高级检索

    VMM中Guest OS非陷入系统调用指令截获与识别

    Interception and Identification of Guest OS Non-trapping System Call Instruction within VMM

    • 摘要: 针对虚拟化环境下Guest OS某些特定指令行为不会产生陷入从而在虚拟机管理器(virtual machine monitor, VMM)中无法对其进行监控处理的问题,提出通过改变非陷入指令正常运行条件,使其执行非法产生系统异常陷入VMM的思想;据此就x86架构下Guest OS中3种非陷入系统调用指令在VMM中的截获与识别进行研究:其中基于int和sysenter指令的系统调用通过使其产生通用保护(general protection, GP)错系统异常而陷入,基于syscall指令的系统调用则通过使其产生UD(undefined)未定义指令系统异常而陷入,之后VMM依据虚拟处理器上下文现场信息对其进行识别;基于Qemu&Kvm实现的原型系统表明:上述方法能成功截获并识别出Guest OS中所有3种系统调用行为,正常情况下其性能开销也在可接受的范围之内,如在unixbench的shell测试用例中,其性能开销比在1.900~2.608之间.与现有方法相比,它们都是以体系结构自身规范为基础,因此具有无需修改Guest OS、跨平台透明的优势.

       

      Abstract: To solve the problem that VMM can not monitor and control some Guest OS specific behavior due to its non-trapping feature in virtualized computing environment, an idea has been proposed to make those non-trapping instructions trap into VMM through modifying their normal execution conditions so as to cause system exception. According to the idea, special methods have been explored on how to intercept and identify the three different non-trapping system call instructions of x86 architecture from Guest OS within VMM. The int and sysenter instructions trap into VMM through causing GP system exception, while syscall instruction trap into VMM through causing UD system exception. They are identified with the virtual CPU context information within VMM. The Qemu&Kvm based prototype indicates that VMM can successfully intercept and identify all the three system call behaviors from Guest OS, and the performance overhead is within an accepted range for normal applications. For example, in unixbench shell test case, the performance overhead ratio is range 1900 to 2608. Compared with existing methods, they are all based on the architecture specification, so the advantage is that they are transparent to Guest OS and need not any modifications to Guest OS.

       

    /

    返回文章
    返回