My Challenge of embedding mruby into a bare-metal hypervisor

My Challenge of embedding mruby into a bare-metal hypervisor

I will talk my experience of embedding mruby into a hypervisor ‘BitVisor’. BitVisor, that was made in Japan, is an open-source thin hypervisor especially for instrumenting and rewriting device I/Os such as network, USB, and HDDs. It has been quite hard to implement it although mruby is suitable for embed. In Bitvisor, almost standard library functions cannot be used and the FPU processing is restricted since hypervisor must be running under OS. I wish my unique experience could be useful and valuable not only for users but also for mruby contributors.

9fdb3aa57e5fb99b3772976b0b903e53?s=128

Yuki Nakata chikuwait

September 20, 2017
Tweet

Transcript

  1. 1 My Challenge of embedding mruby into a bare-metal hypervisor

    1 Yuki Nakata (@chikuwa_IT) Future University Hakodate(B2 student)
  2. 2 2 My project : mruby in BitVisor • Embed

    mruby into a bare-metal hypervisor BitVisor • objective : implement monitoring and manipulating I/O between OS and Hardware device with efficient coding by mruby RiteVM mrbgems(Ruby) mrbgems(C) mruby Applications 2 .BD04 BitVisor
  3. 3 3 Utilizing the Intel VT-x/AMD-V virtualization hardware Storage Management

    Encryption Authentication / Key management VPN Virtual Machine Monitor (VMM) Core ID Management Network Management Hardware Devices OS X Guest OS - Small & Light-weight Hypervisor • 128MiB footprint and 100K SLOC • Targeted for Intel VT-x and AMD-V virtualization hardware - Security Functions to Prevent Data Breaches • Disk encryption for HDD, USB sticks • OS-agnostic mandatory VPN • Insecure or unused device hardware isolation BitVisor is a hypervisor for security purposes Significant Features of BitVisor
  4. 4 4 1. No complete 'libc' library for BitVisor 2.

    Prohibit of any floating point arithmetic inside BitVisor because of FPU unavailable Technical issues on embedding mruby into BitVisor
  5. 1.The Standard C Library doesn’t exist 5 5 - BitVisor

    provides minimal libraries - some of the functions are available in BitVisor, such as printf() and free(), but they may be incompatible to the standard libc ones - Of course, mruby depends on the libc library - Mainly string and math related functions are missing - e.g. memmove, strncmp, pow, floor Most of libc function calls in the mruby code should be implemented from scratch
  6. 6 6 void *memmove(void *dst, const void *src, unsigned int

    count) { void *ret = dst; if(dst == NULL || src == NULL || count == 0){ return NULL; } if(dst <= src || (unsigned char *)dst >= ((unsigned char *)src + count)){ while(count--){ *(unsigned char *)dst = *(unsigned char *)src; dst = (unsigned char *)dst + 1; src = (unsigned char *)src + 1; } }else{ dst = (unsigned char *)dst + count - 1; src = (unsigned char *)src + count - 1; while(count--){ *(unsigned char *)dst = *(unsigned char *)src; dst = (unsigned char *)dst -1; src = (unsigned char *)src - 1; } } return ret; } example(memmove) - Memmove is a function to moveɹɹ n bytes of memory block - Memmove does not exist in BitVisor - Need to implement it myself
  7. 7 7 - Floating point instructions should not be used

    in BitVisor - In the current BitVisor implementation, any FPU instructions must be kept away from the VMM the because the preempted guest OS might use the FPU Use software emulation of floating point numbers 2. Unavailable for floating point number
  8. Issues of using software float 8 8 - For ARM

    and MIPS, It can be enabled with compiler options - Can not do the same with x86_64 Architecture… - Replace it by yourself instead of the compiler - Integrate the Berkeley SoftFloat library into BitVisor
  9. 9 9 Replace float with software float - Berkeley SoftFloat

    can handle arithmetic operations - Replace numeric.c, string.c, vm.c, etc.
  10. 10 10 Running a mruby code before OS boot 10.times

    do |n| Bitvisor.print(“#{n} Hello”) end bitvisor_mruby/mruby_components/sample/sample.rb
  11. 11 github.com/chikuwait/bitvisor_mruby 11