Page 1
© 2010 VMware Inc. All rights reserved
Application-level mobile virtualization
Harvey Tuch, Staff Engineer, Mobile Virtualization Platform
January 25th 2012
Sponsored by MIT and VMware Academic Programs
VMware: www.vmware.com
VMware Labs: labs.vmware.com
Page 2
2
Agenda
Mobile hypervisor distribution
Virtualization at user-level on Linux
Putting it together: Android VMM app
Programming exercise
Page 3
3
Mobile hypervisor distribution
Page 4
4
Mobile hypervisor distribution
Not all mobile hypervisor components can be typically provisioned by app store
• System software provisioned by OEM and/or carrier
• Maintenance of “baked on” bits
• Time to market (TTM)
• Market coverage
What if we move system (privileged) components to application (user) level?
• Distribute entire hypervisor like a regular app, via app store
• Relax distribution constraints
• Performance, fidelity tradeoffs
Page 5
5
Mobile hosted architecture
Privileged
User
Host world Guest/monitor world
Monitor
Guest
Kernel modulesHost kernel
VM control, device backends
Page 6
6
Deprivileged hosted architecture
Privileged
User
Host worldGuest + monitor
Host kernel
Page 7
7
App store distribution constraints
Mobile app security models, e.g. Android
• User-level, deprivileged execution
• Kernel sandboxing, restricted access to:
• File system
• Other applications
• Services (e.g. SMS, GPS, network)
• Native components via JNI
• Unique UID + data directory for each application
Page 8
8
Agenda
Mobile hypervisor distribution
Virtualization at user-level on Linux
Putting it together: Android VMM app
Programming exercise
Page 9
9
Virtualization at user-level on Linux
Page 10
10
User-level virtualization
Run guest as an application on host OS
• Guest user ISA runs 1:1
• How to handle guest user exceptions? (syscall traps, page faults, etc.)
• How to execute guest privileged ISA? (e.g. on ARM MSR/MRS/MCR/MRC..)
• How to map guest adddress space to application address space on host?
Page 11
11
User-level virtualization
Run guest as an application on host OS
• Guest user ISA runs 1:1
• How to handle guest user exceptions? (syscall traps, page faults, etc.)
• How to execute guest privileged ISA? (e.g. on ARM MSR/MRS/MCR/MRC..)
• How to map guest adddress space to application address space on host?
Page 12
12
Guest user ISA runs 1:1
Page 13
13
Guest user ISA runs 1:1
Page 14
14
User-level virtualization
Run guest as an application on host OS
• Guest user ISA runs 1:1
• How to handle guest user exceptions? (syscall traps, page faults, etc.)
• How to execute guest privileged ISA? (e.g. on ARM MSR/MRS/MCR/MRC..)
• How to map guest adddress space to application address space on host?
Page 15
15
Guest user syscall exception
Page 16
16
Guest user syscall exception
Page 17
17
Guest user syscall exception
Page 18
18
Guest user syscall exception
Page 19
19
ptrace system call
Linux system call allowing one process to control/monitor another
• Used by gdb, strace
• Parent can inspect/modify child’s:
• Register file
• Memory
• Parent can intercept child signals
• Exceptions (including syscall traps) reflected in Unix at user-level as signals
• Parent can single step and inject signals into child
Page 20
20
ptrace based virtualization
Hypervisor thread parent
• ptrace child thread representing guest
• Use ptrace:
• Intercept all signals (exceptions)
• Intercept system calls
• Context switch child thread between guest kernel/user
Performance penalties
• Each exception requires switching between guest thread, host kernel, hypervisor thread, host kernel and guest thread
• ptrace originally only intended for debug, but now optimized to support User-mode Linux (see also Fiasco-UX)
Page 21
21
ptrace exception handling
while (1) {
waitpid(guestPID, &status, __WCLONE | WUNTRACED);
...
struct user_regs regs;
ptrace(PTRACE_GETREGS, vmm->currentGuestPID, NULL, ®s);
int sig = WSTOPSIG(status);
switch (sig) {
case SIGTRAP: {
...
}
Page 22
22
Guest user syscall exception
Page 23
23
User-level virtualization
Run guest as an application on host OS
• Guest user ISA runs 1:1
• How to handle guest user exceptions? (syscall traps, page faults, etc.)
• How to execute guest privileged ISA? (e.g. on ARM MSR/MRS/MCR/MRC..)
• How to map guest adddress space to application address space on host?
Page 24
24
Guest privileged ISA
Page 25
25
Guest privileged ISA
Sensitive + privileged instructions
• E.g. MCR/MRC on ARM
• Trap+emulate with ptrace
Sensitive + non-privileged instructions
• E.g. MSR/MRS on ARM
• Paravirtualization
• Hypercall traps to hypervisor parent process via ptrace
Page 26
26
User-level virtualization
Run guest as an application on host OS
• Guest user ISA runs 1:1
• How to handle guest user exceptions? (syscall traps, page faults, etc.)
• How to execute guest privileged ISA? (e.g. on ARM MSR/MRS/MCR/MRC..)
• How to map guest adddress space to application address space on host?
Page 27
27
Guest address space mapping
Page 28
28
Guest address space mapping
Page 29
29
Guest address space mapping
• Reduced guest address space
• Guest kernel modifications required
• Guest application visible
Page 30
30
Agenda
Mobile hypervisor distribution
Virtualization at user-level on Linux
Putting it together: Android VMM app
Programming exercise
Page 31
31
Putting it together: Android VMM app
Page 32
32
Android .apk anatomy
.apk
Resources Meta-data
CertificatesDEX (Java)
Native code (JNI)
Page 33
33
Android VMM application
Java frontend
• VM lifecycle management
• Display VM framebuffer contents
• Touchscreen input
• Invoke native code via JNI
Native code (JNI)
• ptrace-based VMM
Resources
• Guest kernel + applications (LBS VM image)
Page 34
34
Agenda
Mobile hypervisor distribution
Virtualization at user-level on Linux
Putting it together: Android VMM app
Programming exercise
Page 35
35
Programming exercise
http://labs.vmware.com/academic/mit-iap-2012-mobile-virtualization
Implement parts of deprivileged mobile hypervisor
• Context switching
• Paravirtualized hypercall handling
Run on your Android smartphone (or SDK emulator)
Complete by 5th February 2012 to enter draw to win iPad
Questions and clarification to: [email protected]