Introduction to Hardware-Accelerated Virtualization Technology

2018-09-29 - Virtualization Technology

Nowadays, Hardware-Accelerated Virtualization Technology is popular among kernel-mode development. The “New Blue-Pill” project is the first demo of application. The Hardware-Accelerated Virtualization Technology is also applied in anti-malware programs (e.g McAfee DeepSafe, Qihoo-360 “Core-Crystal” (a.k.a “核晶防护” in Simplified Chinese) , etc.). There are also lots of open-source projects related to Hardware-Accelerated Virtualization Technology. The most popular projects, especially the light-weight hypervisors, are:

Among these projects, HyperPlatform, I think, is the most popular one forked by Windows Driver developers.

In this article, I shall discuss the Hardware-Accelerated Virtualization Technology Essentials. The processors discussed in this article should be in accordance to AMD64 architecture, and be manufactured by Intel Corporation or Advanced Micro Devices, Inc.

For Intel processors, Hardware-Accelerated Virtualization is designed to VMX (Virtual Machine Extension) architecture. For AMD processors, Hardware-Accelerated Virtualization is designed to SVM (Secure Virtual Machine) architecture. There are essential concepts in common:

For developers who focus on light-weight virtualization, hypervisor is usually built in following three steps:

  1. Allocate VMCS/VMCB and other corresponding essential memory for all processors in system.
  2. Issue a generic broadcast to all processors.
  3. In each processor, setup guest state, control fields, etc. and start guest execution.

As guest has started execution, VM-Exit would occur. Therefore, handlers should be written as well. The handler is usually written in following steps:

  1. Save guest GPR state. XMM state might be saved since it might be destroyed, if SSE acceleration is applied.
  2. Perform your custom handling. GPR state might be revised.
  3. If VMM is about to be tore-down, restore GPR state and jump execution back to tear-down procedure. Do not execute step 4 if this step is applied.
  4. Restore guest GPR state (and XMM state) and issue VM-Entry in order to switch back to Guest Mode.

Last but not least, it is recommended, however difficult, that your hypervisor supports nested virtualization, since this could enable customer using your software while still enjoy other VMM softwares. If you are unable to write code for nested virtualization, intercept cpuid instruction and report Intel VT-x or AMD-V is unsupported, and inject an exception to guest when VMX or SVM instruction is invoked. This means you are virtualizing a machine to be not supporting Hardware-Accelerated Virtualization Technology.

In future blog articles, I will introduce how to build a hypervisor with Hardware-Accelerated Virtualization Technology, and explain further details. The C programming language and Macro Assembly will be the mainly used programming language.

Leave a Reply

Your email address will not be published. Required fields are marked *