ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2014, Vol. 51 ›› Issue (10): 2348-2359.doi: 10.7544/issn1000-1239.2014.20130612

• 软件技术 • 上一篇    

VMM中Guest OS非陷入系统调用指令截获与识别

熊海泉1,2,刘志勇1,徐卫志3,唐士斌1,2,范东睿1   

  1. 1(计算机体系结构国家重点实验室(中国科学院计算技术研究所) 北京 100190);2(中国科学院大学 北京 100049);3(清华大学微电子所 北京 100084) (xionghaiquan@ict.ac.cn)
  • 出版日期: 2014-10-01
  • 基金资助: 
    国家自然科学基金项目(60873203,61170254,61163050);河北省自然科学基金项目(F2012201145);河北省高等学校科学技术研究重点项目(ZH2012029)

Interception and Identification of Guest OS Non-trapping System Call Instruction within VMM

Xiong Haiquan1,2, Liu Zhiyong1, Xu Weizhi3, Tang Shibin1,2, Fan Dongrui1   

  1. 1(State Key Laboratory of Computer Architecture, Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100190); 2(University of Chinese Academy of Sciences, Beijing 100049); 3(Institute of Microelectronics, Tsinghua University, Beijing 100084)
  • Online: 2014-10-01

摘要: 针对虚拟化环境下Guest OS某些特定指令行为不会产生陷入从而在虚拟机管理器(virtual machine monitor, VMM)中无法对其进行监控处理的问题,提出通过改变非陷入指令正常运行条件,使其执行非法产生系统异常陷入VMM的思想;据此就x86架构下Guest OS中3种非陷入系统调用指令在VMM中的截获与识别进行研究:其中基于int和sysenter指令的系统调用通过使其产生通用保护(general protection, GP)错系统异常而陷入,基于syscall指令的系统调用则通过使其产生UD(undefined)未定义指令系统异常而陷入,之后VMM依据虚拟处理器上下文现场信息对其进行识别;基于Qemu&Kvm实现的原型系统表明:上述方法能成功截获并识别出Guest OS中所有3种系统调用行为,正常情况下其性能开销也在可接受的范围之内,如在unixbench的shell测试用例中,其性能开销比在1.900~2.608之间.与现有方法相比,它们都是以体系结构自身规范为基础,因此具有无需修改Guest OS、跨平台透明的优势.

关键词: 客户操作系统, 虚拟机管理器, 虚拟化, 非陷入指令, 系统调用

Abstract: To solve the problem that VMM can not monitor and control some Guest OS specific behavior due to its non-trapping feature in virtualized computing environment, an idea has been proposed to make those non-trapping instructions trap into VMM through modifying their normal execution conditions so as to cause system exception. According to the idea, special methods have been explored on how to intercept and identify the three different non-trapping system call instructions of x86 architecture from Guest OS within VMM. The int and sysenter instructions trap into VMM through causing GP system exception, while syscall instruction trap into VMM through causing UD system exception. They are identified with the virtual CPU context information within VMM. The Qemu&Kvm based prototype indicates that VMM can successfully intercept and identify all the three system call behaviors from Guest OS, and the performance overhead is within an accepted range for normal applications. For example, in unixbench shell test case, the performance overhead ratio is range 1900 to 2608. Compared with existing methods, they are all based on the architecture specification, so the advantage is that they are transparent to Guest OS and need not any modifications to Guest OS.

Key words: Guest OS, virtual machine monitor (VMM), virtualization, non-trapping instruction, system call

中图分类号: