WEBVTT 1 00:00:02.040 --> 00:00:10.530 William Cheng: This is the third part of lecture 19 so now we're going to sort of take a look at, you know, what does it take, you know, what kind of requirement. Do you have to 2 00:00:10.889 --> 00:00:20.790 William Cheng: Implement a virtual machine. As it turns out, some CPUs are not virtualized bubble and some CPUs are so we're going to sort of see, you know, what's, what's going to be the restriction. Yeah. 3 00:00:21.750 --> 00:00:28.530 William Cheng: So, so there are two types of virtualization, as we mentioned before. One is a pure virtualization your virtualized 4 00:00:28.920 --> 00:00:36.660 William Cheng: virtualized every piece of hardware. And again, the way you think about hardware is that there's, you know, there's the power is the CPU the hallways, the memory. 5 00:00:36.900 --> 00:00:46.500 William Cheng: And then the hallway, are the IoT devices, right, so last time was sort of briefly talked about how would you would, you know, you know, virtualize the CPU and also virtualize the IoT devices. 6 00:00:48.510 --> 00:00:53.790 William Cheng: And later on, we're also going to talk about how to virtualize you know like the virtualized memory. Okay. 7 00:00:54.360 --> 00:01:04.260 William Cheng: So. So as it turns out that, you know, so this is called pure virtualization you virtualize every piece of hardware. So this is very costly because he because again you have to sort of 8 00:01:05.250 --> 00:01:12.180 William Cheng: Your virtual machine, you have to fool the operating system and make the opposite thing that is running on the real hard work, right. So, in that case is a lot of tedious work. 9 00:01:12.600 --> 00:01:18.090 William Cheng: So yeah, I don't really want to make it sounds like it's so easy that this can be done, but in reality is a lot of work. Yeah. 10 00:01:18.450 --> 00:01:22.710 William Cheng: So that's why you know today. There's really not too many, you know, virtual machine vendors out there. 11 00:01:23.610 --> 00:01:28.500 William Cheng: The other one is parallel virtualization. So in this case, you know you are allowed to change the virtualized 12 00:01:29.310 --> 00:01:43.500 William Cheng: The virtualized entity, you can actually go and change the ISO files and I have different operating system. So we'll also going to see some example you know under what conditions, we will do something like that. And, you know, and then see some example of that. 13 00:01:44.820 --> 00:01:51.420 William Cheng: Alright, so first let's let's focus on pure virtualization. So again, when we talk about virtualization. When you talk about two things virtual 14 00:01:51.960 --> 00:01:57.840 William Cheng: CPUs virtual as the IoT devices and also virtualize the virtual memories or again. That's sort of a separate topic. 15 00:01:58.620 --> 00:02:05.970 William Cheng: So number. The first one is that, you know, you know, a can all CPUs be virtualized right so again processor CPUs. They're all interchangeable. 16 00:02:06.690 --> 00:02:13.740 William Cheng: So, you know, IBM is the one that invented virtualization, as it turns out that the IBM hardware. It's actually a virtualized double 17 00:02:14.130 --> 00:02:19.140 William Cheng: Okay, so later on with us. We're talking about some other hardware that actually you know sort of that individual as well. 18 00:02:19.740 --> 00:02:24.780 William Cheng: So what does it take to virtualize the the CPU, right, you're gonna have you're gonna end up with building a lot of virtual 19 00:02:25.380 --> 00:02:33.180 William Cheng: Virtual machines. So one thing that you can do that you have to say you have to juggle among all these virtual machine, but that kind of juggling. It's the same thing that juggling processes. 20 00:02:33.570 --> 00:02:39.540 William Cheng: Which is done by the operating system. So in that respect. They're all they're all very, very similar. Okay, so that's not the hard part. 21 00:02:39.870 --> 00:02:47.490 William Cheng: To switch on one one virtual machine to another virtual machine and within one virtual machine. Are you going to switch from one process or the other. So again, that they're very similar 22 00:02:48.420 --> 00:02:53.250 William Cheng: Now the hard part over here is to make the virtual machine look exactly like the hardware. 23 00:02:53.460 --> 00:03:01.410 William Cheng: Right, because you know whatever the the operating system is expecting you got to make sure that everything of the operating system is expected. Oh, everything that gets up and says, I'm expecting 24 00:03:01.800 --> 00:03:07.140 William Cheng: They actually happen is that it gets optimism. Right. So this way that gets happens is that won't be able to tell 25 00:03:07.620 --> 00:03:10.980 William Cheng: You know, if it's running under on real hardware or running that virtual machine. 26 00:03:11.310 --> 00:03:18.180 William Cheng: Okay. So yeah, if you run it on the real you know real hardware. If you're supposed to get an interrupt, which means that you're going to execute you know of service routine. 27 00:03:18.480 --> 00:03:27.990 William Cheng: Inside the inside your virtual machine. You also need to simulate you also shouldn't be used to simulate. You also need to make sure that your interrupt service routine is executed. 28 00:03:28.470 --> 00:03:39.480 William Cheng: At the right time. Yeah. Well, so. So this guy is, you know, you can see that it's sort of much more difficult to actually fool the guest operating system to think that is running on the real hardware now. 29 00:03:40.530 --> 00:03:48.930 William Cheng: You know so. So as it turns out, right, since we're using, you know, since he was actually getting started directly on the CPU. A lot of the stuff can be done. 30 00:03:49.320 --> 00:03:56.040 William Cheng: You know, to the implement a virtual machine without a problem, right. The only thing we started really have to worry about is that, you know, what if you know you know 31 00:03:56.490 --> 00:04:07.560 William Cheng: What if you know that you know that there are some machine instruction. Okay. When you execute them inside the guest appearances that they will be executed incorrectly. I will you run inside a virtual machine. 32 00:04:08.070 --> 00:04:11.940 William Cheng: Right. So again, the goal is to make it look exactly the same. What if you can't 33 00:04:12.840 --> 00:04:15.870 William Cheng: Okay, so if you cannot do that. Well, then in that case, you're gonna be in trouble. 34 00:04:16.200 --> 00:04:20.250 William Cheng: Yeah. So over here, it says, you know, if a virtual machine is executing the virtual privilege mo. 35 00:04:20.520 --> 00:04:27.270 William Cheng: If things that is running in the real privilege moment in reality is running inside a virtual privilege mo wants to prevent it from changing something like memory mapping 36 00:04:27.930 --> 00:04:37.590 William Cheng: Okay, so for example if you want to modify your page table. Okay. I mean, the guest operating system is supposed to modify the most amount of how to pace table. Are you allowed to do that. 37 00:04:38.670 --> 00:04:45.660 William Cheng: Okay, so if you're allowed to do that. Are you going to mess up your own virtual machine, right, because you know you actually change the real hardware data structure. Why, in that case. 38 00:04:46.470 --> 00:04:57.660 William Cheng: You know, or if you for example, if you want to change the car to register. So again, we're using interesting example because we don't know what our instructions for the idea for for for the IBM mainframe. Yeah. So for example, you know, 39 00:04:58.260 --> 00:05:09.690 William Cheng: I guess I guess in chapter seven. We talked about, you know, inside Intel CPU, we use the car three registered, you know, which contain a physical address and that address is the base address or the page table. 40 00:05:10.620 --> 00:05:17.340 William Cheng: Okay, so when you're executing study we exclude instruction set your guest. Mr. You want to change the content of the CRC register. 41 00:05:17.580 --> 00:05:26.760 William Cheng: Now if you do that if you do that on the real see on the real CPU, then you're going to miss you, you end up missing out with your you're going to, you're gonna end up a mess up your virtual machine. 42 00:05:27.660 --> 00:05:33.960 William Cheng: Okay, so therefore we need to sort of make sure that the right things happen. Otherwise we won't be able to build up build up build a virtual machine. 43 00:05:34.710 --> 00:05:42.810 William Cheng: Now, alright. So, you know, here's, here's some instructions must be identify and make sure that they work properly under virtualization. Right. So again, you know, 44 00:05:43.200 --> 00:05:52.620 William Cheng: You need to be careful under virtualization so so so in a sense, under virtualization, we needed this thing distinguish between different kinds of instruction we have the regular instruction we have the 45 00:05:52.860 --> 00:05:57.570 William Cheng: Privilege structure. Now we're going to introduce another kind of instruction is known as sensitive and structure. 46 00:05:58.410 --> 00:06:10.740 William Cheng: Okay, so there are instructions on the privilege, right, we have a definition of opportunity to watch it a privilege instruction is the instruction that you know that that will cause provide instruction trap when you're executing the user mode. 47 00:06:11.490 --> 00:06:16.830 William Cheng: So, so you know it's okay if you try to execute privilege instruction in the user mode you're going to end up tapping into the opposite. 48 00:06:17.070 --> 00:06:23.400 William Cheng: What if you execute a permanent injunction instead of privilege mode. Well, in that case, nothing happens. You get executed directly inside the CPU. 49 00:06:24.180 --> 00:06:31.200 William Cheng: Okay, so a privilege instruction get executed that CPU they fully get executed if you're in the privilege mode. Okay, so that's sort of definition. 50 00:06:31.470 --> 00:06:37.440 William Cheng: Of the privilege and if you actually do that in the user mo you guaranteed to trap insight into the operating system. Yeah. 51 00:06:38.100 --> 00:06:42.930 William Cheng: Well, I suppose, in a way, you know, will when I studied guarantee to the to the cause of trapping your offerings is them. 52 00:06:43.200 --> 00:06:49.050 William Cheng: The basic idea of yours that you will cause an error. And then the opportunities that will take control and the opposite, we tend to sort of figure out what to do. 53 00:06:49.680 --> 00:06:56.550 William Cheng: Okay, so therefore, again, it's very important for prison privilege instruction that will cause an error we execute inside a user space. Good. 54 00:06:57.360 --> 00:07:06.300 William Cheng: What about the sensitive instruction over here. So put a question mark here. And the next slide I'll be here. Give me the definition of an introduction. I put an extra here because this is the definition of the textbook. 55 00:07:06.900 --> 00:07:11.640 William Cheng: Okay, miss, it makes it very, very difficult as I start to sort of figure out exactly what the sensitive instruction is 56 00:07:11.970 --> 00:07:19.740 William Cheng: Especially for introductory class like like ours. So therefore, we're going to sort of give you a slightly different a different definition, you know, pretty soon. Okay, so sort of 57 00:07:20.250 --> 00:07:24.810 William Cheng: Sort of more operational definition. So you can actually figure out, you know, where the instruction is sensitive or not. 58 00:07:25.680 --> 00:07:35.670 William Cheng: Alright, so here's an example of a sensitive instruction right so in you know kernels. I'm. It was sort of mentioned that there's one thing you can do is that because I see our three again we're using intelligence structure. 59 00:07:35.940 --> 00:07:45.990 William Cheng: Get a value and the value over here is going to be a physical address okay fulfil physical memory or I'll be here. I'll get physical address can be anything right zero x, you know, whatever number all yeah 60 00:07:46.560 --> 00:07:57.270 William Cheng: So I guess one of the example I gave, we have a car three is don't get the value of x ray, X is going to be a physical memory physical memory location. If you are inside a guest operating system. Are you allowed to execute this instruction. 61 00:07:59.100 --> 00:08:05.070 William Cheng: Okay, the answer is that you must not be allowed to execute this instruction, because if you execute this instruction. What's wrong with this instruction right 62 00:08:05.310 --> 00:08:14.790 William Cheng: Because the guest operating system is running the user space of the real machine. So all the virtual you know all the addresses that the guest operating system is operating on. They're all fake addresses. 63 00:08:15.660 --> 00:08:20.760 William Cheng: Okay, so what kind of, you know, what kind of addresses of the kiss army system has right. It has a virtual address. It has a physical address 64 00:08:20.970 --> 00:08:28.050 William Cheng: But now the virtual address is actually a virtual virtual address and the physical address that it has is virtual physical address and they're all fake addresses. 65 00:08:28.590 --> 00:08:36.090 William Cheng: Okay, so if the guess how many system is lot of put a value that a thing. It's a physical address but in reality it's a it's a virtual physical address 66 00:08:36.330 --> 00:08:43.380 William Cheng: If you put it into the CRC register instead of real CPU, what, what's going to happen while your entire virtual machine from this point, it was executed correctly. 67 00:08:44.850 --> 00:08:55.620 William Cheng: Okay, so therefore CRC. It gets a value of x that instruction is this is a sensitive in structure. Okay, it's not only has to be privilege. Okay. They also need to be sensitive so so so 68 00:08:56.940 --> 00:09:00.870 William Cheng: So, so in this case if this instruction. It's not privilege, then your virtual machine. 69 00:09:02.430 --> 00:09:05.010 William Cheng: Your virtual machine is gonna fall apart. Yeah. 70 00:09:06.090 --> 00:09:08.730 William Cheng: So this pretty the instructions CRC gets value of x, right. 71 00:09:08.970 --> 00:09:20.850 William Cheng: How do we actually execute that inside the virtual machine right so it's okay if you actually this this instruction inside of guest appearances that we want to make sure is that a trap into the VM m so that VM m can actually emulate this instruction. 72 00:09:22.590 --> 00:09:32.520 William Cheng: Okay, so, so, so what, why can't you know what kind of VM, actually this instruction right okay or, you know, like we said, we talked about before inside VMware, you can deliver this trap into the gas companies is them. 73 00:09:32.700 --> 00:09:42.330 William Cheng: When you execute a car week as a value. It's not, it's not going to cost a trap. Right. So there's no traffic headlines that against albinism. So therefore, the only way to implement this one is to emulate them is IBM 74 00:09:43.650 --> 00:09:46.890 William Cheng: Okay, so this is the construction cost sensitive right because I 75 00:09:48.990 --> 00:09:56.580 William Cheng: Because if you don't allow the VM M to to emulate it you're going to end up your virtual machine is going to be doing the wrong thing. Yeah. 76 00:09:58.440 --> 00:10:07.140 William Cheng: All right, you know, so, so all sensitive instruction must also be privileged because if a sensitive instruction is now privilege, then your virtual machine will execute correctly. 77 00:10:07.710 --> 00:10:18.030 William Cheng: Okay, so get this give us another definition of a sensitive machine. So this is more operational definition. It's an instruction that if it's not privilege, it will cause the guest operating system to execute incorrectly. 78 00:10:18.990 --> 00:10:29.130 William Cheng: OK. So again, for example, see our three is going to get those sort of value x over here. Okay, if we if we allow this one the excuse that I guess I'll be nice to them, then the entire virtual machine will will be broken. 79 00:10:30.000 --> 00:10:35.580 William Cheng: Okay, so what of what so so what what's supposed to happen right this instruction better be privileged, then you know since 80 00:10:35.760 --> 00:10:43.890 William Cheng: The case, I'll be just an execute inside the, the user space of the real machine we execute a sensitive instructor you're trapped into into the VM M. 81 00:10:44.100 --> 00:10:55.200 William Cheng: That, in this case the Vietnam War emulated. How does the VM going to emulate this instruction right this instructions as see are three gets a value of x and x is the physical address is the virtual physical address is that it gives happiness to Sam. 82 00:10:55.620 --> 00:11:02.370 William Cheng: There. So in the real CPU. Why should just see our three two while you shouldn't send it to x, y. So, Y. So US IBM and what we hear 83 00:11:02.580 --> 00:11:13.710 William Cheng: What we need to do is that we need to use the value of x and look up all the data structure inside the virtual machine over here. And then we need to compute another value of x and x prime is going to be the physical address on the real hardware. 84 00:11:14.910 --> 00:11:21.600 William Cheng: Okay, so, so in reality, we're going to execute this instruction CR three gets a value of x prime and x prime is derived from ads. 85 00:11:21.780 --> 00:11:29.550 William Cheng: So inside the virtual machine over here. So instead of virtual machine. We have a virtual CPU. I'm a virtual CRC register. So the virtual CR three register is going to get the value of x. 86 00:11:30.090 --> 00:11:36.330 William Cheng: Okay, well, the real CRC register inside of hardware is going to get the value of X and X PRIZE computer by the virtual machine monitor 87 00:11:38.730 --> 00:11:50.010 William Cheng: Okay, so, so, so, you know, if this cannot be done, you know, then there's no way for us to virtualize the CPU and the there's no way for us to build a virtual machine for CPU like this. 88 00:11:50.430 --> 00:11:54.900 William Cheng: Okay, because if you try to execute this instructions that against somebody says, then you're going to mess up the virtual machine. 89 00:11:55.740 --> 00:12:06.150 William Cheng: Yeah, alright. So, so this operation definition might be more useful for introduction course like us. So basically, the idea here is that when you look at the CPU. You want to determine whether it's virtualize of all 90 00:12:06.360 --> 00:12:12.990 William Cheng: What you would need to do is that you need to go through every machine structure inside the CPU. I tried to identify all the sensitive instruction. 91 00:12:13.410 --> 00:12:20.970 William Cheng: OK, so again it says live instruction or the one that if they are not privileged, it will cause the guest operating system to execute correctly. Right. So you think about you're actually writing strategy. 92 00:12:21.270 --> 00:12:25.320 William Cheng: In the guest operating system or inside a real hardware to see there's a difference, you know, 93 00:12:25.860 --> 00:12:36.690 William Cheng: You know, if it turns out execute this code this co inside the guest operating system will cause the virtual machine to fall apart. But in that case you give up on the CPU to say the CPU cannot be virtualized 94 00:12:38.130 --> 00:12:48.750 William Cheng: Okay. Otherwise, if you go to every instruction for every, you know, sensitive. Enjoy. You say, Oh, this one is also privileged. So, therefore, what happened to the virtual machine monitor is that virtual machine matter, I can emulate it and everything will be okay. 95 00:12:49.260 --> 00:12:53.610 William Cheng: So in that case, I will be able to implement a virtual machine, you know, for the CPU there. 96 00:12:54.990 --> 00:13:04.620 William Cheng: Alright so this there. Am I took developed by alpaca Goldberg, they are researcher, you know, in operating system at UCLA in 1974 they publish a paper. 97 00:13:05.100 --> 00:13:16.080 William Cheng: So, at that time, Intel CPU become more and more popular. So, you know, some of the opportunities of research and they say, Hey, you know, it will be cool, you know, and actually build a virtual machine using Intel CPU, so we don't have to 98 00:13:17.040 --> 00:13:26.820 William Cheng: You know, always go back to to to to the to the IBM, you know, three IBM 360 opportunism then. So they tried to sort of study how to virtualize the x86 EP or or 99 00:13:27.510 --> 00:13:31.950 William Cheng: The egg, the Intel CPU and they keep trying keep trying. They couldn't do it. 100 00:13:32.790 --> 00:13:40.290 William Cheng: Okay, so in the end is sort of find out why. And they publish a paper they prove that the sufficient condition to be able to construct a virtual machine. 101 00:13:40.470 --> 00:13:49.590 William Cheng: Is simply the following. And there's only one rule that you have to satisfy in order for you to build a virtual machine is that the computer says are sensitive instruction is a subset of the privilege of structure. 102 00:13:50.160 --> 00:13:57.720 William Cheng: Okay. So, okay, if you look at this is the setup all the privilege instruction then the set of sensitive instruction is actually a subset of it. Okay, so another way 103 00:13:58.200 --> 00:14:02.430 William Cheng: To say is that every sensitive instruction right here and must be a premonition structure. 104 00:14:02.700 --> 00:14:12.600 William Cheng: Right, if you have this situation over here where one sensitive instruction over here. It's not privileged then you give up on the CPU and UT clear that is that for the CPU, you cannot build a virtual machine. 105 00:14:13.680 --> 00:14:14.040 William Cheng: Man. 106 00:14:15.180 --> 00:14:26.790 William Cheng: All right, you know, so, so, you know, this year, they published in the paper, they actually provide a mathematical proof that this is the only condition, you have to satisfy in order for you to determine whether you can build a virtual machine or not. 107 00:14:27.330 --> 00:14:44.820 William Cheng: This there I'm host for IBM 360 and no wonder IBM can build a virtual machine for, you know, for, for, for the IBM 360 hardware, then this there and does not hold for the x86 CPU. So therefore, the conclusion is that people should stop trying. You cannot build a virtual machine for x86 CPU. 108 00:14:46.110 --> 00:14:55.680 William Cheng: Okay, so for next 20 years people you know demon try because you know you have you have written a paper you have mathematical mathematically prove that it's impossible to build a virtual machine. 109 00:14:56.010 --> 00:15:00.180 William Cheng: Okay, but today we know that we can actually build a virtual machine on x86 CPU. Right. So what has changed. 110 00:15:01.260 --> 00:15:04.260 William Cheng: Okay, so the answer is that people found a way to cheat. This era. 111 00:15:05.010 --> 00:15:13.890 William Cheng: Okay. And of course, the company that did that was VMware VMware actually found a way to build a virtual machine for the x86 CPU and still not violating the syrup. 112 00:15:14.610 --> 00:15:19.530 William Cheng: Okay, so, India, you know, people are pretty clever, they find a backdoor. I think it actually goes well I know we're going to talk about that. Pretty soon. Yeah. 113 00:15:21.210 --> 00:15:30.300 William Cheng: Alright, so, so again that's finished about the idea of 360 so IBM PCT. You know, so you can sort of think about your instruction as a divine to see different kind of instruction said 114 00:15:30.630 --> 00:15:36.720 William Cheng: There's going to be the non sensitive instructions that you know app. Subtract point of manipulation, all that kind of stuff. The regular instruction is 115 00:15:37.260 --> 00:15:42.690 William Cheng: So, and then there's a second kind of wish the one that caused error. Right. You can travel the offices and because you make a system call 116 00:15:43.170 --> 00:15:48.690 William Cheng: Or you divide by zero, and all these kind of sounds. So these are air instruction and the third type of we hear their sensitive introduction 117 00:15:48.900 --> 00:15:54.420 William Cheng: Okay, you will see that these three different kinds of instruction as far as virtualization is concerned, you know, they're very different 118 00:15:54.750 --> 00:16:00.270 William Cheng: Okay, so for example. So let's take a look at the real machine over here are the real machine has a real user mode, the real privilege mall. 119 00:16:00.480 --> 00:16:06.750 William Cheng: If you execute are regulating structure in these two different modes, while they do exactly the same thing. They actually on the CPU just fine. 120 00:16:07.140 --> 00:16:17.730 William Cheng: Okay. So, therefore, if you execute of, you know, addition instructions that user Ma, they will actually want to see if you just fine. If you do it inside of privilege mo. Again, there's no difference. Adding is adding doesn't really matter which module yet that 121 00:16:18.300 --> 00:16:28.380 William Cheng: What if you execute an instruction that will cause an error. Right. So again, these are the era that will cause the user space. So if you do this in a user mode, you will trap into the kernel. And then there's a kernel handler for that. 122 00:16:28.620 --> 00:16:32.130 William Cheng: What if you execute such instruction inside of privilege mall. Well, in that case, he went out. 123 00:16:33.150 --> 00:16:42.180 William Cheng: In this case, you know if there's an error instruction i could divide by zero typically so often this is that they will also provide a handler for us, or this case, you can also trapped inside a colonel. 124 00:16:42.750 --> 00:16:48.180 William Cheng: Who has a different audiences and those kind of different things. I think we mentioned before, like in 125 00:16:49.110 --> 00:16:52.590 William Cheng: In the Windows operating system, you can actually get a page for inside the Colonel. 126 00:16:52.980 --> 00:16:59.880 William Cheng: Okay, before the Linux operating system and also for your current assignment where you're inside the Colonel. You are not allowed to get a paintball if you get occasional you go get your 127 00:17:00.240 --> 00:17:04.860 William Cheng: End up in the kernel panic. Yeah. Well, they're operating system out there, such as Microsoft Windows 128 00:17:05.340 --> 00:17:11.610 William Cheng: You know where you get a strong set of Colonel, there's actually a handler inside the kernel level view of the handler, there are. So in this case, you know, when 129 00:17:12.030 --> 00:17:21.930 William Cheng: We execute Aaron instruction over here like causing a baseball. You will also trapped inside a corner or as you can see that for non sensitive instruction and Aaron instruction over here, their actions are exactly the same. 130 00:17:22.860 --> 00:17:32.190 William Cheng: Guy. But what about for the sensitive instruction over again if you execute a sensitive instruction in the user mode for IBM 360 since they're all privilege. Why not case, what do you, what do you think we're trapped inside a carnal. 131 00:17:32.790 --> 00:17:42.450 William Cheng: That, well, you know, if you're inside a privilege while you're inside the VM M we secure sensitive instruction, you actually directly on the CPU not he doesn't began again this is a 132 00:17:43.290 --> 00:17:51.900 William Cheng: This is a sensitive instruction. So therefore, in it. So in this case, what it will do is it will execute sorry this instruction is privilege. So they will execute just fine inside the Colonel. 133 00:17:52.650 --> 00:18:01.320 William Cheng: Whereas you can actually see that in the sense of being structure under user mode under privileged small, they have different behavior, right, while the other two guns instruction. They have the same kind of behavior. 134 00:18:01.710 --> 00:18:09.450 William Cheng: That what about inside the virtual machine for IBM 360 right so in the 360 virtual machine over here again we can see that the are the three different instructions. 135 00:18:09.840 --> 00:18:17.340 William Cheng: For the non sensitive instruction in the virtual user mode and the virtual your previous mo. They do exactly the same thing. The execute directly on the CPU. 136 00:18:17.580 --> 00:18:21.330 William Cheng: Add is at point of manipulation is point of manipulation. So they're all the same. 137 00:18:21.630 --> 00:18:28.890 William Cheng: Whatever the one that caused error. Right. So in this case, if you're in the user mode over here. You're trapped into the VM M and Vienna would deliver the trap. 138 00:18:29.190 --> 00:18:32.460 William Cheng: Into the guests organism. What am I hearing is that it gets up, he says that 139 00:18:32.790 --> 00:18:42.000 William Cheng: Right. So again, all these areas instruction over here, since you're in the user Mo, you also tried to operate is is that so the opposite of his don't deliver the trap to the guests often uses them because they're handler for the guest operating system. 140 00:18:42.420 --> 00:18:44.730 William Cheng: Now finally, for the assessment of instruction. 141 00:18:45.210 --> 00:18:50.220 William Cheng: So these are, these are all privilege for IBM 360 so if you execute them in the application. 142 00:18:50.460 --> 00:19:00.840 William Cheng: In the virtual user mode you're traveling to the VM M and the VMware would deliver these trapped into the guess ordinances there, right, because the guests. Obviously, I'm supposed to handle all these all these tribes. 143 00:19:01.380 --> 00:19:10.770 William Cheng: What about if you execute that insider, you know, instead of guess offerings. Is that because in this case there will be no handler inside against our business and so therefore the VM M has the emulator. 144 00:19:11.280 --> 00:19:14.340 William Cheng: Right. So again, can see that, you know, for the sensitive instruction over here. 145 00:19:14.670 --> 00:19:26.880 William Cheng: They are handled differently when they happen inside a virtual user mode versus the virtual privilege ball, while all the other, you know, do all the other type of instruction in the end they execute exactly the same way, whether they're in the virtual user mode membership privilege. 146 00:19:28.170 --> 00:19:37.140 William Cheng: OK. So again, you know, when you consider virtualization is very important to point out, which instruction not sensitive in, you know, in addition to, you know, Jesse Turner with instructions privilege or not. 147 00:19:37.950 --> 00:19:43.920 William Cheng: And for IBM 360 all the sensitive beings ocean. They're all privilege. So, therefore, you could build a virtual machine for it. Okay. 148 00:19:46.200 --> 00:19:58.530 William Cheng: All right, so you know 50 years later, or 60 years later, guys. Today, over here, right. So we have, you know, Intel. Alright. So on the left hand side over here you have a mainframe computer they fill up the entire floor. 149 00:19:59.100 --> 00:20:08.400 William Cheng: Today's computer they fit on the desktop ran me over here, this not not nowadays the on the laptop. You can even use a virtual machine. I don't know if you can actually use a virtual machine on your phone. 150 00:20:09.060 --> 00:20:15.690 William Cheng: But I'm pretty sure one day is going to come right but you know. But right now, they only available on the desktop or laptop. 151 00:20:16.560 --> 00:20:26.730 William Cheng: Right. So even though the operations are very, very different. But in a way, they're all very, very similar. Right. The IBM 360 and the the entire x86 they all provide you know multi threading multiple processes. 152 00:20:27.000 --> 00:20:35.760 William Cheng: Virtual Memory and all these kind of stuff. Okay, so most of the of the characteristics of these properties and all very, very similar. There are two major things that are different where you consider virtualization. 153 00:20:36.030 --> 00:20:49.890 William Cheng: Their. Number one is that for IBM 360 offices that we structure our privilege instructions. Why we talked about already, and for into not all sensitive in such a privilege structure right so that's why Paul pack and Gilbert decided that there was no way to build a 154 00:20:50.370 --> 00:20:53.100 William Cheng: Virtual Machine for the for the for the Intel CPU, then 155 00:20:53.760 --> 00:20:56.460 William Cheng: The other major differences, the way they do it. All right, well mentioned 156 00:20:56.730 --> 00:21:02.760 William Cheng: briefly before I you know I IBM, the way they do. I always that they use these channel architecture. I, they don't use the bus architecture. 157 00:21:02.940 --> 00:21:09.810 William Cheng: These the channel architecture, you can download software into the channel controller and the channel controller can talk to pretty much any kind of IOT devices. 158 00:21:10.380 --> 00:21:20.910 William Cheng: Okay, so in that case the channel controller there implement by IBM. So therefore if IBM wants to emulate every instruction inside of a channel control, they can actually do it because they own the software. They know exactly what it looks like. 159 00:21:21.450 --> 00:21:29.940 William Cheng: Okay, what about into x86 right they are used by the IBM PC IBM PC has an open architecture. You have no idea what people actually put into the device driver. 160 00:21:30.630 --> 00:21:34.710 William Cheng: Okay, so therefore, how are you going to actually emulate all the devices. If you don't know what's actually go on there. 161 00:21:35.550 --> 00:21:43.230 William Cheng: Okay. So this guy is going to be a lot more difficult. Right, so, so, so in the end, there's a way to do it, but it's very, very tedious, you know, for, you know, so if you imagine that on the Microsoft Windows 162 00:21:44.070 --> 00:21:51.210 William Cheng: Microsoft Windows have any device driver. They have maybe they have 100,000 device driver. So now if you want to build a virtual machine, you know, for, you know, 163 00:21:52.320 --> 00:21:58.290 William Cheng: For for the entire CPU on top of Microsoft one. In that case, you have to virtualize 100,000 device driver. 164 00:21:59.160 --> 00:22:04.980 William Cheng: Okay, because he's not a guess how businesses and they're all these device drivers are in the yeah well you know basically is going to be a scalability issue. 165 00:22:05.700 --> 00:22:09.690 William Cheng: Okay, so, so, so also this way, you know, a full for the for the entire x86 166 00:22:10.020 --> 00:22:19.710 William Cheng: The I O is done using memory map IO, right. So, you know, when you go across the bus. You are you trying to access. One of the I O instruction and we mentioned before in chapter three. Right. The I will show you over here. 167 00:22:20.100 --> 00:22:27.960 William Cheng: Basically is going to be treated as instruction, you know, to the device to the devices. Okay, so all these memory map I oh they need to be emulated 168 00:22:28.710 --> 00:22:33.330 William Cheng: OK. So again, whenever you try to try to generate a bus cycle using certain ranges of, you know, 169 00:22:33.750 --> 00:22:40.380 William Cheng: Sort of range of your physical address that you know that you're talking to other devices because the IBM PC. So if you find the area of the define 170 00:22:40.560 --> 00:22:48.330 William Cheng: What address you usually use to talk to all these devices. So by looking at the these addresses over here, what we can do is that we can actually, you know, sort of, 171 00:22:50.100 --> 00:22:58.770 William Cheng: Set up a page table so that when you're trying to you're trying to you. Are you these addresses, you're gonna cost of trapping the VM M and now the VM can emulate every one of these machines directions. 172 00:22:59.400 --> 00:23:08.610 William Cheng: Okay, because everyone is instruction and basically cause a bus cycle. So you're going to look at the virtual so you're going to look at a physical address onto the bus right and you try to sort of figure out what can actually you have he that they 173 00:23:08.940 --> 00:23:17.370 William Cheng: Have to take. Great. So all these things can be done, but it's very, very tedious. So in the end, you know, if you compare these two, they are very different in the sense that, you know, you know, 174 00:23:17.910 --> 00:23:27.810 William Cheng: If you want to, you want to virtualize the Intel for things like you know doors or windows. So in that case, you're going to end up emulating a lot of a lot instructions. 175 00:23:28.710 --> 00:23:34.440 William Cheng: That. So even though this can be done, but in the end it's very tedious and the among the world that you have to do is 176 00:23:35.550 --> 00:23:38.670 William Cheng: Actually, the law compared to, you know, what you have to do for the idea. Yeah. 177 00:23:40.380 --> 00:23:47.550 William Cheng: Alright, so again, let's first talk about virtualized in the CPU for Intel CPU into CPU, actually. As for the upper has 178 00:23:48.090 --> 00:23:56.730 William Cheng: CPU monitor. I will talk about CP most there is the the user mode and there's a privilege smile. Right. Typically CPU has on to most for some reason into actually have 179 00:23:57.060 --> 00:24:00.690 William Cheng: Foremost I mentioned before, you know, when we give a brief introduction 180 00:24:01.110 --> 00:24:09.720 William Cheng: To the x86 CPU inside the coast haven't registered. There are two bits right could be 00011011 and those are your CPU mode. 181 00:24:10.050 --> 00:24:22.320 William Cheng: Okay, so the terminology Intel uses, they call them rings. So this is being zero, which the most privileged well and then we have three over here is the least privilege ma. There's also between one and two. So everyone is less privileged than zero, but more 182 00:24:22.590 --> 00:24:30.120 William Cheng: Than one zero and agree to over here is less privileged and ring one over here, but less, the more privileged than every three were 183 00:24:30.720 --> 00:24:36.720 William Cheng: Even today, you know, most people are actually only using zero and three nobody actually used to hear the rain. Rain, rain, the middle 184 00:24:37.050 --> 00:24:48.300 William Cheng: Okay, so it makes you wonder why they didn't actually add these, these two extra mode. But anyway, it's really unimportant. Right. So, so what's important over here. To understand that, you know, Intel CPUs little weird. Okay. They have four different rings. Yeah. 185 00:24:48.930 --> 00:24:54.390 William Cheng: So, but every once in a while I get people to ask me, you know, what does this picture look like rises appears, you're always basically it's the kind of like this picture. 186 00:24:54.600 --> 00:25:00.360 William Cheng: Show you the four winds, and they'll you know different ways to go from one to the other. So there's these entry points of yeah anyways. 187 00:25:01.050 --> 00:25:07.890 William Cheng: So, you know, once in a while. Good question about this one. Alright so CPS foremost right ring 01 ring to rendering three 188 00:25:08.700 --> 00:25:15.300 William Cheng: The instruction, vice versa. So Intel, you know, has some instruction on that are you know their sensitivity or our privilege. 189 00:25:15.780 --> 00:25:22.110 William Cheng: We're going to only talk about one of them. Okay. Because, you know, this one is kind of easy to understand all the other ones that are more Intel specific 190 00:25:22.530 --> 00:25:33.150 William Cheng: This one is kind of a general purpose instruction, but because he tell you these wings structure, they actually do something weird with this instruction. Okay, so this instruction is known as Papa, papa is the opposite of push f 191 00:25:34.290 --> 00:25:40.350 William Cheng: Then push it, push flag, you know, onto the stack and Paul bet is to pop the flags, you know, 192 00:25:40.860 --> 00:25:45.990 William Cheng: Under the stack. So one of the flags. Right. So remember, you know, in chapter one. When I go, go over the introduction of 193 00:25:46.290 --> 00:25:53.700 William Cheng: Into hardware. I said I there. There are a bunch of registering is that the CPU. One of the register of yours, no as the flood register. He has a 194 00:25:54.240 --> 00:25:59.340 William Cheng: As a bunch of biz, such as Kerry bit. Okay. So for example, when you perform an arithmetic. 195 00:26:00.030 --> 00:26:06.690 William Cheng: And reading operation like add or subtract. If there's a carry than the seabed over Yogi's. That's why if there's no carry you'll be set to zero. 196 00:26:07.260 --> 00:26:17.610 William Cheng: Where there are also a bill called a zero bit right if you perform it. Eric medical or logical operation is a result if the error is equal to zero then z will be set to one. Otherwise he will be set to zero. 197 00:26:17.880 --> 00:26:25.710 William Cheng: Okay. There's also the overflow bit if you perform a floating point operations. There's overflow than the old build up said why there is no overflow be set to zero. 198 00:26:25.890 --> 00:26:33.360 William Cheng: So there's a bunch of these flag business that he he CPU away proposed an operation, you'll be set to one or zero. So, collectively over economy, the floodgates 199 00:26:34.350 --> 00:26:43.590 William Cheng: Okay, so in this case when we execute instruction push flat. We're going to take all these five register bits over here we're going to combine them into a 32 bit we're and we're going to save it onto the stack. 200 00:26:43.830 --> 00:26:47.160 William Cheng: Guys so they have. Okay, here's our stuck over here ESP is pointing right here. 201 00:26:47.700 --> 00:26:59.040 William Cheng: There's a way you execute push. So we're gonna we're going to store all these value the zebra. The seeded the obit all these bits over here. So we're going to document yesterday by four and then ride the 32 bit onto the top of the staff. 202 00:27:00.090 --> 00:27:03.510 William Cheng: There. So again, why do you want to do that. Right. You want to say contacts and literally you can 203 00:27:03.810 --> 00:27:10.260 William Cheng: Still contact. So this instruction is done all the time. So the opposite of the push flag operation is called noise, pop, pop, F. 204 00:27:10.560 --> 00:27:20.280 William Cheng: Instruction over here. So, what it will do is that, you know, yes please funny right here. So we actually will pop up and women take all these register value over here, restore them back into the CPU and the increment yes be by four. 205 00:27:20.850 --> 00:27:25.860 William Cheng: Okay, so how can this instruction actually cause problem. This is certainly shouldn't cause any problem, right, because you know you offer them save 206 00:27:26.100 --> 00:27:31.920 William Cheng: A contact and restore contacts, then. So this instruction cause problem because Intel implement this in charge in a really weird way. 207 00:27:32.340 --> 00:27:38.670 William Cheng: There. So this instruction, the way the same structure actually depends on the CPU mode if CPU mode is equal to zero. 208 00:27:39.360 --> 00:27:44.370 William Cheng: Okay, if you see if you go to zero you only take the first 16 bit over here and he restored into the 209 00:27:44.700 --> 00:27:53.730 William Cheng: Year, so that means the CPU. If you're in ring three what you were to say what take the entire 32 bit and you store them into the seat and we started back in the CPU. Why, why would they do that. 210 00:27:54.450 --> 00:28:07.710 William Cheng: Because you know these 32 bit over here on the left hand side, these are the regular beds, you know, zero and carriers aren't about that. The rest of the bed over here. They are privileged bits. Okay. So, therefore, we actually your pop up in week three as our inside 211 00:28:09.270 --> 00:28:19.560 William Cheng: Sorry, I think I got it backwards ring three over here is privileged right let's go back to figure out through via is the most privileged over here. So if you execute probably bring zero 212 00:28:19.830 --> 00:28:29.640 William Cheng: All these bits over here, including all the privileges over here is going to get restored inside of CPU. If you actually do this instruction read three only the leading 16 bits over here. Therefore inserted CPU. 213 00:28:30.720 --> 00:28:35.640 William Cheng: Okay, so, so, so why was this one called any problem. Now if you're inside the case of when he says 214 00:28:36.210 --> 00:28:45.120 William Cheng: Okay, you try to restore all the bits over here into the CPU also need to be aware. But since you're executing inside a virtual machine. He only restore the first 16 beds. So now everything is messed up. 215 00:28:46.560 --> 00:28:52.620 William Cheng: Okay, so one of the biz over here is is interoperable. Right. You know, because when you try to save the flag over here if you're inside the Colonel. When you say the flat. 216 00:28:52.770 --> 00:29:02.100 William Cheng: You want to say that, you know, I've been able flat and then later on we entered we store. You want to interrupt enable flat out to be restored inside of CPU, because even though Robert neighbor is part of the contents of your sweat. 217 00:29:02.820 --> 00:29:09.270 William Cheng: Okay, but if you are in rings three, of course, in that case, you are not allowed to save the interrupter naval flag. It also now locked in restored and Robin black 218 00:29:09.810 --> 00:29:21.000 William Cheng: OK, so now when you're inside a virtual machine you're in, you're executing the guess obviously in the in the user mode of the real machine. Why, in that case, you're going to be executed correctly because some of the register is that the CPU will be 219 00:29:22.530 --> 00:29:29.250 William Cheng: Will be studying incorrectly and worst of all this instruction, where you actually few inside when three, it will not be privileged 220 00:29:30.030 --> 00:29:40.020 William Cheng: Right, because this is starting when you actually ends up being three. The only restore the first 60 day it will not cause the trap because if it can actually cause a try, you try things out opportunism the opposite, we can actually emulate this 221 00:29:40.500 --> 00:29:48.480 William Cheng: Okay, but you didn't even give the VM and mature. Yeah, my choice. It was simply execute inside of CPU and he will restore the wrong register into the CPU. 222 00:29:49.410 --> 00:29:59.070 William Cheng: Okay, so because of, you know, there are other instruction in the Intel there like this, but this is the one that's very well known, you know, so this is one that prevent a virtual machine to be built for the Intel CPU. 223 00:30:00.270 --> 00:30:10.830 William Cheng: That. So for 20 years the people sort of gave up to the virtual machine or so later on VMware common law and come up with a solution, right. So what is going to be the solution right so we can sort of 224 00:30:11.370 --> 00:30:17.490 William Cheng: Talk about. There are three different solutions over here. The first solution over here is known as binary, binary rewriting 225 00:30:18.060 --> 00:30:27.900 William Cheng: Okay, so we're going to rewrite the colonel binary of the guests organism. We're going to look look for those those pop up instruction, if they are part of the kernel code. We're going to take it out. 226 00:30:29.670 --> 00:30:44.310 William Cheng: Right, so that's that's what I caught cheating, right. So we know that pop is when a car is going to cause trouble inside the privilege mall. So therefore, we're gonna replace the puppet instruction with a different instruction so that you know so that we can actually emulate this instruction. 227 00:30:45.990 --> 00:30:55.260 William Cheng: Guys. Okay, well, we need to do that, we need to go to the kernel code. But again, this is not the kernel source code is the Colonel binary. So that's why this is called a binary. Right. So imagine that you're installing Ubuntu 16.4 228 00:30:55.440 --> 00:31:05.040 William Cheng: Right. We don't install stuff into the kernel. We're gonna actually scan the code over here to see which one you know which called is part of the colonel inside a carnal. If we see a pop up being associated with just going to replace it. 229 00:31:06.150 --> 00:31:11.460 William Cheng: Okay, so this way. We're actually we're going to look at all the instruction that will cause trouble for Intel. We're going to replace them. So this way you know 230 00:31:11.760 --> 00:31:15.420 William Cheng: You know, they will not cause any trouble. So what kind of instruction are going to replace them with 231 00:31:16.380 --> 00:31:21.540 William Cheng: That so because we're going to replace all the sensitive instruction that will cause trouble with hyper call 232 00:31:21.780 --> 00:31:29.280 William Cheng: Guys, okay, what I recall is the call to the hypervisor the hypervisor is the current name for the virtual machine monitor. Right, you mentioned before I version which monitor 233 00:31:29.460 --> 00:31:35.490 William Cheng: Today's call hypervisor so hyper call is like a system called right except that you don't call it says that he actually called the hypervisor. 234 00:31:35.880 --> 00:31:44.190 William Cheng: Okay, so you actually get instruction is it will go into the hypervisor. So why example I can think of is that if you replace them by in the legal instruction. 235 00:31:45.210 --> 00:31:52.380 William Cheng: Okay, so if you replace you know pop every see a pop having section over here. So maybe pop every zero x 1234 you know this operation called over here. 236 00:31:52.590 --> 00:32:00.960 William Cheng: If you see this project you replace them with illegal instruction and now we actually pop up while in this case you're traveling to VMware and Vienna and say, Oh, you're here. Oh, I 237 00:32:01.440 --> 00:32:12.000 William Cheng: You know the all the all the VM M is the one or the hypervisor is the one that put, you know, put the Lego instruction there. So, therefore, he says, oh, I have to implement this pop up in ring zero. So, thereby know exactly what to do. 238 00:32:13.050 --> 00:32:21.060 William Cheng: Okay, so in this case we actually would get around the problem that you know Pope, I gotta go. Virgo run into a pied piper Pied Piper and district. 239 00:32:21.450 --> 00:32:27.450 William Cheng: Now alright so So also, you know, it's really not a good idea that when you install the operating system, you actually do all this kind of stuff. 240 00:32:27.690 --> 00:32:33.120 William Cheng: Okay, we actually want to do this dynamic a want to do this on the fly. Okay. When you're operating system is running. We're going to replace that 241 00:32:33.330 --> 00:32:43.080 William Cheng: I mean, if you do this when you are installing the opportunities and what do you forget operating system upgrade. Right. So basically, every time we upgrade. You got to scan all the public and searching, you know, replace them so that that will actually work. 242 00:32:43.620 --> 00:32:52.170 William Cheng: Okay, but typically this is not done so, so, so this is, you know, the VMware is the one that actually invented technologies and what they will do is that they would do this as obvious ism is running. 243 00:32:52.830 --> 00:32:55.740 William Cheng: Okay, so in that case, you know, can you imagine how this can be done. 244 00:32:56.010 --> 00:33:06.570 William Cheng: But there's one thing I can sort of think of is that, so remember your internal suite right you are doing functions that you know the patient has a function like Phil page 30 page and clean a clean page. So what is still page. 245 00:33:07.050 --> 00:33:10.590 William Cheng: Okay Phil pages that will you try to get data from the this into at the 246 00:33:11.520 --> 00:33:21.330 William Cheng: Data. You haven't even if you have a page of data sitting on the desk and you map that that are far into our address space. So this is where we try to fill a page. We're going to go to the desk over here one copy data. 247 00:33:22.020 --> 00:33:27.690 William Cheng: Okay, so if the data will copy over here is inside of tech segment. And then if we're doing this for the Colonel. 248 00:33:28.050 --> 00:33:37.200 William Cheng: Bear. So, of course, if you have more more of the current model is the current all this is done where you will you will you load the operating system. Right. But if you have obviously Microsoft window. You can also have a kernel paintball 249 00:33:37.500 --> 00:33:46.170 William Cheng: At the time when you start to bring in a page from the design the memory if it turns out to be a text, man. What you can do that on the fly, you can scan you know the these binary code. And so let's say that 250 00:33:46.380 --> 00:33:49.080 William Cheng: I just made this up. I probably have a zero x 1234 251 00:33:49.350 --> 00:33:54.180 William Cheng: Yeah, so you want to scan the tech segment. Look for 01234 but you have to do this very, very carefully. 252 00:33:54.330 --> 00:34:05.730 William Cheng: Because just because you see zero x 1234. It doesn't mean that it's a proper instruction right it's only a public instruction. If the beginning of this instruction just falls on the if zero x 1234 it just falls on the instruction boundary 253 00:34:06.510 --> 00:34:17.610 William Cheng: Okay, because you can also say, you know, move you know dollars 01234 into a register. So this guy's 1234 over here. You know, it's not a puppet and searching, it just a data that you have your programs actually using 254 00:34:18.390 --> 00:34:28.890 William Cheng: OK. So again, the, the VMware, you know, you know that facilitator technology will be able to tell the difference between whether it's an instruction or it's just data. So in this case division instruction, you will 255 00:34:29.400 --> 00:34:32.370 William Cheng: You're on the fly. You will replace them by, you know, 256 00:34:33.210 --> 00:34:41.610 William Cheng: Either a designated instruction or maybe legal instruction so that we actually have this instruction. You're trapped into the hypervisor and the Hypervisor will be able to emulate this instruction. 257 00:34:42.540 --> 00:34:46.860 William Cheng: Then. So in this case, do you need to modify the guest operating system. The other, the ISO file. 258 00:34:47.220 --> 00:34:54.780 William Cheng: Well, you don't have to write because you can install the operating system the way it is. And then at runtime, when you're running albinism. Well, you try to load the optimism, you know, 259 00:34:55.170 --> 00:35:00.600 William Cheng: The tech segment into memory. That's when you perform this dynamic binary, binary right 260 00:35:01.170 --> 00:35:09.420 William Cheng: OK. So again, you know, you can you can I just see that this can be done great and also get around the problem that pop up is a sensitive instruction that's not privileged that 261 00:35:10.260 --> 00:35:16.470 William Cheng: All right. The second solution over here is to fix the CPU. OK. So again, Intel Intel can actually come up with their own their own solution. 262 00:35:16.680 --> 00:35:24.810 William Cheng: They can fix the hardware, so that they become virtualized right so you know what actually made a mistake over here, right. So, so, Intel originally designed this kind of stuff. 263 00:35:25.170 --> 00:35:32.250 William Cheng: They try to be clever. They use one instruction i have different behavior in 03. I mean, in today's perspective is a mistake. 264 00:35:32.490 --> 00:35:40.680 William Cheng: Right. So what I should have done is that they have two different kind of pop out. One is pop up for with zero, right. The other one is pop out for wing three or the otherwise other kind of pop up. 265 00:35:41.430 --> 00:35:48.630 William Cheng: Okay, so this way when you're compounding your kernel code instead of compounding your kernel code into pop up your say pop up ring zero and this case all 32 bit 266 00:35:48.810 --> 00:35:55.560 William Cheng: Will be restored into the CPU and this instruction or we or the privilege and the regular pop up will not be privileged. In this case, we don't have this problem. 267 00:35:56.580 --> 00:36:00.660 William Cheng: OK, so now if you want to fix the CPU over here. So again, what, what do you have to do so. 268 00:36:01.950 --> 00:36:06.270 William Cheng: I guess we're at the end of today's lecture. So next I'm going to see how you actually do this by fixing the CPU. 269 00:36:07.140 --> 00:36:17.190 William Cheng: Yeah, the other solution over here is a pair of virtualization virtualization. You're allowed to modify the operating system call. So why don't we just take out the proper instruction before you compile the Colonel. 270 00:36:18.450 --> 00:36:25.650 William Cheng: Okay, so that would be super at home. Yes. Okay. Right. We do pure virtualization, because we don't want to modify the corner, but we are allowed allowed to modify the Colonel. 271 00:36:25.830 --> 00:36:30.360 William Cheng: Why don't you take out all the proper instruction and directly replace that with hypervisor call 272 00:36:30.630 --> 00:36:37.020 William Cheng: Right, so this way you know what you should actually Yoko. Well, then in that case you're traveling the hypervisor and the hypervisor over here will be able to 273 00:36:37.650 --> 00:36:46.380 William Cheng: emulate that instruction there. So clearly this opportunity is that if you install in the real hardware that's run on a real x86 CPU one in this case the operating system over here. 274 00:36:46.710 --> 00:36:53.070 William Cheng: will not work because when you replace it with a hypervisor. Let's say that you replace it with the legal instruction on the real CPU on CPU is going to be there. 275 00:36:53.640 --> 00:36:58.290 William Cheng: So again, you're traveling with friends and family offices. There was a lot of ego instruction to do that. 276 00:36:59.280 --> 00:37:04.860 William Cheng: Okay, so when you're doing hyper personalization can actually replace anything that you want. So all these instructions. 277 00:37:05.100 --> 00:37:12.960 William Cheng: That are that are sensitive and they're not privileged, you simply take them all out and replace them a hypervisor call guys, again, it's a very, very trivial solution. Yeah. 278 00:37:13.440 --> 00:37:21.000 William Cheng: Alright so I'm synchronized with the the summer 2019 lecture over here. So I'm going to end here, so I will see you and lecture 20