Virtualization⁰
The classical theory of efficient virtualization and a review of the state of the industry as a whole are described in my previous publication . This article focuses on virtualization support in a broad sense in the Intel IA-32 architecture.
The turtle on the back of a turtle on the back of a turtle on the back ... is a cosmological theory that the creators of virtual machines adhere to.
This article is null in a small series about Intel technologies that help to present a computer with something other than what it really is for programs (including operating systems, BIOS and firmware) that are running on it.
It will not talk about setting up specific VMM, transparent migration of virtual machines, creating invisible rootkits and many other interesting things that grow out of this fractal and therefore inexhaustible theme. My opinion will be from the position of a system programmer engaged in the development of operating systems and firmware or monitors of virtual machines and simulators, as well as all those who sympathize with them.
')
I will begin with a description of the three modes of operation of Intel IA-32 processors, which appeared in the 20th century, when real virtualization was mentioned only in the context of mainframes that had completely different manufacturers and architecture. It will be a kind of historical excursion. Two of these modes are still used frequently, and system programmers invariably have to deal with them.
Protected mode (and its variants) is probably the most familiar and ubiquitous mode with which most modern users of personal and mobile computers on IA-32 processors interact. Compared with the very first (single-tasking) security of this mode is manifested in two mechanisms:
Let me note the following fact: protected mode, unlike many others, creates the appearance of a machine that never existed in reality, in hardware: single-task, with a huge flat memory (yes, I am silent here about segmentation!), Without external devices and without interrupts.
Virtual 8086 is a mode that was supposed to help transfer users of MS-DOS applications to new, modern multi-tasking operating systems and to new processors that support them. This time, the real piece of hardware that was virtualized existed - it was Intel 8086. The protected mode introduced in the 80286 processor turned out to be different and therefore extremely inconvenient for launching applications that expected an honest 8086. New applications for the protected mode have not yet been written, but from the old Nobody wanted to refuse DOS programs. The next Intel product, 80386, introduced a special type of hardware task, more accurately creating their familiar environment, with 20-bit addresses and segments, the ability to directly write to devices, and so on. And again, a special software monitor monitors all applications running in VM86 mode, transparently placing memory pages on them, emulating devices, and sometimes simply not allowing to perform operations: if one DOS program decided to restart the computer, then it is better not to allow it .
The need to add VM86-mode was due to economic reasons: it was impossible to immediately rewrite (and even just convince everyone of the need) all DOS-applications so that they use the features of protected mode. Now, when the application software is immediately written for it, the need for VM86 has gone down. However, all modern processors still support the Virtual 8086 mode: some code, such as Option ROMs of peripheral devices, can well expect the presence of a good old 8086.
The least known to the common man is System Management Mode. It was also invented in the era of 80386, when people began to think about the need to manage the power consumption of portable systems, the APM standard was published, and then everyone realized that MS-DOS, which was popular at that time, could hardly be adapted to it. Therefore, we decided to hide the power management functionality from the OS in a special SMM mode, which the processor enters when receiving a special type of interrupt - #SMI (System Management Interrupt). In relation to system resources, SMM is very similar to the real mode 8086 (whoever finds the difference - please indicate in the comments to the article). It is distinguished by its complete impenetrability: it is impossible to get out of SMM either by the usual or seemingly unmasked interruption, but only by the code itself, using the RSM instruction. The OS cannot block the entrance to it: even if it is in the most critical phase of its work, the interrupt handler, - #SMI without reason will force the current context into a separate memory area (so that it can recover it from RSM) The state required to log into SMM. This is especially dangerous for real-time systems. See the contents of the code handler #SMI in memory, the so-called. SMRAM is also not easy at all: access attempts will return either an error, or ... a clean sheet.
And all would be fine if, after using for the needs of APM, the creators of the BIOS would never return to SMM. However, to perform actions without the need for cooperation with the OS is a very attractive opportunity. And here, SMM started to push everything: hardware error handling, tracking temperature sensors, information protection services, PS / 2 keyboard and mouse emulation from their USB options, a nasty whining through the speakers, if a cat jumped onto the keyboard, and Of course, undetectable rootkits.
This mode is alive and well, and the following virtualization methods in my story have to take into account its features.
Personally, I had the misfortune to suffer from a clumsy SMM-code: on my old netbook in the fifth minute of work after switching on the hard disk was transferred to some energy-saving mode, quite unexpectedly for Linux, which at the same time began to write plaintive messages in dmesg, and then faded.
In the next, first part of the article, I will talk about real virtualization for IA-32 - Intel VTx, its principles of operation and evolution. After the unit, as you know, there should be a deuce, and therefore in the second part there will be something to tell. In fact, the most interesting things will begin there.
Thanks for attention!
The turtle on the back of a turtle on the back of a turtle on the back ... is a cosmological theory that the creators of virtual machines adhere to.
This article is null in a small series about Intel technologies that help to present a computer with something other than what it really is for programs (including operating systems, BIOS and firmware) that are running on it.
It will not talk about setting up specific VMM, transparent migration of virtual machines, creating invisible rootkits and many other interesting things that grow out of this fractal and therefore inexhaustible theme. My opinion will be from the position of a system programmer engaged in the development of operating systems and firmware or monitors of virtual machines and simulators, as well as all those who sympathize with them.
')
I will begin with a description of the three modes of operation of Intel IA-32 processors, which appeared in the 20th century, when real virtualization was mentioned only in the context of mainframes that had completely different manufacturers and architecture. It will be a kind of historical excursion. Two of these modes are still used frequently, and system programmers invariably have to deal with them.
Protected mode
Protected mode (and its variants) is probably the most familiar and ubiquitous mode with which most modern users of personal and mobile computers on IA-32 processors interact. Compared with the very first (single-tasking) security of this mode is manifested in two mechanisms:
- Virtual memory Custom applications are shown a huge flat array with a length of 2³² or more bytes. One such array per program, and you don’t need to share it with anyone. Whereas in fact the operating system has a slightly different resource — physical memory — and deftly imperceptibly encloses only those areas to which applications are currently accessing.
- Flexible exception handling. Applications by default do not see any external interrupts or OS activity to ensure the operation of virtual memory. Moreover, they may even try to execute non-existent instructions on a given CPU, and the OS can work out the necessary semantics for them instead of the missing hardware (with such emulation, of course, there will be a considerable loss in speed). For an ordinary application, the OS manifests itself only through one or two instructions of system calls, which for the application look like original calls to third-party procedures.
Let me note the following fact: protected mode, unlike many others, creates the appearance of a machine that never existed in reality, in hardware: single-task, with a huge flat memory (yes, I am silent here about segmentation!), Without external devices and without interrupts.
VM86
Virtual 8086 is a mode that was supposed to help transfer users of MS-DOS applications to new, modern multi-tasking operating systems and to new processors that support them. This time, the real piece of hardware that was virtualized existed - it was Intel 8086. The protected mode introduced in the 80286 processor turned out to be different and therefore extremely inconvenient for launching applications that expected an honest 8086. New applications for the protected mode have not yet been written, but from the old Nobody wanted to refuse DOS programs. The next Intel product, 80386, introduced a special type of hardware task, more accurately creating their familiar environment, with 20-bit addresses and segments, the ability to directly write to devices, and so on. And again, a special software monitor monitors all applications running in VM86 mode, transparently placing memory pages on them, emulating devices, and sometimes simply not allowing to perform operations: if one DOS program decided to restart the computer, then it is better not to allow it .
The need to add VM86-mode was due to economic reasons: it was impossible to immediately rewrite (and even just convince everyone of the need) all DOS-applications so that they use the features of protected mode. Now, when the application software is immediately written for it, the need for VM86 has gone down. However, all modern processors still support the Virtual 8086 mode: some code, such as Option ROMs of peripheral devices, can well expect the presence of a good old 8086.
SMM
The least known to the common man is System Management Mode. It was also invented in the era of 80386, when people began to think about the need to manage the power consumption of portable systems, the APM standard was published, and then everyone realized that MS-DOS, which was popular at that time, could hardly be adapted to it. Therefore, we decided to hide the power management functionality from the OS in a special SMM mode, which the processor enters when receiving a special type of interrupt - #SMI (System Management Interrupt). In relation to system resources, SMM is very similar to the real mode 8086 (whoever finds the difference - please indicate in the comments to the article). It is distinguished by its complete impenetrability: it is impossible to get out of SMM either by the usual or seemingly unmasked interruption, but only by the code itself, using the RSM instruction. The OS cannot block the entrance to it: even if it is in the most critical phase of its work, the interrupt handler, - #SMI without reason will force the current context into a separate memory area (so that it can recover it from RSM) The state required to log into SMM. This is especially dangerous for real-time systems. See the contents of the code handler #SMI in memory, the so-called. SMRAM is also not easy at all: access attempts will return either an error, or ... a clean sheet.
And all would be fine if, after using for the needs of APM, the creators of the BIOS would never return to SMM. However, to perform actions without the need for cooperation with the OS is a very attractive opportunity. And here, SMM started to push everything: hardware error handling, tracking temperature sensors, information protection services, PS / 2 keyboard and mouse emulation from their USB options, a nasty whining through the speakers, if a cat jumped onto the keyboard, and Of course, undetectable rootkits.
This mode is alive and well, and the following virtualization methods in my story have to take into account its features.
Personally, I had the misfortune to suffer from a clumsy SMM-code: on my old netbook in the fifth minute of work after switching on the hard disk was transferred to some energy-saving mode, quite unexpectedly for Linux, which at the same time began to write plaintive messages in dmesg, and then faded.
To be continued
In the next, first part of the article, I will talk about real virtualization for IA-32 - Intel VTx, its principles of operation and evolution. After the unit, as you know, there should be a deuce, and therefore in the second part there will be something to tell. In fact, the most interesting things will begin there.
Thanks for attention!
Source: https://habr.com/ru/post/237295/
All Articles