1. Field of the Invention
The present invention relates to virtualization, and more particularly, to hypervisor-based virtualization systems.
2. Background Art
With Virtual Machine (VM) technology, a user can create and run multiple operating environments on a server at the same time. Each operating environment, or Virtual Machine, requires its own operating system (OS) and can run applications independently. The VM software provides a layer between the computing, storage, and networking hardware and the software that runs on it.
Virtual Machine technology can lower information technology (IT) cost through increased efficiency, flexibility, and responsiveness. Each VM acts as a separate environment, which reduces risk and allows developers to quickly re-create different operating system (OS) configurations or compare versions of applications designed for different OS's. Additional customer uses for VMs include targeted production server consolidation, hosting of legacy applications (older versions), and computer or server backup.
A Virtual Machine technology is therefore one technique for emulating or otherwise virtualizing the behavior of software and/or hardware. Generally, a Virtual Machine is an environment that is launched on a particular processor that is running an operating system. Normally, the operating system installed on such a machine or processor has certain privileges that are not available to user applications. For example, many input/output commands may be privileged, and executable only in the operating system (or privileged) mode. Certain areas of memory, or certain addresses in memory, also may require operating system privilege to be accessed.
A frequent situation that arises in this context is the problem of emulating (or, more broadly, virtualizing) a different operating system on the same processor. For example, with one version of Microsoft Windows running on the Intel x86 processor (for example, in a server environment), it may be necessary to emulate the behavior of another (different) version of Windows on the same Intel processor. This second operating system is generally referred to as “Guest OS,” and the code that it executes is generally referred to as “guest code.” Note that in order for the emulation to be meaningful, the Guest OS needs to execute privileged instructions as if it were actually running on the processor. In other words, the Guest OS, running as a Virtual Machine, is itself unaware that it is a Virtual Machine.
Execution of such privileged instructions, however, is the province of the native operating system. Therefore, any attempts by the Guest OS inside Virtual Machine to execute privileged instructions must be intercepted, so that they can be properly executed (or otherwise handled) by the VMM. The component that is responsible for this interception and emulation of privileged instructions is called a “Virtual Machine Monitor” or “VMM.”
A typical Virtual Machine Monitor (VMM) enables a single physical machine or processor to act as if it were several physical machines. A typical VMM, under control of a high-ranking operating system (OS), can run a number of different operating systems simultaneously, such that each of these different operating systems is its own Virtual Machine.
In other words, the Virtual Machine Monitor can handle one or a number of Virtual Machines, each of which represents its own operating system, and each of which can run its own application software. Usually, in industry parlance, the high-ranking OS is referred to as a “host OS” (HOS). The multiple operating systems that are running as Virtual Machines are usually referred to as “guest operating systems” (“Guest OS's”) running “guest code.”
Known in the conventional art are virtualization systems that use hypervisors such as the Xen virtualization system. Such a hypervisor “exists” on the highest privilege level over the operating system and on the same level as the virtual machine monitor (or sometimes the hypervisor includes the VMM).
Another hypervisor-based system has been discussed by VMWare, Inc., where the hypervisor is embedded entirely in the OS. Disadvantage is in that code is still remaining unsecured because some kind of kernel extension can be a blue pill (see further description) especially if this extension starts before VMWare's hypervisor. To avoid this you should start up hypervisor closer to system start like described in current invention. It is another reason why we do this invitation.
An additional problem is many of the current operating systems are due to the fact that modern microprocessors, such as Intel and any AMD microprocessors, include support for virtualization on a hardware level. Intel refers to this technology as VT-x, and AMD refers to it as AMD-V.
In addition to the four privilege levels available on earlier Intel microprocessors (level 0 being the most privileged, level 3 being the user mode), the CPU separates the working mode into a “root” mode and non-root mode. Each mode has four privilege levels. The root mode is topmost (highest) privilege level in the system. The root mode controls code execution in non-root mode. This occurs due to an additional set of the instructions available in the root mode that relate to virtualization, such as VMLAUNCH, VMRESUME, VMREAD, VMWRITE, VMPTRLD, VMPTRST, etc.
Code launched on the root level due to such instructions prepares a so-called VMCS structure describing code executed on the non-root level. VMCS describes also execution rules that define what the non-root code can do natively and what it cannot do (and what should be virtualized through the root level code). The above instructions are specifically designed to make virtualization of the processor easier.
When non-root level code does something not allowable by VMCS, it generates special fault (VMEXIT) that passes execution control to root mode for further processing.
However, it has been recently demonstrated that a novel-type of virus can be created, known as “Blue pill,” which resides on the root level in such a system. The virus, after embedding itself on the root level, pushes the operating system down to a lower non-root privilege level. Once this happens, the operating system has no way of recovering from this situation, and no way of knowing that this has occurred, if the virus is sufficiently “smart” to fool the operating system into thinking that it (meaning, the OS) is still running on the root level. The possibility of a virus, such as Blue pill, has led to great concerns in the development community, and it is not uncommon to ship computers with the latest Intel processors with the root level permanently disabled—essentially, “chopping off” a capability of the processor that might otherwise be quite valuable.
Accordingly, there is a need in the art for a virtualization system that addresses the above-identified concerns.