virtual cpu validation
play

Virtual CPU Validation Nadav Amit, Dan Tsafrir, Assaf Schuster - PowerPoint PPT Presentation

Feb 15, 2024 •427 likes •697 views

Virtual CPU Validation Nadav Amit, Dan Tsafrir, Assaf Schuster Ahmad Ayoub, Eran Shlomo Question Your video server freezes once a month. Why? OS, drivers, BIOS CPU, hardware Virus / Hack Cosmic rays / Power Anything else?

  1. Virtual CPU Validation Nadav Amit, Dan Tsafrir, Assaf Schuster Ahmad Ayoub, Eran Shlomo

  2. Question Your video server freezes once a month. Why? • OS, drivers, BIOS • CPU, hardware • Virus / Hack • Cosmic rays / Power Anything else?

  3. “75% of x86 server workloads are virtualized” [Gartner’15] 80% Virtualized Workloads 60% 40% 20% 0% 2011 2012 2013 2014 2015 Year

  4. Hypervisor Bugs • HW assists virtualization, but SW is still there application • Bug implications: security, stability OS hypervisor • CPU virtualization is hardest, and its bugs have the greatest impact CPU

  5. Real-Life Example • Non-existent register reads leaked host data • Security vulnerability • Patching required reboot

  6. Existing Solutions Micro-hypervisors [Steinberg’10] Reduced trusted-computing base, not hypervisor code Formal Verification [Leinenbach’09] No formal model of CPU Fuzzing [Martigonini’12] No knowledge of CPU semantics

  7. Observation • CPU vendors invest heavily in developing testing tools • 100s of person years or more! • Physical and virtual CPU should behave similarly • So tools for testing physical CPUs should be able to find bugs in virtual CPUs

  8. Contribution 1. Adapt & apply physical CPU testing tools to VCPUs 2. Study hypervisor bugs • Found, fixed, and analyzed >100 bugs

  9. Outline • Motivation • System • Physical CPU testing tools • Adapting tools to VCPUs • Results • Causes of bugs • Impact of bugs • Architectural flaws (as opposed to SW bugs) • Conclusions

  10. Physical CPU Testing Test Initialization Generator Random code & Arch. Sim. Test templates Completion

  11. Physical CPU Testing CPU Test Generator Loader SUT Test Arch. Sim. Debug Res. Tools

  12. Benefits • High coverage • Due to intimate architecture semantic awareness + effort • Low false-positive rate • No undefined results of instructions • No nondeterministic results (due to errata or asyncevents) • Easy to debug • Interim checks • Detailed failure indications • Trace of expected architectural execution

  13. Adaptation: Test Generation • Broken or missing virtualization features Test • Add: • Cache-line monitoring Generator • Performance Monitor Unit v3 Arch. Sim. • … • Workaround: • Nested virtualization • Data breakpoints • …

  14. Adaptation: Execution and Debug • Load tests using hypervisor monitor CPU protocol Test Vloader SUT • Curb OS jitter • Emulate test device for Res. I/O instructions Debug Tools • Enhance debug tools

  15. Effort and Testing Time • Bootstrapping effort • 2 weeks to run the first empty test • 1.5 months to run the first full test • Per-test time • Generation – 5 seconds • Execution – less than a second / 1MB • Failure debugging avg – ~3 hours (high var)

  16. Outline • Motivation • System • Physical CPU testing tools • Adapting tools to VCPUs • Results • Causes of bugs • Impact of bugs • Architectural flaws (as opposed to SW bugs) • Conclusions

  17. Testing KVM: 117 Bugs debug reset 9% 5% task switch 4% model specific registers 7% instruction emulator local 62% APIC 6% other 7%

  18. Instruction Emulator • Why does a hypervisor need an instruction emulator? • Port I/O and Memory Mapped I/O (MMIO) Emulating instructions that access emulated devices • Support for old hardware Restricted guest; shadow page tables • Vendor specific instructions Migration between AMD and Intel • Instruction emulator stress • Emulate every instruction • Run natively if emulation is unsupported

  19. Bug Causes unclear documentation • Mostly due to not 7% following specifications coding • Documentation can errors be improved 15% • Plain coding errors • Races not following specifications • Null dereferences 78% • Wrong error codes • Decimal/Hex

  20. Implications: Security • 6 vulnerabilities • Impact: • Host compromised: 3 host DoS • VM compromised: 2 VM DoS, 1 privilege escalation • Main cause – instruction emulator bugs • x86 ISA consists of 800+ instructions • Usually, many instructions should not be emulated • But the hypervisor can be tricked to emulate them

  21. Implications: Security - Example Exploiting CVE-2015-0239 – potential privilege escalation hypervisor vCPU0 (1) Execute (2) VM-exit (4) Emulate MMIO “buggy” instruction instruction “SYSENTER” “MOV R8, [HPET]” “SYSENTER” “ SYSENTER ” (3) write a “ buggy ” instruction vCPU1

  22. Implications: Stability • Hard to quantify • One bug caused virtual machines to freeze • Nontrivial race • Turns to be 5-year old bug • Was seen number of times over the years • 4 additional software regressions

  23. Hardware Flaws • Found 4 architecture flaws • Desired virtual machine properties • Equivalence Both cannot be kept • Efficiency • Resource Control • Causes: • Non-virtualizable state • Missing state save/restore facilities • Errata

  24. Hardware Flaw: FPU state CPU 16-bit 64-bit FCS FIP FCS FIP FIP 64-bit 32-bit • Old CPUs: restore either 16-bit FCS or 64-bit FIP • New CPUs: deprecate FCS save/restore New Problem in Real-Mode: FIP = (FCS << 4) | FIP

  25. Outline • Motivation • System • Physical CPU testing tools • Adapting tools to VCPUs • Results • Causes of bugs • Impact of bugs • Architectural flaws (as opposed to SW bugs) • Conclusions

  26. Conclusions • Virtualization robustness/security should not be assumed • CPU vendors are able to test hypervisors efficiently • And it is in their best interest… • Demand it from your CPU vendor!

Recommend

MANEUVER BASED VALIDATION OF BMW xDRIVE VARIANTS BY USING VIRTUAL VEHICLE INTEGRATION AND HIL TEST

MANEUVER BASED VALIDATION OF BMW xDRIVE VARIANTS BY USING VIRTUAL VEHICLE INTEGRATION AND HIL TEST

19.09.2012 Matthias Prebeck, Dr. Peter Rissling; BMW Group Michael Folie; IPG Automotive MANEUVER BASED VALIDATION OF BMW xDRIVE VARIANTS BY USING VIRTUAL VEHICLE INTEGRATION AND HIL TEST METHODS. IPG TECHNOLOGY CONFERENCE, SEPTEMBER 18 -19,

448 views • 18 slides
Validation of an innovative experim ental safety assessm ent for virtual control tow er HMI

Validation of an innovative experim ental safety assessm ent for virtual control tow er HMI

Faculty of Transportation and Traffic Sciences, Institute of Logistics and Aviation, Chair of Air Transport Technology and Logistics Validation of an innovative experim ental safety assessm ent for virtual control tow er HMI designs Lothar

396 views • 21 slides
Transactions of the Korean Nuclear Society Virtual Spring Meeting July 9-10, 2020 Validation of

Transactions of the Korean Nuclear Society Virtual Spring Meeting July 9-10, 2020 Validation of

Transactions of the Korean Nuclear Society Virtual Spring Meeting July 9-10, 2020 Validation of the Multi-Group Pin Homogenized SP3 Code SPHINCS through BEAVRS Benchmark Analyses Jorge Gonzalez-Amoros, Hyunsik Hong, Hyun Ho Cho and Han Gyu Joo *

618 views • 4 slides
Form Validation 1 CS380 What is form validation? 2 validation: ensuring that form's values

Form Validation 1 CS380 What is form validation? 2 validation: ensuring that form's values

Form Validation 1 CS380 What is form validation? 2 validation: ensuring that form's values are correct some types of validation: preventing blank values (email address) ensuring the type of values integer, real number,

284 views • 24 slides
Data Mining II Model Validation Heiko Paulheim Why Model Validation? We have seen so far

Data Mining II Model Validation Heiko Paulheim Why Model Validation? We have seen so far

Data Mining II Model Validation Heiko Paulheim Why Model Validation? We have seen so far Various metrics (e.g., accuracy, F-measure, RMSE, ) Evaluation protocol setups Split Validation Cross Validation Special

1.04k views • 55 slides
Chapter 5 Analysis: Four Level for Validation Vis/Visual Analytics, Chap 5 Validation 1 CGGM

Chapter 5 Analysis: Four Level for Validation Vis/Visual Analytics, Chap 5 Validation 1 CGGM

Chapter 5 Analysis: Four Level for Validation Vis/Visual Analytics, Chap 5 Validation 1 CGGM Lab., CS Dept., NCTU Jung Hong Chuang Contents Why Validate? Validation Approaches Domain Why is Validation Abstraction

724 views • 47 slides
Capital Quality Validation Webinar Sept. 17, 2020 Agenda Validation Overview

Capital Quality Validation Webinar Sept. 17, 2020 Agenda Validation Overview

Capital Quality Validation Webinar Sept. 17, 2020 Agenda Validation Overview Validation Timeline Authorized Representative Validation Process How to Log In to QuickBase How to Reset Your Password How to

451 views • 43 slides
Development and Validation of a Code for the Oxygen Distribution of Zircaloy Cladding in

Development and Validation of a Code for the Oxygen Distribution of Zircaloy Cladding in

Transactions of the Korean Nuclear Society Virtual Spring Meeting July 9-10, 2020 Development and Validation of a Code for the Oxygen Distribution of Zircaloy Cladding in Non-Isothermal Transient Steam Oxidation Dongju Kim , Kyunghwan Keum ,

302 views • 4 slides
Occams Razor Sampling Bias : generate the data carefuly Data Snooping : handle the data

Occams Razor Sampling Bias : generate the data carefuly Data Snooping : handle the data

recap: Validation and Cross Validation Validation Cross Validation D ( N ) D 1 D 2 D N D train Learning From Data D ( N K ) g 1 g 2 g N Lecture 14 ( x 1 , y 1 ) ( x 2 , y 2 ) ( x N , y N ) Three Learning Principles D

486 views • 15 slides
AngularJS &amp; Bootstrap Form Validation HTML default validation Browsers have built-in

AngularJS &amp; Bootstrap Form Validation HTML default validation Browsers have built-in

AngularJS &amp; Bootstrap Form Validation HTML default validation Browsers have built-in HTML validation These work when the type attribute is given to an input element We might want better validation than is provided by the web

328 views • 13 slides
Module 4 19/05/2015 2 Agenda 1. What is validation? 2. Three-part empathy 3. What is

Module 4 19/05/2015 2 Agenda 1. What is validation? 2. Three-part empathy 3. What is

VALIDATION SKILLS Module 4 19/05/2015 2 Agenda 1. What is validation? 2. Three-part empathy 3. What is involved? 4. Why, when and how to use validation 3 What is validation? Validation = saying something People with BPD are much

265 views • 8 slides
Verification and Validation Steven Zeil February 13, 2013 Verification and Validation

Verification and Validation Steven Zeil February 13, 2013 Verification and Validation

Verification and Validation Verification and Validation Steven Zeil February 13, 2013 Verification and Validation Outline The Process 1 Non-Testing V&amp;V 2 Code Review Mathematically-based verification Static analysis tools

790 views • 55 slides
VALIDATION The goal of validation is to judge the quality of the soft- ware from the users

VALIDATION The goal of validation is to judge the quality of the soft- ware from the users

VALIDATION The goal of validation is to judge the quality of the soft- ware from the users point of view; e.g., reliability. The goal of all validation techniques is: to reveal failures, to localize the faults that caused the

281 views • 14 slides
LaGov LaGov Version 2.2 Updated: 12/17/08 Visit our website for Blueprint Presentations,

LaGov LaGov Version 2.2 Updated: 12/17/08 Visit our website for Blueprint Presentations,

Inventory and Warehouse Management Inventory and Warehouse Management Inventory and Warehouse Management Validation Session Validation Session Validation Session LOG- -IM/WM IM/WM- -Validation Validation LOG LOG-IM/WM-Validation January

1.59k views • 146 slides
Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines: Virtual machine technology, often just called virtualization , makes one computer behave as several Running several operating systems simultaneously on

254 views • 10 slides
Workshop on process validation General concepts on process validation Kowid Ho Scope /

Workshop on process validation General concepts on process validation Kowid Ho Scope /

Workshop on process validation General concepts on process validation Kowid Ho Scope / background Process evaluation/validation of biotechnology derived proteins used as active substance in the manufacture of medicinal products (i.e.

346 views • 16 slides
Validation of a Multi-physics Simulation A. Guada, S. Approach for Insertion Electromagnetic

Validation of a Multi-physics Simulation A. Guada, S. Approach for Insertion Electromagnetic

Validation of a Multi-physics Simulation A. Guada, S. Approach for Insertion Electromagnetic Rogers Flowmeter Design Application Motivation Background Principle Virtual Current Density Voltage Output Inline Vs. Insertion EMFM Theory

387 views • 26 slides
Learning From Data Lecture 13 Validation and Model Selection The Validation Set Model Selection

Learning From Data Lecture 13 Validation and Model Selection The Validation Set Model Selection

Learning From Data Lecture 13 Validation and Model Selection The Validation Set Model Selection Cross Validation M. Magdon-Ismail CSCI 4100/6100 recap: Regularization Regularization combats the effects of noise by putting a leash on the

349 views • 31 slides
Conceptual Validation Tests on Forced Convection Condensation using SISTA Taehwan Ahn , Jinhwa

Conceptual Validation Tests on Forced Convection Condensation using SISTA Taehwan Ahn , Jinhwa

Transactions of the Korean Nuclear Society Virtual Spring Meeting July 9-10, 2020 Conceptual Validation Tests on Forced Convection Condensation using SISTA Taehwan Ahn , Jinhwa Yang, Youyeon Choi, Chanjong Seo, Bae Hwang, Hyun-Sik Park Korea

389 views • 3 slides
CSc 337 LECTURE 23: REGULAR EXPRESSIONS What is form validation? validation : ensuring that

CSc 337 LECTURE 23: REGULAR EXPRESSIONS What is form validation? validation : ensuring that

CSc 337 LECTURE 23: REGULAR EXPRESSIONS What is form validation? validation : ensuring that form's values are correct some types of validation: preventing blank values (email address) ensuring the type of values integer, real

524 views • 20 slides
CSE 154 LECTURE 11: REGULAR EXPRESSIONS What is form validation? validation : ensuring that

CSE 154 LECTURE 11: REGULAR EXPRESSIONS What is form validation? validation : ensuring that

CSE 154 LECTURE 11: REGULAR EXPRESSIONS What is form validation? validation : ensuring that form's values are correct some types of validation: preventing blank values (email address) ensuring the type of values integer, real

920 views • 25 slides
To be or not to be validation of registrants Lise Fuhr Validation of registrants Why do DK

To be or not to be validation of registrants Lise Fuhr Validation of registrants Why do DK

ccNSO-meeting Dublin, October 2015 To be or not to be validation of registrants Lise Fuhr Validation of registrants Why do DK Hostmaster validate registrants? 1 March 2015 two new obligations were introduced in the Danish Domain

448 views • 10 slides
CFD modeling for validation of the 1/7 th scale steam generator inlet plenum mixing experiment

CFD modeling for validation of the 1/7 th scale steam generator inlet plenum mixing experiment

Transactions of the Korean Nuclear Society Virtual Spring Meeting July 9-10, 2020 CFD modeling for validation of the 1/7 th scale steam generator inlet plenum mixing experiment Kukhee Lim a * , Cheongryul Choi b , Dae Kyung Choi b , Yong Jin Cho a

180 views • 4 slides
Effective Validation of Firmware Enabling firmware development and validation to keep pace with

Effective Validation of Firmware Enabling firmware development and validation to keep pace with

Effective Validation of Firmware Enabling firmware development and validation to keep pace with hardware innovations. Tom Melham University of Oxford Problem Firmware today facing greater complexity and shorter schedules coded at low

478 views • 14 slides

More recommend