System Calls Prof. Margaret Martonosi Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall11/cos318/ Outline Protection
The Kernel Abstraction
The Kernel Abstraction Debugging as Engineering Much of your time in this course will be spent debugging In industry, 50% of software dev is debugging Even more for kernel development How do you reduce
Debugging With Behavioral Watchpoints
Debugging With Behavioral Watchpoints Akshay Kumar October 6, 23 Abstract Finding, understanding, and fixing bugs in software systems is challenging. Dynamic binary translation (DBT) systems provide a
W4118: virtual machines
W4118: virtual machines Instructor: Junfeng Yang References: Modern Operating Systems (3 rd edition), Operating Systems Concepts (8 th edition), previous W4118, and OS at MIT, Stanford, and UWisc Virtual
Spring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand
Introduction to Virtual Machines Nima Honarmand Virtual Machines & Hypervisors Virtual Machine: an abstraction of a complete compute environment through the combined virtualization of the processor, memory,
CS533 Concepts of Operating Systems. Jonathan Walpole
CS533 Concepts of Operating Systems Jonathan Walpole Improving IPC by Kernel Design & The Performance of Micro- Kernel Based Systems The IPC Dilemma IPC is very import in µ-kernel design - Increases modularity,
KVM CPU MODEL IN SYSCALL EMULATION MODE ALEXANDRU DUTU, JOHN SLICE JUNE 14, 2015
KVM CPU MODEL IN SYSCALL EMULATION MODE ALEXANDRU DUTU, JOHN SLICE JUNE 14, 2015 AGENDA Background & Motivation Challenges Native Page Tables Emulating the OS Kernel 2 KVM CPU MODEL IN SYSCALL EMULATION
Concurrent Programming
Concurrent Programming is Hard! Concurrent Programming Kai Shen The human mind tends to be sequential Thinking about all possible sequences of events in a computer system is at least error prone and frequently
The benefits and costs of writing a POSIX kernel in a high-level language
1 / 38 The benefits and costs of writing a POSIX kernel in a high-level language Cody Cutler, M. Frans Kaashoek, Robert T. Morris MIT CSAIL Should we use high-level languages to build OS kernels? 2 / 38
Hardware, Modularity, and Virtualization CS 111
Hardware, Modularity, and Virtualization Operating System Principles Peter Reiher Page 1 Outline The relationship between hardware and operating systems Processors I/O devices Memory Organizing systems
CIS Operating Systems Memory Management Address Translation for Paging. Professor Qiang Zeng Spring 2018
CIS 3207 - Operating Systems Memory Management Address Translation for Paging Professor Qiang Zeng Spring 2018 Previous class What is logical address? Who use it? Describes a location in the logical memory
Overview. This Lecture. Interrupts and exceptions Source: ULK ch 4, ELDD ch1, ch2 & ch4. COSC440 Lecture 3: Interrupts 1
This Lecture Overview Interrupts and exceptions Source: ULK ch 4, ELDD ch1, ch2 & ch4 COSC440 Lecture 3: Interrupts 1 Three reasons for interrupts System calls Program/hardware faults External device interrupts
Problem System administration tasks on a VM from the outside, e.g., issue administrative commands such as hostname and rmmod. One step ahead tradition
EXTERIOR: Using a Dual-VM Based External Shell for Guest-OS Introspection, Configuration, and Recovery ACM VEE 13 Problem System administration tasks on a VM from the outside, e.g., issue administrative
[537] Virtual Machines. Tyler Harter
![[537] Virtual Machines. Tyler Harter](/thumbs/78/76966859.jpg "[537] Virtual Machines. Tyler Harter")
[537] Virtual Machines Tyler Harter Outline Machine Virtualization Overview CPU Virtualization (Trap-and-Emulate) CPU Virtualization (Modern x86) Memory Virtualization Performance Challenges Outline Machine
CS 550 Operating Systems Spring Introduction to Virtual Machines
CS 550 Operating Systems Spring 2018 Introduction to Virtual Machines 1 How to share a physical computer Operating systems allows multiple processes/applications to run simultaneously Via process/memory
CHAPTER 16 - VIRTUAL MACHINES
CHAPTER 16 - VIRTUAL MACHINES 1 OBJECTIVES Explore history and benefits of virtual machines. Discuss the various virtual machine technologies. Describe the methods used to implement virtualization. Show
0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ slide 1 X. Chen, T, Garfinkel, E. Lewis, P. Subrahmanyam, C. Waldspurger, D. Boneh, J. Dwoskin,
Introduction to Kernel Programming. Luca Abeni
Introduction to Kernel Programming Luca Abeni luca.abeni@santannapisa.it About the Course Goal: understand how to code an OS kernel This course will introduce the students to the pains and joys of kernel
Concurrent Programming
Concurrent Programming is Hard! Concurrent Programming Kai Shen The human mind tends to be sequential Thinking about all possible sequences of events in a computer system is at least error prone and frequently
Lecture 6. User-Mode Linux. Jeff Dike. 9 November, Advanced Operating Systems. SOA/OS Lecture 6, UML 1/33
Lecture 6 User-Mode Linux Jeff Dike Advanced Operating Systems 9 November, 2011 SOA/OS Lecture 6, UML 1/33 Contents User-Mode Linux Keywords Resources Questions SOA/OS Lecture 6, UML 2/33 Outline User-Mode
Memory Protection. Machines and Virtualization. Architectural Foundations of OS Kernels. Memory and the CPU. Introduction to Virtual Addressing
Memory Protection Machines and Virtualization Systems and Networks Jeff Chase Spring 26 Paging Virtual provides protection by: Each process (user or OS) has different. The OS maintain the page tables for
Process Time. Steven M. Bellovin January 25,
Multiprogramming Computers don t really run multiple programs simultaneously; it just appears that way Each process runs to completion, but intermixed with other processes Process 1 6 ticks Process 2 Process
Dawn Song
1 Virtual Machines & Security Dawn Song dawnsong@cs.berkeley.edu Virtual Machines VM: Execution environment that gives the illusion of a real machine VMM/Hypervisor: host software which provides this capability
EECS 482 Introduction to Operating Systems
EECS 482 Introduction to Operating Systems Winter 2018 Baris Kasikci Slides by: Harsha V. Madhyastha Use of CVs in Project 1 Incorrect use of condition variables: while (cond) { } cv.signal() cv.wait()
COMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy
COMPUTER ARCHITECTURE Virtualization and Memory Hierarchy 2 Contents Virtual memory. Policies and strategies. Page tables. Virtual machines. Requirements of virtual machines and ISA support. Virtual machines:
Part I. X86 architecture overview. Secure Operating System Design and Implementation x86 architecture. x86 processor modes. X86 architecture overview
X86 architecture overview Overview Secure Operating System Design and Implementation x86 architecture Jon A. Solworth Part I X86 architecture overview Dept. of Computer Science University of Illinois at
Last Time. Think carefully about whether you use a heap Look carefully for stack overflow Especially when you have multiple threads
Last Time Cost of nearly full resources RAM is limited Think carefully about whether you use a heap Look carefully for stack overflow Especially when you have multiple threads Embedded C Extensions for
Operating- System Structures
Operating- System Structures 2 CHAPTER Practice Exercises 2.1 What is the purpose of system calls? Answer: System calls allow user-level processes to request services of the operating system. 2.2 What
Lecture 4: Memory Management & The Programming Interface
CS 422/522 Design & Implementation of Operating Systems Lecture 4: Memory Management & The Programming Interface Zhong Shao Dept. of Computer Science Yale University Acknowledgement: some slides are taken
G Xen and Nooks. Robert Grimm New York University
G22.3250-001 Xen and Nooks Robert Grimm New York University Agenda! Altogether now: The three questions! The (gory) details of Xen! We already covered Disco, so let s focus on the details! Nooks! The grand
Deterministic Process Groups in
Deterministic Process Groups in Tom Bergan Nicholas Hunt, Luis Ceze, Steven D. Gribble University of Washington A Nondeterministic Program global x=0 Thread 1 Thread 2 t := x x := t + 1 t := x x := t +
I/O virtualization. Jiang, Yunhong Yang, Xiaowei Software and Service Group 2009 虚拟化技术全国高校师资研讨班
I/O virtualization Jiang, Yunhong Yang, Xiaowei 1 Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE,
Nested Virtualization and Server Consolidation
Nested Virtualization and Server Consolidation Vara Varavithya Department of Electrical Engineering, KMUTNB varavithya@gmail.com 1 Outline Virtualization & Background Nested Virtualization Hybrid-Nested
CSC 4320 Test 1 Spring 2017
CSC 4320 Test 1 Spring 2017 Name 1. What are the three main purposes of an operating system? 2. Which of the following instructions should be privileged? a. Set value of timer. b. Read the clock. c. Clear
Implementation of Processes
Implementation of Processes A processes information is stored in a process control block (PCB) The PCBs form a process table Sometimes the kernel stack for each process is in the PCB Sometimes some process
CS370 Operating Systems
CS370 Operating Systems Colorado State University Yashwant K Malaiya Fall 2016 Lecture 2 Slides based on Text by Silberschatz, Galvin, Gagne Various sources 1 1 2 System I/O System I/O (Chap 13) Central
Virtualization and memory hierarchy
Virtualization and memory hierarchy Computer Architecture J. Daniel García Sánchez (coordinator) David Expósito Singh Francisco Javier García Blas ARCOS Group Computer Science and Engineering Department
Processes and Non-Preemptive Scheduling. Otto J. Anshus
Processes and Non-Preemptive Scheduling Otto J. Anshus Threads Processes Processes Kernel An aside on concurrency Timing and sequence of events are key concurrency issues We will study classical OS concurrency
Background. IBM sold expensive mainframes to large organiza<ons. Monitor sits between one or more OSes and HW
Virtual Machines Background IBM sold expensive mainframes to large organiza
Scalable Architectural Support for Trusted Software
Scalable Architectural Support for Trusted Software David Champagne and Ruby B. Lee Princeton University Secure Processor Design 11/02/2017 Dimitrios Skarlatos Motivation Apps handle sensitive/secret information
Transparent dynamic instrumentation
Transparent dynamic instrumentation The MIT Faculty has made this article openly available. Please share how this access benefits you. Your story matters. Citation As Published Publisher Bruening, Derek,
Memory Management. Disclaimer: some slides are adopted from book authors slides with permission 1
Memory Management Disclaimer: some slides are adopted from book authors slides with permission 1 CPU management Roadmap Process, thread, synchronization, scheduling Memory management Virtual memory Disk
Lecture 4: Extensibility (and finishing virtual machines) CSC 469H1F Fall 2006 Angela Demke Brown
Lecture 4: Extensibility (and finishing virtual machines) CSC 469H1F Fall 2006 Angela Demke Brown Announcements First assignment out tomorrow Today s tutorial looks at some of the tools you will need to
Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?
Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor? Mr. Jacob Torrey May 13, 2014 Dartmouth College 153 Brooks Road, Rome, NY 315.336.3306 http://ainfosec.com @JacobTorrey torreyj@ainfosec.com
TDDI04, K. Arvidsson, IDA, Linköpings universitet Operating System Structures. Operating System Structures Overview. Operating System Services
TDDI04 Concurrent Programming, Operating Systems, and Real-time Operating Systems Operating System Structures [SGG7] Chapter 2 Copyright Notice: The lecture notes are mainly based on Silberschatz s, Galvin
Cloud Computing Virtualization
Cloud Computing Virtualization Anil Madhavapeddy anil@recoil.org Contents Virtualization. Layering and virtualization. Virtual machine monitor. Virtual machine. x86 support for virtualization. Full and
Operating Systems (2INC0) 2018/19. Introduction (01) Dr. Tanir Ozcelebi. Courtesy of Prof. Dr. Johan Lukkien. System Architecture and Networking Group
Operating Systems (2INC0) 20/19 Introduction (01) Dr. Courtesy of Prof. Dr. Johan Lukkien System Architecture and Networking Group Course Overview Introduction to operating systems Processes, threads and
Survey of Dynamic Instrumentation of Operating Systems
Survey of Dynamic Instrumentation of Operating Systems Harald Röck Department of Computer Sciences University of Salzburg, Austria hroeck@cs.uni-salzburg.at July 13, 2007 1 Introduction Operating systems
@2010 Badri Computer Architecture Assembly II. Virtual Memory. Topics (Chapter 9) Motivations for VM Address translation
Virtual Memory Topics (Chapter 9) Motivations for VM Address translation 1 Motivations for Virtual Memory Use Physical DRAM as a Cache for the Disk Address space of a process can exceed physical memory
Embedded Systems Dr. Santanu Chaudhury Department of Electrical Engineering Indian Institute of Technology, Delhi
Embedded Systems Dr. Santanu Chaudhury Department of Electrical Engineering Indian Institute of Technology, Delhi Lecture - 13 Virtual memory and memory management unit In the last class, we had discussed
W4118 Operating Systems. Junfeng Yang
W4118 Operating Systems Junfeng Yang What is a process? Outline Process dispatching Common process operations Inter-process Communication What is a process Program in execution virtual CPU Process: an
OS Structure. Hardware protection & privilege levels Control transfer to and from the operating system
OS Structure Topics Hardware protection & privilege levels Control transfer to and from the operating system Learning Objectives: Explain what hardware protection boundaries are. Explain how applications
Virtual Machines. To do. q VM over time q Implementation methods q Hardware features supporting VM q Next time: Midterm?
Virtual Machines To do q VM over time q Implementation methods q Hardware features supporting VM q Next time: Midterm? *Partially based on notes from C. Waldspurger, VMware, 2010 and Arpaci-Dusseau s Three
Machines and Virtualization. Systems and Networks Jeff Chase Spring 2006
Machines and Virtualization Systems and Networks Jeff Chase Spring 2006 Memory Protection Paging Virtual memory provides protection by: Each process (user or OS) has different virtual memory space. The
CS370: Operating Systems [Spring 2017] Dept. Of Computer Science, Colorado State University
![CS370: Operating Systems [Spring 2017] Dept. Of Computer Science, Colorado State University](/thumbs/89/100547178.jpg "CS370: Operating Systems [Spring 2017] Dept. Of Computer Science, Colorado State University")
Frequently asked questions from the previous class survey CS 370: OPERATING SYSTEMS [VIRTUALIZATION] Shrideep Pallickara Computer Science Colorado State University Difference between physical and logical
Process Description and Control
Process Description and Control 1 Process:the concept Process = a program in execution Example processes: OS kernel OS shell Program executing after compilation www-browser Process management by OS : Allocate
ECE 550D Fundamentals of Computer Systems and Engineering. Fall 2017
ECE 550D Fundamentals of Computer Systems and Engineering Fall 2017 The Operating System (OS) Prof. John Board Duke University Slides are derived from work by Profs. Tyler Bletsch and Andrew Hilton (Duke)
Fall 2017 :: CSE 306. Introduction to. Virtual Memory. Nima Honarmand (Based on slides by Prof. Andrea Arpaci-Dusseau)
Introduction to Virtual Memory Nima Honarmand (Based on slides by Prof. Andrea Arpaci-Dusseau) Motivating Virtual Memory (Very) old days: Uniprogramming only one process existed at a time OS was little
Separating Access Control Policy, Enforcement, and Functionality in Extensible Systems. Robert Grimm University of Washington
Separating Access Control Policy, Enforcement, and Functionality in Extensible Systems Robert Grimm University of Washington Extensions Added to running system Interact through low-latency interfaces Form
CS370 Operating Systems
CS370 Operating Systems Colorado State University Yashwant K Malaiya Spring 2018 Lecture 2 Slides based on Text by Silberschatz, Galvin, Gagne Various sources 1 1 2 What is an Operating System? What is
Virtualization. Pradipta De
Virtualization Pradipta De pradipta.de@sunykorea.ac.kr Today s Topic Virtualization Basics System Virtualization Techniques CSE506: Ext Filesystem 2 Virtualization? A virtual machine (VM) is an emulation
Allocating Memory. Where does malloc get memory? See mmap.c 1-2
Allocating Memory Where does malloc get memory? See mmap.c 1-2 Picking Virtual Addresses See mmap2.c and mmap3.c 3 Freeing Pages See munmap.c 4 Pages and Processes See mmap+fork.c and mmap+fork2.c 5 Copy-on-Write
I/O Design, I/O Subsystem, I/O-Handler Device Driver, Buffering, Disks, RAID January WT 2008/09
21 I/O Management (1) I/O Design, I/O Subsystem, I/O-Handler Device Driver, Buffering, Disks, RAID January 26 2009 WT 2008/09 2009 Universität Karlsruhe, System Architecture Group 1 Recommended Reading
CHAPTER 16 - VIRTUAL MACHINES
CHAPTER 16 - VIRTUAL MACHINES 1 OBJECTIVES Explore history and bene ts of virtual machines. Discuss the various virtual machine technologies. Describe the methods used to implement virtualization. Show
Fast access ===> use map to find object. HW == SW ===> map is in HW or SW or combo. Extend range ===> longer, hierarchical names
Fast access ===> use map to find object HW == SW ===> map is in HW or SW or combo Extend range ===> longer, hierarchical names How is map embodied: --- L1? --- Memory? The Environment ---- Long Latency
Virtual Machine Virtual Machine Types System Virtual Machine: virtualize a machine Container: virtualize an OS Program Virtual Machine: virtualize a process Language Virtual Machine: virtualize a language
Operating System: Chap2 OS Structure. National Tsing-Hua University 2016, Fall Semester
Operating System: Chap2 OS Structure National Tsing-Hua University 2016, Fall Semester Outline OS Services OS-Application Interface OS Structure Chapter2 OS-Structure Operating System Concepts NTHU LSA
Chapter 13: I/O Systems. Operating System Concepts 9 th Edition
Chapter 13: I/O Systems Silberschatz, Galvin and Gagne 2013 Chapter 13: I/O Systems Overview I/O Hardware Application I/O Interface Kernel I/O Subsystem Transforming I/O Requests to Hardware Operations
Networks and Operating Systems Chapter 11: Introduction to Operating Systems
Systems Group Department of Computer Science ETH Zürich Networks and Operating Systems Chapter 11: Introduction to Operating Systems (252-0062-00) Donald Kossmann & Torsten Hoefler Frühjahrssemester 2012
Review: Hardware user/kernel boundary
Review: Hardware user/kernel boundary applic. applic. applic. user lib lib lib kernel syscall pg fault syscall FS VM sockets disk disk NIC context switch TCP retransmits,... device interrupts Processor
Introduction to System Programming
Introduction to System Programming Introduction to System Programming Why system programming? Basic operation of a computer system Summary Acknowledgement: slides based on the cs:app2e material 2 Why System
CS 261 Fall Mike Lam, Professor. Virtual Memory
CS 261 Fall 2016 Mike Lam, Professor Virtual Memory Topics Operating systems Address spaces Virtual memory Address translation Memory allocation Lingering questions What happens when you call malloc()?
COMPSCI: Principles of Operating Systems. Lecture 1: Introduction. Anton Burtsev January, 2017
COMPSCI: Principles of Operating Systems Lecture 1: Introduction Anton Burtsev January, 2017 Class details Undergraduate 22 students Instructor: Anton Burtsev Meeting time: 9:00-9:50am (M, W, F) Discussions:
CSE 410: Systems Programming
CSE 410: Systems Programming Concurrency Ethan Blanton Department of Computer Science and Engineering University at Buffalo Logical Control Flows The text defines a logical control flow as: [A] series
Sistemi in Tempo Reale
Laurea Specialistica in Ingegneria dell'automazione Sistemi in Tempo Reale Giuseppe Lipari Introduzione alla concorrenza Fundamentals Algorithm: It is the logical procedure to solve a certain problem It
Operating Systems Structure and Processes Lars Ailo Bongo Spring 2017 (using slides by Otto J. Anshus University of Tromsø/Oslo)
Operating Systems Structure and Processes Lars Ailo Bongo Spring 2017 (using slides by Otto J. Anshus University of Tromsø/Oslo) The Architecture of an OS Monolithic Layered Virtual Machine, Library, Exokernel
Background. IBM sold expensive mainframes to large organiza<ons. Monitor sits between one or more OSes and HW
Virtual Machines Background IBM sold expensive mainframes to large organiza
Virtual machine architecture and KVM analysis D 陳彥霖 B 郭宗倫
Virtual machine architecture and KVM analysis D97942011 陳彥霖 B96902030 郭宗倫 Virtual machine monitor serves as an interface between hardware and software; no matter what kind of hardware under, software can
Grand Central Dispatch
A better way to do multicore. (GCD) is a revolutionary approach to multicore computing. Woven throughout the fabric of Mac OS X version 10.6 Snow Leopard, GCD combines an easy-to-use programming model