Upgrade to Pro — share decks privately, control downloads, hide ads and more …

My Challenge of embedding mruby into a bare-metal hypervisor

My Challenge of embedding mruby into a bare-metal hypervisor

I will talk my experience of embedding mruby into a hypervisor ‘BitVisor’. BitVisor, that was made in Japan, is an open-source thin hypervisor especially for instrumenting and rewriting device I/Os such as network, USB, and HDDs. It has been quite hard to implement it although mruby is suitable for embed. In Bitvisor, almost standard library functions cannot be used and the FPU processing is restricted since hypervisor must be running under OS. I wish my unique experience could be useful and valuable not only for users but also for mruby contributors.

Yuki Nakata chikuwait

September 20, 2017
Tweet

More Decks by Yuki Nakata chikuwait

Other Decks in Technology

Transcript

  1. 1
    My Challenge of embedding mruby
    into a bare-metal hypervisor
    1
    Yuki Nakata (@chikuwa_IT)
    Future University Hakodate(B2 student)

    View full-size slide

  2. 2
    2
    My project : mruby in BitVisor
    • Embed mruby into a bare-metal hypervisor
    BitVisor
    • objective : implement monitoring and
    manipulating I/O between OS and Hardware
    device with efficient coding by mruby
    RiteVM
    mrbgems(Ruby)
    mrbgems(C)
    mruby Applications
    2
    .BD04
    BitVisor

    View full-size slide

  3. 3
    3
    Utilizing the Intel VT-x/AMD-V virtualization hardware
    Storage
    Management
    Encryption
    Authentication
    / Key
    management
    VPN
    Virtual Machine Monitor (VMM) Core
    ID
    Management
    Network
    Management
    Hardware Devices
    OS X Guest OS
    - Small & Light-weight Hypervisor
    • 128MiB footprint and 100K SLOC
    • Targeted for Intel VT-x and AMD-V virtualization
    hardware
    - Security Functions to Prevent Data Breaches
    • Disk encryption for HDD, USB sticks
    • OS-agnostic mandatory VPN
    • Insecure or unused device hardware isolation
    BitVisor is a hypervisor for security purposes
    Significant Features of BitVisor

    View full-size slide

  4. 4
    4
    1. No complete 'libc' library for BitVisor
    2. Prohibit of any floating point arithmetic inside BitVisor
    because of FPU unavailable
    Technical issues on embedding mruby into BitVisor

    View full-size slide

  5. 1.The Standard C Library doesn’t exist
    5
    5
    - BitVisor provides minimal libraries
    - some of the functions are available in BitVisor, such as printf() and
    free(), but they may be incompatible to the standard libc ones
    - Of course, mruby depends on the libc library
    - Mainly string and math related functions are missing
    - e.g. memmove, strncmp, pow, floor
    Most of libc function calls in the mruby code
    should be implemented from scratch

    View full-size slide

  6. 6
    6
    void
    *memmove(void *dst, const void *src, unsigned int count)
    {
    void *ret = dst;
    if(dst == NULL || src == NULL || count == 0){
    return NULL;
    }
    if(dst <= src || (unsigned char *)dst >= ((unsigned char *)src + count)){
    while(count--){
    *(unsigned char *)dst = *(unsigned char *)src;
    dst = (unsigned char *)dst + 1;
    src = (unsigned char *)src + 1;
    }
    }else{
    dst = (unsigned char *)dst + count - 1;
    src = (unsigned char *)src + count - 1;
    while(count--){
    *(unsigned char *)dst = *(unsigned char *)src;
    dst = (unsigned char *)dst -1;
    src = (unsigned char *)src - 1;
    }
    }
    return ret;
    }
    example(memmove)
    - Memmove is a function to moveɹɹ
    n bytes of memory block
    - Memmove does not exist in BitVisor
    - Need to implement it myself

    View full-size slide

  7. 7
    7
    - Floating point instructions should not be used in BitVisor
    - In the current BitVisor implementation, any FPU instructions must be kept
    away from the VMM the because the preempted guest OS might use the FPU
    Use software emulation of floating point numbers
    2. Unavailable for floating point number

    View full-size slide

  8. Issues of using software float
    8
    8
    - For ARM and MIPS, It can be enabled with compiler options
    - Can not do the same with x86_64 Architecture…
    - Replace it by yourself instead of the compiler
    - Integrate the Berkeley SoftFloat library into BitVisor

    View full-size slide

  9. 9
    9
    Replace float with software float
    - Berkeley SoftFloat can handle
    arithmetic operations
    - Replace numeric.c, string.c,
    vm.c, etc.

    View full-size slide

  10. 10
    10
    Running a mruby code
    before OS boot
    10.times do |n|
    Bitvisor.print(“#{n} Hello”)
    end
    bitvisor_mruby/mruby_components/sample/sample.rb

    View full-size slide

  11. 11
    github.com/chikuwait/bitvisor_mruby
    11

    View full-size slide