WEBVTT 1 00:00:02.879 --> 00:00:12.300 William Cheng: Welcome to lecture 28 Colonel three, you have a little over a week to finish. If you have co from previous semester, don't look at them. Don't copy them best to get rid of it. 2 00:00:12.900 --> 00:00:24.690 William Cheng: You need to you know get start early, early as possible the grading guidelines. The only will grade and you need to get the README file done correctly. After that, if you make a submission. Make sure you verify your Colonel submission 3 00:00:26.340 --> 00:00:34.800 William Cheng: I think some people again, they don't do that in Colonel to they're going to end up losing a lot of points. So again, it's very important that you verify your, your colonel colonel submission 4 00:00:35.070 --> 00:00:46.050 William Cheng: Follow every step in the grading guidelines the grading Ghana says set, you know, you know, the big to this and that you have to follow the steps. Okay. Some people didn't do that. So it's nothing I can do. Right. 5 00:00:47.250 --> 00:00:54.660 William Cheng: The recommended timeline for Colonel through for this week is that this is the second week of kernel three, you should get all the basic user space program to run directly 6 00:00:55.290 --> 00:01:05.070 William Cheng: From any progress on using colonel. Exactly. And then towards the end, you need to get the shadow object implemented so you can get the fork system, a call to work. 7 00:01:05.670 --> 00:01:16.050 William Cheng: So some people are discussing in the class Google group that problem to get for to work. My understanding is that in the colonel FAQ, there's some detail step of what you have to do. 8 00:01:16.590 --> 00:01:22.320 William Cheng: Some people told me that if you follow those steps you're going to be okay. Okay, so don't get too creative, you know, just follow the step. 9 00:01:22.920 --> 00:01:29.880 William Cheng: You know, chances are, everything's gonna be fine. But again, you know, you need to sort of think about everything that we've talked about in class, they're all related. Okay. 10 00:01:30.600 --> 00:01:37.740 William Cheng: All right. By the end of this weekend, you should get a spin it to work. You know, for an innate proc run using Colonel exactly 11 00:01:38.160 --> 00:01:43.740 William Cheng: So again, one major difference is that this will be the first time you call Malik Malik going to call em map. 12 00:01:44.280 --> 00:01:47.310 William Cheng: So they will be, you know, some other function that you have to write. Yeah. 13 00:01:47.850 --> 00:01:57.060 William Cheng: All right, so last time we were at virtual machine. We talked about IBM. So today we're going to talk about, you know, Intel, right, because that's that's now. 14 00:01:57.900 --> 00:02:05.730 William Cheng: So clearly on the left hand side over here. This is IBM to take up the entire you know for, you know, the computers really big. 15 00:02:06.180 --> 00:02:13.500 William Cheng: And, you know, Intel run or a desktop, right. So, so even though, if you look at these two computer they seems very, very different. 16 00:02:14.010 --> 00:02:23.100 William Cheng: But if you look at the operating system. They're actually very similar. Okay. They support, you know, pretty much the same thing, you know, multi threading processes, you know, virtual memory, all these kind of stuff. 17 00:02:23.610 --> 00:02:28.860 William Cheng: So, you know, sort of point out there are two major differences between IBM 360 and Intel x86 18 00:02:29.550 --> 00:02:34.500 William Cheng: So number one is that for IBM 360. So again, this is the computer hardware, right, so I've been again they call their 19 00:02:35.010 --> 00:02:38.040 William Cheng: Machine 360. They also call the operating system 360 20 00:02:38.520 --> 00:02:45.660 William Cheng: So if you're talking about hardware all sensitive instructions are privileged instructions. Right. So last time we you know we talked about this, right. So, 21 00:02:46.020 --> 00:02:54.600 William Cheng: I guess you know the sufficient condition to build a virtual machine for a particular CPU is that every instruction. It's every sensitive instructions privilege. 22 00:02:55.050 --> 00:03:06.300 William Cheng: That you can be, they could build build machine for Intel. This is the problem, right. Not all sensitive instructions are privileged right so so we're going to today, we're going to see an example of what kind of instruction turns out to be sensitive 23 00:03:06.720 --> 00:03:21.360 William Cheng: But it's not privileged. Okay, so, so, so, Intel, you know, I guess the other their CPU. Does that is a little strange. So in the end they hurt Intel for many, many years. Right. The second difference over here is that, you know, we talked briefly about the IBM 24 00:03:22.620 --> 00:03:31.650 William Cheng: Architecture, they use this thing called channel processor. So one thing that IBM did was like, you know, pretty much every kind of IOT device driver. They all have to rip the be written by IBM 25 00:03:32.310 --> 00:03:38.820 William Cheng: Okay, so therefore they got their sort of in charge of all the IoT devices and it makes it makes it really easy for them to virtualize 26 00:03:39.180 --> 00:03:42.660 William Cheng: You know all the iOS devices because because they're all the code. Okay. 27 00:03:43.200 --> 00:03:56.370 William Cheng: What about for for for Intel right so in tells us on IBM PC IBM PC has an open architecture, anybody can can convert a device driver for any device that can plug into the wind, the to the to the PC bus. 28 00:03:57.090 --> 00:04:06.300 William Cheng: Okay, so in that case how do you actually virtualize you know virtualize everything, you know, basically, you have to you. Basically, you have to know what what every device manufacturer and they're doing 29 00:04:06.990 --> 00:04:12.090 William Cheng: Okay, so that presented problem as well. So later on I'm going to sort of talk about how to actually get around that problem. Yeah. 30 00:04:12.750 --> 00:04:28.980 William Cheng: Alright, so, so, so I oh in you know for for x86 running on the IBM PC. They use memory map I oh so he just thinks sitting on the bus, anything can sit on the bus. Okay. So compared to IBM IBM has full control of everything that happened inside IBM machine that 31 00:04:30.180 --> 00:04:38.340 William Cheng: All right. And also, yeah, it goes over here you will you will you try to access iOS devices. It looks like memory and it looks like memory, memory accesses 32 00:04:38.910 --> 00:04:44.910 William Cheng: OK. So again, there's no special instruction for dealing with memory access. So in this case, again, it makes it very, very difficult. 33 00:04:45.210 --> 00:04:50.850 William Cheng: To emulator. Although, you know, in a way, it's kind of simple to to to capture all these 34 00:04:51.150 --> 00:05:01.650 William Cheng: memory addresses all you have to do is set up a page fall. So when you try to use those. You, you, you, you use those addresses me to go onto the bus. Well then you tap into the VM and that we can do stuff for you. 35 00:05:02.280 --> 00:05:11.070 William Cheng: Okay, so. So that part is easy. The hard part is how do you virtualize every IoT devices now is it's more of a scale of scalability problem, right. 36 00:05:12.510 --> 00:05:24.780 William Cheng: Alright, so the CPU. It's kind of very different from other CPU. They have four rings, they call them as well get inside the CPU. There's a CPU mode CPU mode is too big, long typical is just one big long user mode privilege mo. 37 00:05:25.170 --> 00:05:37.680 William Cheng: For Intel. It's too busy longer so it could be 00011011 you know resume over here is the most privilege. I'm out okay ring three over here and this is number three. So ring three is least privileged 38 00:05:38.460 --> 00:05:46.140 William Cheng: Okay, so for some reason why in South is under CPU and then we'll say, okay, well, you know, the most privileged that that's the operating system kernel. So they go around zero. 39 00:05:46.470 --> 00:05:51.480 William Cheng: The actual reserved read one and two for something else. But as it turns out, nobody actually use those rings. 40 00:05:51.930 --> 00:05:56.670 William Cheng: Okay. So in the end, pretty much everybody use ring zero for the colonel and rain three or four user application. 41 00:05:57.630 --> 00:06:06.270 William Cheng: Okay, so, so, so, so, so, so again inside the the the the the Intel CPU inside the, I guess it's called co segment register. 42 00:06:06.600 --> 00:06:11.490 William Cheng: Get the call seven register has to bit. That's the CPU mode, right, and then the entire policy Puritans. Yeah. 43 00:06:11.820 --> 00:06:16.950 William Cheng: I mean, some people always ask me, you know, what do I get this logo from so you can see that, you know, these two I actually look kind of similar. 44 00:06:17.400 --> 00:06:21.510 William Cheng: So anyway, so this is where I get the idea from to draw that picture for operating system. 45 00:06:22.290 --> 00:06:29.130 William Cheng: Alright, so let's talk about the the the instruction Intel that's messing everything up. Right. So, so you guys a few machine instruction. 46 00:06:29.610 --> 00:06:34.830 William Cheng: They are, you know, they're sensitive, but they are not privileged. Okay. 47 00:06:35.310 --> 00:06:41.430 William Cheng: The most famous example is this instruction called pop up. Right. What is pop F what pop F stands for pop flags. 48 00:06:41.790 --> 00:06:53.670 William Cheng: So remember that, you know, in the Intel CPU. There's a bunch of flag register right there's a zero bit over here you could perform an arithmetic and logical unit if the result equal to zero then zeal will be set to why right, the result is not equal to 00 plus zero. 49 00:06:54.270 --> 00:07:02.220 William Cheng: We perform addition or subtraction. If there's a carry, there's another big called carry I carry will be set to one. If there's a carry, there's no karaoke set to zero. 50 00:07:02.700 --> 00:07:08.310 William Cheng: If you perform a floating point operation if there's an overflow. There's an opiate over here over there will be set to one. If there's an overflow. 51 00:07:08.520 --> 00:07:13.590 William Cheng: Otherwise, you'll be zero. So there's a bunch of these bits together collectively the noise. The flag register. 52 00:07:13.980 --> 00:07:21.150 William Cheng: OK, so the flag registered a bunch of independent bids over here. So what you can do is that we need to perform certain operation. If you want to remember what the flag was 53 00:07:21.300 --> 00:07:28.110 William Cheng: What you can do is that you can say the contacts and restore the contacts later. Right. So how do you save the contacts you push all the flex onto the stack. 54 00:07:28.530 --> 00:07:31.620 William Cheng: Okay, so there's an instruction called push flags push f 55 00:07:32.010 --> 00:07:36.600 William Cheng: Okay, when you push for you take all these numbers over here. So again, the stuff like this right here is ESP 56 00:07:36.780 --> 00:07:45.420 William Cheng: You're gonna you're going to take all these bits over here you predict Drummond, the start point or by four and then you put all the stuff onto the stack frame right CZ Oh, all these flags over here. 57 00:07:45.780 --> 00:07:56.100 William Cheng: Okay, so that's push flat. Okay, so you save the context and then you go call a function or do whatever you need to do when you come back you need to remember what the flag was all you need to do is to pop f we do pop if 58 00:07:56.400 --> 00:08:09.840 William Cheng: You know that the web is that you know ESP will be pointing right here we perform pop f this fear will go to the z a flag register. This is, this will go to the sea flag register this will go to, oh spear. It says all these things will go back into the CPU. 59 00:08:10.620 --> 00:08:18.420 William Cheng: OK. So again, the basic idea of you over here to save contacts and restore contacts so push and the pop F. Their, their be used all the being used all the time. 60 00:08:19.590 --> 00:08:27.270 William Cheng: Okay. So anytime you want to save contacts you push the flag. Anytime you have a restore the contacts you also have to pop the flags. So, so how can this instruction cause you trouble. Okay. 61 00:08:28.860 --> 00:08:35.220 William Cheng: Is it turns out incomplete, a really weird thing. Okay, so this is part of your CPU design. So what happened is that this flood register over here. 62 00:08:35.490 --> 00:08:41.040 William Cheng: As it turns out, some of the bits of privilege and some of the bits are not privileged. Okay, so, so, you know, to simplifies up 63 00:08:41.340 --> 00:08:50.040 William Cheng: Something like that. You can sort of think about is that these flag register their 16 bits on 11 there are 16 bits on the right. The 16 bits on the left, they are not privileged and the 16 64 00:08:50.400 --> 00:08:59.550 William Cheng: Bit on the right. They are their privilege. So what kind of flag register over here are actually pretty privileged. Well, for example, the interim enable bit right the environment. So basically, you know, you 65 00:09:00.000 --> 00:09:05.700 William Cheng: Can equal to one or zero. So is the user space program allowed to change the interrupt enable bit 66 00:09:06.540 --> 00:09:09.180 William Cheng: Well clearly they're not allowed to do that because that's a privilege instruction. 67 00:09:09.810 --> 00:09:21.270 William Cheng: Okay, so therefore you know what you store it over here inside the inside as part of the flag register when you call pop flag in the user space program. What it will do is that it will only restore 16 bit into the CPU. 68 00:09:22.050 --> 00:09:29.310 William Cheng: Okay, they will only restore things I see the see the, oh, you know, these, these are not privileged into CPU and then the other 16 bits over here will not be touched. 69 00:09:29.910 --> 00:09:36.600 William Cheng: Okay, so instead of CPU if i equal to one equal to zero. They will not get changed, right. So when you execute pops. You know, we execute 70 00:09:36.900 --> 00:09:42.180 William Cheng: F in ring three which is the which is the least privilege mouth. Okay. 71 00:09:42.480 --> 00:09:54.840 William Cheng: Only 16 bit inside the flag register inside of CPU will change. Okay, but what if you do pop up, you know, in the privilege. Right. So if you do the green zero, which is the most privileged over here, the entire 32 bit over here will be restored to the CPU. 72 00:09:56.070 --> 00:09:58.140 William Cheng: Okay, so it's kind of makes sense, right, if we're in three 73 00:09:58.920 --> 00:10:06.360 William Cheng: Zero, you're in the privilege in the privilege mo what you're allowed to change IE. So therefore, all these you know privilege is over here, they will go into the CP register. 74 00:10:07.230 --> 00:10:14.250 William Cheng: Okay, so that makes perfect sense if you if you're running the organism on real hardware. What if you do this inside a virtual machine. 75 00:10:15.210 --> 00:10:24.360 William Cheng: Yeah, if you do this inside the virtual machine. If you execute this instruction pop up inside the Colonel. The Colonel is expect to be running in the privilege mouth. 76 00:10:24.960 --> 00:10:36.510 William Cheng: Right. But when you run inside. Inside a virtual machine you're in the user mode, the real machine. So in this case, when the colonel su pop pop up only 16 bit inside the CPU get restore all get a 16 bit there, untouched. 77 00:10:37.980 --> 00:10:44.700 William Cheng: Okay, so therefore, again, this is a sensitive instruction. Okay, but it's not privilege, right, because when you execute this instruction. 78 00:10:44.940 --> 00:10:51.570 William Cheng: Inside the guest operating system as it turns out, is because you're executing that inside the, the user space of the real machine. 79 00:10:52.050 --> 00:11:01.830 William Cheng: This instruction behind that you had not privileged okay so this one is a sensitive instruction because it will actually change the interruption, a little bit. And that's a very important bit to change inside the CPU. 80 00:11:02.430 --> 00:11:17.190 William Cheng: Okay, so. So in this case, what, what, what can you do if you implement. So if you're implementing a virtual machine because pop out will execute incorrectly in the guest operating system because they execute on in the user mode, the real machine. There's nothing you can do. 81 00:11:18.210 --> 00:11:25.770 William Cheng: Okay, so therefore, for instruction like this whole pack and Goldberg decided that there's no way to build a virtual machine for Intel 82 00:11:26.610 --> 00:11:40.290 William Cheng: Right, so, so, you know, on the surface, right, if you see that if you actually with this instruction, you know in the in the guest operating system which run in the user mode of real machine. Well then you then you know the CPU base is going to be saying correctly. 83 00:11:41.310 --> 00:11:46.200 William Cheng: Okay, so therefore you know they they basically declare failure to say that we cannot build a virtual machine for Intel 84 00:11:46.590 --> 00:11:54.180 William Cheng: Okay, and they will correct, right, there's no way to get around this. Okay. Until VMware find a way to cheat. I'm gonna talk about how that actually do that. Yeah. 85 00:11:54.840 --> 00:11:59.100 William Cheng: There are other instructions. Are they are they are sort of more Intel specific 86 00:11:59.580 --> 00:12:06.660 William Cheng: Okay so entices wearing such an over here. I mean, if they knew, long time ago, right, they will actually come up with two different pop up instruction. 87 00:12:06.870 --> 00:12:15.270 William Cheng: One for pop effin ring zero and the other one for puppeteering three one. In this case, the pop FA zero. So, so maybe that will call our zero pop f 88 00:12:16.320 --> 00:12:28.710 William Cheng: Now, so if you execute our zero Papa, Papa. That will be a privileged instruction and then in the user space, you go, you're going to go execute pop up and the popular all over here only restore a 16 bit simplified is that 89 00:12:29.730 --> 00:12:36.210 William Cheng: Ok if Intel was designed originally designed to CPU to take this into account. Well then, then they wouldn't have this problem. 90 00:12:37.290 --> 00:12:47.820 William Cheng: Okay. So in a way, its way into design their CPU. They didn't really think that this kind of several will matter. So why would they actually use one. You know what why machine instruction over here to perform different functions. Different ring. 91 00:12:48.930 --> 00:12:54.330 William Cheng: Okay, sounds like we're a decision right but in the good old days when it's hard to design a CPU, they try to sort of minimize the instruction set. 92 00:12:54.540 --> 00:13:00.480 William Cheng: An entire instruction set is pretty complicated, right. So in a way where they try to do they try to make the instruction set a smallest possible 93 00:13:00.690 --> 00:13:10.680 William Cheng: They tried to save instruction, you know the the operation code for instruction. So in the end, they try to merge these two things in one and just look at the CPU, you know, the CPU MA and decide what to do. 94 00:13:11.430 --> 00:13:16.560 William Cheng: Okay, so it was pretty clever. But in the end, and it causes major problem. Yeah. All right. 95 00:13:17.520 --> 00:13:26.550 William Cheng: You know, there's also another major problem related to Iowa, we're going to talk about that a little later. Right. So now you know for CPU. If you can virtualize the CPU, who cares about iOS devices they're 96 00:13:27.330 --> 00:13:35.370 William Cheng: All right. So what is the solution for this, right. So we're going to take a look at three different solution, right. Number one is the one that's invented by by VMware 97 00:13:35.730 --> 00:13:41.850 William Cheng: Okay, so this one says it's called binary rewriting so we're going to rewrite the colonel binary of the guest operating system. 98 00:13:43.290 --> 00:13:50.340 William Cheng: Okay. So in this case, what would you rewrite right so inside the Colonel, if you find a pop having structure change it into something else that's privileged 99 00:13:51.720 --> 00:14:00.510 William Cheng: So, the solution is actually very simple. Right. You go through the kernel code for every, you know, for every Colonel pop over here, right. We know that this one inside the virtual machine is not gonna work. 100 00:14:00.810 --> 00:14:11.160 William Cheng: Okay, so we're going to change this instruction, but we're not again since VMware is doing full virtualization. We are not allowed to change the code inside. Inside the ISO file. 101 00:14:11.940 --> 00:14:20.010 William Cheng: Okay, so therefore, when can we change it. Right. So one thing is that we install the operating system. Maybe you can actually change it on the fly. So that would be one way to do it. But then, every time we upgrade the operating system, you have to 102 00:14:20.250 --> 00:14:21.960 William Cheng: Apply the same pattern over and over again. 103 00:14:22.200 --> 00:14:32.700 William Cheng: So what they decided to do is that they will replace replace a sensitive instruction with with what's called hyper call so. So again, the basic idea here is that you replay pop up with something that will trap into the kernel. 104 00:14:33.000 --> 00:14:42.450 William Cheng: Okay so hyper hyper hyper is called hypervisor the hypervisor is the current name for the virtual machine monitor because we don't want to say monitor anymore because monitor and give people the wrong impression 105 00:14:42.780 --> 00:14:48.840 William Cheng: Okay, so these days, the virtual machine monitor is no as hypervisor. So we're going to replace this instruction with a hypervisor call 106 00:14:49.320 --> 00:14:56.370 William Cheng: Okay, we're going to replace this instruction with anything that will come inside, Colonel. So one of them is a hypervisor call. So exactly what the hypervisor call 107 00:14:57.000 --> 00:15:02.400 William Cheng: Well, so you can also sort of imagine that you know what if this is shocking you replace this instruction with an invalid machine structure. 108 00:15:03.360 --> 00:15:13.800 William Cheng: Okay, we mentioned before I we do in the virtual machine, you can actually emulate. You know, new machine structure inside a virtual machine monitor. So why don't you use the imbalance machines. Machines and when you execute this boom you're trapped inside a VM it 109 00:15:14.250 --> 00:15:22.320 William Cheng: Okay, and then the VM. And what would the VMware has to do the VM will have to emulate this exemption, because there's no handler in the guest operating system for pop up instruction. 110 00:15:23.760 --> 00:15:33.540 William Cheng: Okay and into also tried to do this dynamically, which means that is doing this on the fly. Okay, so when you install the operating system, the pub instruction is going to appear inside of Colonel operating system. 111 00:15:34.320 --> 00:15:42.810 William Cheng: Okay, so, so, so is there appear inside of the kernel code on the desk. Okay, so this one when you start running your code when you start running your code, we 112 00:15:43.770 --> 00:15:49.380 William Cheng: As the kernel code. I prefer this into memory. When does the kernel code get Brian implement this into memory. 113 00:15:49.950 --> 00:15:55.440 William Cheng: So again, if we're doing, you know, if it's a monolithic operating system. If it's a monolithic governance is that when you load the Colonel. 114 00:15:55.800 --> 00:16:03.840 William Cheng: Colonel on a business development. So, at that time, you can replace all the pop of instruction with whatever in such a your hypervisor call you ego instruction, whatever you want. 115 00:16:04.800 --> 00:16:08.640 William Cheng: Okay, so you can do that he can actually do two at a time. 116 00:16:09.270 --> 00:16:17.460 William Cheng: Okay, if you don't have a monolithic awkwardnesses them. Why, because if you have a, you know, sort of a kernel module that get dynamically load into memory. Well, then, in this case, again, we can do it on the fly. 117 00:16:17.850 --> 00:16:24.510 William Cheng: Right. So, on the fly, when we when when the code inside of Colonel get brothel that this can do memory, we can actually change it. 118 00:16:25.920 --> 00:16:34.740 William Cheng: Okay. Do you remember I wasn't lambda function in the in the winning source code that get a page from the desk phone, you know, Father. This into memory. So it's called Phil page. 119 00:16:35.100 --> 00:16:38.670 William Cheng: Right. So there's a function in Colonel is called Phil page right when you feel page. 120 00:16:38.880 --> 00:16:47.190 William Cheng: If this is the one that coming from the desk, what you would do that you will go to the disk, get the data on the desk and then copy them into memory. So when you copy this data for this into memory. You can 121 00:16:47.460 --> 00:16:55.620 William Cheng: If this is the current tech segment. You can actually go go go ahead and scan, you know, this particular page for the puppet of instruction and replace them with hypervisor call 122 00:16:56.910 --> 00:17:00.690 William Cheng: Okay. So that's the basic idea right let me in reality this is very, very complicated. 123 00:17:01.050 --> 00:17:13.560 William Cheng: Because let's say that you know the public instruction. The, the machine code is zero, x 1234 I just made it up. OK. So now when you copy the data from this into memory. If you see zero x 1234. Is that a pop up instruction. 124 00:17:14.460 --> 00:17:24.840 William Cheng: Well, we don't know. Right. So, so only if this instruction is at instruction boundary. And we saw before encodes complicated something so choose one pylons some instructions to buy saw some instruction is five is law. 125 00:17:25.020 --> 00:17:32.430 William Cheng: Right. What do you think instruction is actually called zero x 1234, something like that. Well, in that case clearly 021234. It's not the proper instruction. 126 00:17:32.910 --> 00:17:35.310 William Cheng: Okay, it could it could be, it could be a virtual address 127 00:17:35.730 --> 00:17:40.110 William Cheng: Okay, so therefore part of the entire sorry part of the VMware technology over here. 128 00:17:40.320 --> 00:17:48.270 William Cheng: Is the technique over here that where you copy the data from a distant memory. How do you scan a quickly to find out all these pop up things are watching. And then you can replace them with with hypervisor call 129 00:17:49.140 --> 00:17:54.990 William Cheng: Okay, so if you really want to know the detail or you have to look at the VMware patent because they will actually tell you how they do it. Yeah. 130 00:17:55.710 --> 00:18:06.990 William Cheng: Alright, so, so, yeah. So in this case, right. Why do they do it this way because they don't want to modify the guest operating system we instead of against having a system under the desk, it's exactly the same way that you install into the hardware. Okay, so 131 00:18:07.380 --> 00:18:14.040 William Cheng: If you don't use a virtual machine. If you want to install your operating system directly on hardware. They want to keep exactly the same operating system. 132 00:18:14.430 --> 00:18:21.780 William Cheng: Right. So this way, they will only replace the instruction. When you are executing your kernel code do it on the fly, right. So they call this dynamic binary right 133 00:18:22.740 --> 00:18:30.270 William Cheng: There will be another way to do it. All right. The second way to do it is to fix the CPU. Oh yeah, why don't you come up with the CPU that's virtualized 134 00:18:31.500 --> 00:18:42.030 William Cheng: Okay, so that will be using our virtualization. These days, when you buy a new PC right IBM PC running Windows or something like that. So remember inside BIOS you can set up a virtualization. 135 00:18:42.660 --> 00:18:51.570 William Cheng: Okay, so basically, you know, so, so, so we hear this, this will happen over here. The modern Intel CPU. They support virtualization. So basically, fix the hardware. So become virtual as well. 136 00:18:52.260 --> 00:19:03.630 William Cheng: Yeah, the third approach over here is the simple as opposed. It's called peril virtualization. Why don't we go to the operating system source code. Get rid of all the pop of instruction and replace it directly with hypervisor call 137 00:19:04.530 --> 00:19:11.910 William Cheng: Okay, so this was also once you do that, right, you're going to create a different ISO file when you download that so far. Can you install the ISO file on a 138 00:19:13.590 --> 00:19:22.920 William Cheng: On a on a PC directly one node, it wouldn't work right because they're illegal instructions over here, whatever the hypervisor called as if he installed it directly onto a machine. What is that going to work. 139 00:19:23.220 --> 00:19:29.130 William Cheng: Okay, so once you do this modification over here, then the ISO file can only run inside a virtual machine. 140 00:19:29.820 --> 00:19:32.040 William Cheng: Okay, so therefore, in that case, again, this technique is known 141 00:19:32.490 --> 00:19:43.170 William Cheng: As parallel virtualization. So I've decided at the time where you compile the Colonel, you're going to take out all the public instruction and replace them with the hypervisor call and now you're going to end up with a new ISO file. So you saw the Colonel. 142 00:19:43.950 --> 00:19:54.480 William Cheng: Okay. So clearly, you know, this is, this is an obvious way to go is actually change the operating system kernel. So you can take off, not only the puppet instruction, but all the other instruction like that. So this way. 143 00:19:54.870 --> 00:20:02.280 William Cheng: You know, you'll guess often system can run inside the inside a virtual machine, but you'll get services and can only run inside a virtual shake. Okay. 144 00:20:03.750 --> 00:20:09.120 William Cheng: All right, a little more detail right for the binary writing. I'll be here at VMware I actually give you the patent number. If you want to look it up. 145 00:20:09.360 --> 00:20:18.150 William Cheng: So so so if you do a Google search and try to sort of find the most lucrative you know attack pattern. This. This pattern is way, way up there. 146 00:20:18.570 --> 00:20:26.040 William Cheng: Because this particular path make VMware, a lot of money okay I'm these days. You know, when people are running things inside the cloud when they have the data center. 147 00:20:26.460 --> 00:20:35.130 William Cheng: When they are, you know, using virtual machine technology, you know, inside. Inside datacenter, a lot of them will license the technology from VMware okay so clearly, you know, this one is a 148 00:20:35.790 --> 00:20:45.540 William Cheng: Mei Mei VMware, you know, very, very rich and also very famous. All right. And what about Virtual Box well Virtual Box is a competitor to be aware. So, so, you know, 149 00:20:46.140 --> 00:20:58.020 William Cheng: I guess you know one of the sort of the two popular a virtual machine on on on Windows. One of them is Virtual Box and the otherwise is called VMware, but the VMware 150 00:20:58.710 --> 00:21:03.240 William Cheng: There's a VMware Workstation that's free, but there are also some other VMware is going to cost you money. 151 00:21:03.780 --> 00:21:09.180 William Cheng: On the Mac side I think they have some they don't have any free version. Right. So that's one of the reason we don't use VMware 152 00:21:09.720 --> 00:21:12.810 William Cheng: Because on the Mac, you have to pay money for it. Okay, so therefore use Virtual Box. 153 00:21:13.200 --> 00:21:21.120 William Cheng: So Virtual Box appears to do something very, very similar to VMware virtual box. Of course they were invented by Sun Microsystems, right. So, my question was, so to 154 00:21:21.480 --> 00:21:30.150 William Cheng: To to to Oracle. So now we're just going by Oracle Sun Microsystems, they have their operating system people right so therefore they also know how to build a virtual machine. 155 00:21:30.810 --> 00:21:45.420 William Cheng: So, so what they did is that they don't want to license. They don't want to license the technology from VMware so they basically sort of figure out how to do the same thing, but maybe do it in maybe doing it in the less efficient way. Okay. So typically, if you want to run, sort of, you know, 156 00:21:47.010 --> 00:21:52.830 William Cheng: Sort of. Sort of head to head VMware against you know Virtual Box, you will see that VM are typically runs a little faster. 157 00:21:53.190 --> 00:21:58.140 William Cheng: Okay, because some irises I'm trying to, you know, try to do the same thing without infringing on their patent. Okay. 158 00:21:58.620 --> 00:22:10.080 William Cheng: So here there's a website over here from virtual box.org sort of basically explained how they actually do Holly actually implement, you know, basically the VMware patent without infringing on their path that's. Anyways, we're not going to get into that. 159 00:22:11.880 --> 00:22:17.100 William Cheng: All right. How do you fix the hardware. So interrupt come up with the technology called a vendor pool technology. 160 00:22:17.580 --> 00:22:25.650 William Cheng: It's called something else to show him for the core BTS. So what happened is that if you install Ubuntu 16.4 on actual hardware and not inside a Virtual Box. 161 00:22:26.190 --> 00:22:32.190 William Cheng: Okay. So in this case, will you finish booting the machine. I want you to get a Unix prom. If you run inside a colonel colonel. If you're running 162 00:22:32.520 --> 00:22:40.050 William Cheng: A terminal, you can run this command D and E SG then so DM, he is. He is printed debugging message when you put the Colonel. 163 00:22:40.380 --> 00:22:43.230 William Cheng: Okay so opposite when the colonel boots over here. There's a lot of debugging message. 164 00:22:43.410 --> 00:22:52.380 William Cheng: They will all go into a file. So when you run this command, it will show you all the debugging file. So it'll show the debugging information so often is that when the ordinances and boots. 165 00:22:52.560 --> 00:22:59.970 William Cheng: They will print out a lot of information about all the devices they have discover and what kind of CPU or there or something like that. So look for the string BTS. 166 00:23:00.210 --> 00:23:10.920 William Cheng: You see the string BTS, then you know that your CPU support at the vanderpool technology. Okay. So pretty much today. Everybody should be able to see BTS. I don't know exactly how it's spelled with a BT dash x or just VTS 167 00:23:11.340 --> 00:23:18.390 William Cheng: You can grab for this you using case insensitive search, you'll be able to find it again. This only works if you install been to directly on the hardware. 168 00:23:18.840 --> 00:23:23.430 William Cheng: Okay, if you install on a virtual machine then, then I should have no idea what we're 169 00:23:23.970 --> 00:23:29.730 William Cheng: What it will say, because the virtual machine. It's a fake machine. So, so therefore I don't know what it would say, yeah. Alright, so what's special about BTS. 170 00:23:30.210 --> 00:23:39.960 William Cheng: VT. So in the vanderpool technology they add an extra ring to the to the to the to the x86 CPU. Okay, so this is called ring minus one, negative one. 171 00:23:40.260 --> 00:23:46.320 William Cheng: Right away I bring 0123 right zero is the most privileged. This one is negative one, it's even more privileged than zero. 172 00:23:46.800 --> 00:23:55.890 William Cheng: Okay, Intel called this the route ma all the other mode or call non room. Oh, so what's running out of room. Oh, the virtual machine monitor or the hypervisor is running inside the room. Oh. 173 00:23:56.610 --> 00:24:04.650 William Cheng: Okay, so. So what I do is I try to actually do a very, very sort of in a very general way. So what is that what you put the CPU. 174 00:24:05.370 --> 00:24:10.680 William Cheng: poo poo poo. The CPU with the vendor put technology. The first thing that you have to put the, you have to put reminders one 175 00:24:11.040 --> 00:24:14.640 William Cheng: Okay, so when you will remind us what it would do is, I will read a configuration file. 176 00:24:15.090 --> 00:24:23.310 William Cheng: To set things up so that when you actually do those instruction, you're going to cause a trap, as you are you gonna. Are you going to cause a track into the room out 177 00:24:23.940 --> 00:24:31.500 William Cheng: Okay, so basically on the table. What it will say is that if you execute pop F. Okay, if you ask your partner in ring zero 178 00:24:32.340 --> 00:24:42.000 William Cheng: Okay, who actually go public, in his room zero over here. You're going to cause them VM x, it has to be a nice little bit is that, you know, from the regular mode over here. You're going to enter ring minus, you're going to enter reminders one 179 00:24:42.480 --> 00:24:47.460 William Cheng: OK, so again inside reminders. When you run the hypervisor on the VMware, so in that case you will emulate this instruction. 180 00:24:47.790 --> 00:24:53.310 William Cheng: Okay, so this table was actually pretty general you can put all the other Intel instructions over here that are that 181 00:24:53.760 --> 00:25:03.120 William Cheng: You want virtualized and they enter the stable. So whenever you X execute any other internal judging you can also, you know, trapping to the hypervisor. Okay. You can also specify that where you causes 182 00:25:03.720 --> 00:25:13.200 William Cheng: For example, certain kind of pace fall. I also want patient will be here to go inside hypervisor. The Hypervisor will be able to actually fix the pace, while we haven't talked about how to virtualize virtual memory. 183 00:25:14.220 --> 00:25:20.370 William Cheng: Okay, so therefore again. Right. So if you're operating system thing that is handling physical memory a while, then it's wrong. It's actually handling. 184 00:25:20.610 --> 00:25:31.950 William Cheng: Virtual physical memory was in that, in that case, again, you need to eat well, you have a page for you need to come inside the virtual machine monitor or the you know the room or over here, so they can actually fix up the page table for you. 185 00:25:32.700 --> 00:25:45.240 William Cheng: OK. So again, they doing this general architecture. So when you when you boot up first you boo remind us one inside the reminders why there's a configuration file, you can cancel the configuration file and then figure out. And this way you can come see 186 00:25:45.540 --> 00:25:55.200 William Cheng: This, this way you can configure the CPU. So later on when see if you run when he sees pop up executed in 01 that case, what it will do is it will actually you know Cosby in Mexico. OK. 187 00:25:55.950 --> 00:26:01.110 William Cheng: So I guess inside a virtual machine over here puppet will be executing in three. Right. So in that case, you also want to 188 00:26:01.650 --> 00:26:10.260 William Cheng: Cause a BMX it. So this one. When you come inside of CPU, you can actually figure out whether you are in the virtual user mode or in the or you're inside the virtual a privilege. 189 00:26:10.740 --> 00:26:16.590 William Cheng: Right, if you're inside a virtual privilege know why that case, you got to make sure that the other you're 16 bit also restore inside CPU. 190 00:26:17.280 --> 00:26:26.700 William Cheng: OK. So again, that's what it means by, you know, the virtual machine monitor will have to emulate that particular instruction. Okay. I mean, if you're in the virtual user Mo and then that's okay. You can just return. Right. 191 00:26:28.290 --> 00:26:41.220 William Cheng: All right, so you can put your papa pays for all the other stuff, you know, inside this particular table. Now the Non GMO operating system must not be written to use the rumor. So the rumor is only for hypervisor is only for the virtual machine monitor. Okay. 192 00:26:43.410 --> 00:26:45.570 William Cheng: All right, so we're going to talk about, you know, again, 193 00:26:46.200 --> 00:26:52.890 William Cheng: A pair of virtualization, there's really nothing much to talk about. Right. Because if you can replace you can take these instructions output in different instruction that you're all set. Right. 194 00:26:53.040 --> 00:26:58.860 William Cheng: The only problem is that you cannot install directly onto hardware you happy inside. You have to be installed inside a virtual machine that 195 00:26:59.850 --> 00:27:10.410 William Cheng: Alright, so let's talk a little bit about, you know, what's the problem with Intel for IO virtualization right channel program are written for by IBM, they can easily emulate anything they want, because all the CO written by IBM 196 00:27:11.070 --> 00:27:18.090 William Cheng: You know, for for x86 they're running on the IBM PC IBM PC use memory map I oh so they look like memory access this 197 00:27:18.450 --> 00:27:22.260 William Cheng: Right. So even though those memory access is we can you know use the page table over here. 198 00:27:22.620 --> 00:27:30.360 William Cheng: To set it up so that whenever you try to execute the what what we try to access those memory location. We're going to track into the real operating system. 199 00:27:30.600 --> 00:27:38.220 William Cheng: Right. So, this way we get to emulate it okay but still in the air. The problem is that there's going to be too many device driver you the device driver. Yep. Yeah. 200 00:27:39.180 --> 00:27:45.960 William Cheng: So problem over here is the good old scalability problem. Okay, so, so we're going to see how a VMware actually deal with the scalability problem. 201 00:27:46.680 --> 00:27:53.880 William Cheng: Alright, so, so the real machine operating system look like this. Right. So at the bottom. Over here we have the hardware and then in the middle here with the operating system. 202 00:27:54.120 --> 00:28:03.000 William Cheng: And then when the user space or the application program running on top of here. Okay, so now when we run the virtual machine. This entire thing needs to be virtualized right so therefore the code inside a virtual machine. 203 00:28:03.480 --> 00:28:09.090 William Cheng: So the picture will look like this. Right. So, this will be our previous picture over here. So now they run inside the virtual machine. 204 00:28:09.570 --> 00:28:17.340 William Cheng: So now you know. So in this case, at the bottom. Over here you go. You don't have the real hardware. And then over here, you have the virtual machine monitor or the hypervisor. 205 00:28:17.550 --> 00:28:22.980 William Cheng: And, you know, everything else running the user space right include the user processes and also the guest operating system. 206 00:28:23.670 --> 00:28:34.320 William Cheng: OK, so now over here, what you need to do is look at the difference between these two pictures over here, right in the original guess albinism over here at the device driver over here the device driver or directly talking to the devices. 207 00:28:34.680 --> 00:28:41.190 William Cheng: Okay, so now we're going to move into you inside a virtual machine right so device driver over here is going to go inside the guest operating system. 208 00:28:41.370 --> 00:28:48.300 William Cheng: So the picture look like these. These are the device driver right if this gets up in the system is Microsoft Windows. How many device drivers. Do you have to implement 209 00:28:49.200 --> 00:28:51.840 William Cheng: I mean, how many device drivers device driver, you have to virtualize 210 00:28:52.230 --> 00:28:58.830 William Cheng: Okay, Microsoft has bazillion device drivers. Right. The obviously some over here is full of driver. OK, so the device driver not I'll be here. 211 00:28:59.040 --> 00:29:05.640 William Cheng: Every device driver. If you have to virtualize while then there's really not enough program or you can, you have to hire in in order for you to build a virtual machine. 212 00:29:06.510 --> 00:29:16.530 William Cheng: Now, alright. So, so this virtual machine. Oh yeah, this is this is a virtual machine monitor the virtual machine monitor is a different kind of operating system right for the IBM, they have to build build out the 213 00:29:17.190 --> 00:29:24.810 William Cheng: Operating System differently for all the other operating set and then this one runs on the horror over here. So over here. There's also a set of device driver. Right. 214 00:29:25.140 --> 00:29:28.080 William Cheng: Now are these device driver and these device driver, are they the same thing. 215 00:29:28.860 --> 00:29:39.030 William Cheng: Well, no, right, because this hardware over here is completely different from the original hardware, right. This is the original hardware over here. Okay, this hardware and now when you're running inside a virtual machine. The real horror is completely different. 216 00:29:39.450 --> 00:29:44.310 William Cheng: Okay, so therefore this device drivers over here, you actually have to run here. 217 00:29:44.760 --> 00:29:50.340 William Cheng: You have to ride the divide driver. Okay, so this new horror over here is going to be a very sort of brand new hardware, you know, 218 00:29:50.670 --> 00:29:56.280 William Cheng: Maybe needs to be redesigned from scratch. And now you're going to end up writing all the device drivers, so that whenever you try to 219 00:29:56.700 --> 00:30:06.870 William Cheng: Execute device driver CO, you can actually, you know, somehow transfer control into the real device driver or then India, you have to run, you have to write, you know, 10s of thousands of drivers. So again, it's gonna be too much work. 220 00:30:07.980 --> 00:30:14.460 William Cheng: Okay, so what a VMware do. Right. So VMware it basically says, I will be here. Wow, so, so, so they're going to divide their machine into different you know 221 00:30:14.820 --> 00:30:24.210 William Cheng: Different Kevin category or virtual machine one run inside the cloud. Okay. The one their earnings at a call. They have different kinds of requirements. And then the second car will be running inside a desktop. 222 00:30:25.020 --> 00:30:33.510 William Cheng: Okay, so if you run inside of called over here while then typically what's more important is that you your virtual machine has run very, very fast. But there's a lot of devices. You don't have to support 223 00:30:34.320 --> 00:30:40.560 William Cheng: Right. So if you think about the inside the data center inside the data center inside the data center. They're going to have a huge virtual machine over here that's 224 00:30:41.190 --> 00:30:49.920 William Cheng: Sort of a huge, huge virtual machine monitor supporting you know maybe 20 different virtual machine. Okay, so in that case the device over here, it doesn't really need a webcam. 225 00:30:51.000 --> 00:31:03.390 William Cheng: Why, it doesn't really need a webcam doesn't need a camera digital camera driver or it doesn't need all these toy, you know, device driver over here. So, so in that case what do you have, do what you can do is that inside the data center. You don't have to write too many device drivers. 226 00:31:04.500 --> 00:31:13.410 William Cheng: Okay, you can actually pick a pick and choose. Right. Only the one that are necessary inside the data center so 100 device driver that you need. Well, maybe you need a high speed network driver. 227 00:31:13.740 --> 00:31:19.080 William Cheng: Okay, maybe you need a high sort of a high speed this controller our driver. Maybe you need a high speed. 228 00:31:19.500 --> 00:31:29.700 William Cheng: Maybe they have a graphic display. So in this case you need a high speed. So you need to hype Sydney this high speed high speed printer. So, India, maybe you have only have to do is to write 20 to 50 devices and they were in business. 229 00:31:30.960 --> 00:31:42.210 William Cheng: Okay, so therefore, in this case, you know, your real devices over here are these 20 and 50 devices over here. And then when you tried to run your devices, I guess, obviously, Sam, what a lot of them over here, again, in the end, they will not be supported. 230 00:31:43.200 --> 00:31:50.700 William Cheng: Okay. So, therefore, if you have a virtual machine monitor that's only needs to run inside of cloud. Well, in that case, you know I oversized issue can actually be done. 231 00:31:51.240 --> 00:31:53.550 William Cheng: Maybe this is a much simpler problem. Yeah. 232 00:31:54.180 --> 00:31:58.350 William Cheng: So so so in this case, you know, this particular architecture is more suitable for server machine. 233 00:31:58.590 --> 00:32:02.640 William Cheng: All they care about is this high performance. They don't have to support all the devices over here. 234 00:32:02.760 --> 00:32:08.220 William Cheng: So the opportunities and running is that over here if you want to use a webcam this a while. Sorry, we cannot do that. We can, we will, we won't be to support it. 235 00:32:08.400 --> 00:32:21.480 William Cheng: If you want to support digital camera. What does it, we cannot support it, right, which is totally reasonable. Yeah. Alright, so, so, so, so, so, so this solve the scalability problem inside the data center. What about on the desktop. Right. We know that you know the I should support a desktop. 236 00:32:22.530 --> 00:32:28.470 William Cheng: Okay, because you know today when you install VMware when you install Virtual Box over here, they run into the desktop. 237 00:32:28.830 --> 00:32:32.940 William Cheng: So in this case, the desktop over here and you just support, you know, many, many device drivers. How do they do it. 238 00:32:33.270 --> 00:32:42.720 William Cheng: Yeah. So, so what VMware came up with is that they come come up with a guest host model over here where the host operating system can also be a general purpose operating system. 239 00:32:43.230 --> 00:32:49.830 William Cheng: Okay, this one is the general purpose albinism, like, you know, Mac OS X right like like the Mac over here, or it could be windows. 240 00:32:50.520 --> 00:32:55.020 William Cheng: Okay, so then in this case they come with all the device driver so therefore you can you can actually visualize everything 241 00:32:55.920 --> 00:32:59.880 William Cheng: Okay, so in this case VMware, it doesn't have to write any other device drivers over here. So what 242 00:33:00.060 --> 00:33:08.460 William Cheng: What, what does VMware has to do right be VMware still have to develop a virtual machine monitor. So in this case, they call them a device driver over here inside the guest operating system. 243 00:33:08.820 --> 00:33:14.670 William Cheng: Okay. They call this one VM driver so VM driver is the one that implement the virtual machine monitor operation. 244 00:33:15.450 --> 00:33:26.910 William Cheng: So, so how come this is a driver. As it turns out, this is the driver without a device. Okay, so in in the system like Windows and Mac OS X, what you can do that. You can actually install the driver inside the kernel that doesn't have 245 00:33:27.900 --> 00:33:36.870 William Cheng: Doesn't have a corresponding device. Okay. And also where you can do is that, so again, this needs to be a colonel. This needs to be a module that's running. So the current all okay so when you install this particular 246 00:33:37.410 --> 00:33:45.510 William Cheng: Module is that Colonel you also tell the ordinances that they say that okay so this pretty good device driver. I want certain events to be delivered to my device driver. 247 00:33:46.050 --> 00:33:56.220 William Cheng: Okay, so basically use the callback mechanism so that when something happens that a colonel instead of, you know, making up call, or making some other coins out of Colonel you actually make a function called inside the VM driver. 248 00:33:57.300 --> 00:34:01.620 William Cheng: Okay. So pretty much any kind of a general purpose operating system all support that. Okay, so this way. 249 00:34:01.980 --> 00:34:09.750 William Cheng: What I can do is that, you know, when the code or, you know, when the guess often uses them when they trap into the host operating system by doing something like a page fall or something like that. 250 00:34:09.960 --> 00:34:20.280 William Cheng: I can tell the host operating system to say when that happened, if it's running inside this virtual machine. Right. You know when you run inside this virtual machine if you got to pace file past that pace while to me and I will take care of it. 251 00:34:21.480 --> 00:34:30.330 William Cheng: Okay, so this way you can specify all these events that will happen is that a kernel and they will actually, you know, there will be able to deliver to you. So this way. Everything happened over here, when they traverse through the host often uses them. 252 00:34:30.750 --> 00:34:32.730 William Cheng: Then you'll, you'll be an advocate into control. 253 00:34:33.780 --> 00:34:39.090 William Cheng: Okay so happens that when we talk about IO virtualization. Right. So over here, when he said to execute this device driver over here. 254 00:34:39.420 --> 00:34:47.070 William Cheng: They're going to perform memory map I operation muscle memory. I know operational inside a virtual machine over here. They are privileged you trapped into the host 255 00:34:47.490 --> 00:34:52.440 William Cheng: The host racism is going to deliver those events to you. And now what do you have to do you have to emulate that. 256 00:34:52.980 --> 00:35:00.810 William Cheng: Okay, it's hard to emulate that. Right. So in this case, if you try to access the disco be here. I need to go to the real desk. I need to go to the over here for this device driver. 257 00:35:01.620 --> 00:35:09.030 William Cheng: Okay, so we're here. Again, I'm making a system called I'm I'm running over here. I'm making a sudden call I tried to access this device over here. 258 00:35:09.240 --> 00:35:17.670 William Cheng: Inside the guess i'll be is that a virtual machine. There's a fake this right. So, therefore, again, I'm going to tap into the host operating system host organism is going to call the VM driver and the 259 00:35:18.090 --> 00:35:25.080 William Cheng: Driver over here that particular, you know, fake. This is implement as a file. So therefore, it needs to talk to this to get the real file. 260 00:35:25.470 --> 00:35:35.460 William Cheng: Okay, so in that case what it can do is that they can actually make a call directly into the device driver, because that will be one driver making a function called into another device driver VMware decide not to do that. 261 00:35:36.090 --> 00:35:43.050 William Cheng: Okay. Why don't they decide the why. Why did they decide not to do that, right, because if you do it this way then anytime 262 00:35:43.410 --> 00:35:47.280 William Cheng: The, the Microsoft operating system change. Well, then you have to keep up with all the changes. 263 00:35:47.790 --> 00:35:55.890 William Cheng: Okay. When Microsoft change any of these kind of data charge over here be mo driver is going to keep changing and you keep changing. So, what we are worth decide to do is to not go with this route. 264 00:35:56.760 --> 00:36:03.420 William Cheng: Okay, that she goes through a different route. So the way they did is, is that there's another app over here running the user space that's called VM app. 265 00:36:05.160 --> 00:36:15.690 William Cheng: Okay, so in the user space. They actually run a VMware a program called BMX so what it will do is that instead of calling the device driver directly, they're going to call the device driver indirectly through a user space program. 266 00:36:16.710 --> 00:36:21.210 William Cheng: Okay, so what they would do is that instead of, you know, calling the device driver directly, they will make an appt call 267 00:36:21.540 --> 00:36:27.150 William Cheng: Okay, into the VM app over here and then VMware is going to use a regular system call to access device driver right here. 268 00:36:27.960 --> 00:36:37.620 William Cheng: Okay, so this way, the VM app over here will actually the device driver in the device independent way. So even if Microsoft completely changed your host operating system. Well, this particular path is still gonna work. 269 00:36:39.240 --> 00:36:45.630 William Cheng: Okay. So, therefore, this is pretty clever, right. So, so again I'm just, this is, you know, going to the user space and come down, it's going to kill the performance 270 00:36:46.080 --> 00:36:53.640 William Cheng: Okay. So VMware did this on purpose. They know that this, this, why should kill the performance, but they're willing to do this because this is going to be a lot more convenient for for VMware 271 00:36:54.180 --> 00:37:06.000 William Cheng: That so. So in this case, you know, what happened is Apple VMware, they will take this route over here. They choose convenience over performance, they will make an upcoming to be a map and VMware is going to use a regular system called we here to access 272 00:37:06.360 --> 00:37:12.690 William Cheng: To access the actual device. So if you want to read data from a file one this case, what it will do is it will open the file, read the data over here. 273 00:37:12.870 --> 00:37:20.130 William Cheng: And then what it will do is that is that return the data into the VM driver over here and they get deliver other delivery. The delivery to be 274 00:37:21.750 --> 00:37:29.130 William Cheng: Okay, so this particular path should remind your what okay so so even though this looks is going to have poor performance, but we've seen this already. 275 00:37:29.790 --> 00:37:34.470 William Cheng: Okay, because the VM app over here sitting in exactly the same place as your window manager. 276 00:37:35.190 --> 00:37:41.580 William Cheng: Right. So remember the window manager. Over here we have the you know the the the the the the pseudo terminal slave. It's a little terminal master. 277 00:37:41.940 --> 00:37:47.040 William Cheng: The operating system will send data in here and then it will get picked up by the application that's exactly the same path. 278 00:37:47.490 --> 00:37:58.950 William Cheng: Okay, if it's only one application that you have to optimize, you can actually optimize their you can optimize the heck out of there so that India this performance, even though slower than doing this directly to perform is actually going to be acceptable. 279 00:37:59.910 --> 00:38:05.130 William Cheng: Okay. So VMware basically spent a lot of time trying to optimize this and eventually they're very successful and they would be able to do that. 280 00:38:06.570 --> 00:38:10.980 William Cheng: Alright, so, so again, this is how they actually do virtualization over here using the guest host model. 281 00:38:11.160 --> 00:38:20.160 William Cheng: Where the host operating system is going to be a general purpose operating system they write their own VM as a device driver and they're going to install this and then go through the VM app. 282 00:38:20.550 --> 00:38:31.320 William Cheng: In order for for, you know, for them to act to access to devices. Okay. So as it turns out, you know, I guess they they sort of invest in the right, you know, a solution, because in the end, they were pretty successful 283 00:38:33.870 --> 00:38:42.510 William Cheng: All right. So briefly, we're going to talk about your pair of virtualization right so virtualized in the CPU is pretty simple, right, you take all those instruction that you don't like replace them with hypervisor call 284 00:38:42.690 --> 00:38:46.620 William Cheng: And now you're done right, you re compile your kernel and now you're Colonel can only run inside a virtual machine. 285 00:38:47.850 --> 00:38:55.860 William Cheng: But in that case, I mean, since you are going to replace to instruction is, why don't you replace three instruction. And what did replace 100 instruction, why didn't replace 1 million instruction. 286 00:38:56.280 --> 00:39:01.680 William Cheng: That's the problem with a pair of virtualization. Pretty soon your audiences that will not look like the original operating system anymore. 287 00:39:02.820 --> 00:39:12.750 William Cheng: Okay, so what people will do is that once you start doing parallel virtualization right if you're competing against VMware if you're competing against Virtual Box, you will do everything to beat your competition. 288 00:39:13.770 --> 00:39:20.310 William Cheng: Okay, so if you know that the weakness in your competition is that VMware is slow and Virtual Box is slow because of device iOS. 289 00:39:20.730 --> 00:39:26.670 William Cheng: Okay. So typically what people will do is that when they implement a power virtualization, they will take out all the device drivers. 290 00:39:27.570 --> 00:39:35.880 William Cheng: Because all the device drivers are slow, right, because every machine starting if you execute them inside a guest operating system you're going to tap into the openness is I'm going to do all that kind of stuff. So we really, really slow. 291 00:39:36.630 --> 00:39:43.830 William Cheng: Okay, so the power of virtualization, the way that typically done this, is that the guests machine has no device driver right they take the guest operating system. 292 00:39:44.070 --> 00:39:49.770 William Cheng: To, you know, remove all the device driver call and then they replaced with some other code that are super fast. That will access device. 293 00:39:50.850 --> 00:39:56.070 William Cheng: Okay, so in this case what is faster than you know going and go going to previous way right okay so so 294 00:39:56.430 --> 00:40:03.060 William Cheng: So one thing that's fast inside operating system is going to be communication co communication code typically will run faster than accessing the device. 295 00:40:03.360 --> 00:40:08.970 William Cheng: Okay, so instead of going, you know, into the user space of companies that have kernel and accessing the physical device, what they did is that 296 00:40:09.420 --> 00:40:16.620 William Cheng: So this is one of the company. I think they are called. I don't know how to pronounce this is Zen or Shen like it's been on whether you pronounce it in Chinese way or not. 297 00:40:17.190 --> 00:40:19.950 William Cheng: So I'm gonna call is no right. So this is company goes. Then over here. 298 00:40:20.430 --> 00:40:33.660 William Cheng: So so so they're actually one of the few company actually use ring zero, you know, inside Microsoft Windows right so the ring zero. So they use meanwhile so ring zero over here, they run the virtual machine monitor for CPU virtualization. 299 00:40:34.110 --> 00:40:39.720 William Cheng: Okay, they run the guest operating system actually rewind and the user space program over here running ring three 300 00:40:40.590 --> 00:40:48.030 William Cheng: That. So, therefore, you know, the guess offices and has less privileged are there in zero and they use the guess. Obviously, I mean really wanted to IO virtualization. 301 00:40:48.210 --> 00:40:52.980 William Cheng: They took out all the device driver code and they replace them with inter process communication code. 302 00:40:53.400 --> 00:41:03.570 William Cheng: Okay, so they call these different virtual machine domain. So here's domain 12345. They also have a special domain over here. Yeah, so the special domain over here. It's just like a host operating system. 303 00:41:03.930 --> 00:41:09.180 William Cheng: Okay, it could be written for general purpose operating system over here. They come with all the device driver, they can actually talk to that. 304 00:41:09.450 --> 00:41:19.050 William Cheng: Okay, and then have all these virtual machine over here, communicate with the host organises them using the fastest way of communication, which is using share memory to talk to each other. 305 00:41:19.560 --> 00:41:24.360 William Cheng: Because it was shared memory, right. So again, we saw before we can actually map something into our address space. 306 00:41:24.510 --> 00:41:35.790 William Cheng: We can map something called a share memory into address space. So now the same piece of memory of yoga mapping into multiple address spaces. So now when one program, you know, write to the address space, it will go into the sheer memory and the other 307 00:41:36.330 --> 00:41:38.520 William Cheng: The other user space program can actually pick up the data. 308 00:41:38.970 --> 00:41:47.130 William Cheng: Okay, so this way are basically you have these two processes that are communicated with each other. So this is no as inter process communication IPC inter process communication. 309 00:41:47.370 --> 00:41:49.890 William Cheng: Right. There are different ways to do it. You can do it through the operating system. 310 00:41:50.190 --> 00:41:56.400 William Cheng: Or you can do it using share memory. So, since these kind of company, they need to compare a compete against VMware virtual box over here. 311 00:41:56.610 --> 00:42:02.610 William Cheng: They want to make this as fast as possible so they would dedicate a lot of share memory. So this way, they can actually communicate very, very fast. 312 00:42:03.150 --> 00:42:09.930 William Cheng: Okay, so this way when you try to access the iOS device you come inside. Guess audiences and right you make you make, you know, racism call you come inside. 313 00:42:10.110 --> 00:42:17.670 William Cheng: The operating system over here, the operating system is completely rewritten because now it doesn't have any device driver. So instead, when they tried to church to 314 00:42:18.420 --> 00:42:23.250 William Cheng: Try to read a virtual file what he would do is, is that it will send the host operating system, a message. 315 00:42:23.970 --> 00:42:27.570 William Cheng: Okay, so we use to share memory over here. So basically over here is that communication call 316 00:42:27.750 --> 00:42:34.620 William Cheng: You send a message into the chat over here. The channel is going to reach the host operating officer, the host operating system is going to 317 00:42:34.830 --> 00:42:43.890 William Cheng: basically use the device driver to get data. The data that you need. And then what it will do is it will send the response back using a reverse channel using a shared memory. And this way you get to pick up the code. 318 00:42:44.790 --> 00:42:52.020 William Cheng: OK, so the host the host. I guess I've been system over here has no device driver because they are. They have all been replaced with share memory code. 319 00:42:52.350 --> 00:42:58.320 William Cheng: Right, so there will be sending messages and receiving messages and this will be the fastest way that you can actually have inter process communication. 320 00:42:59.400 --> 00:43:11.490 William Cheng: That. So, so this is basically the technology they use for IO virtualization. And in the end, they were very successful or they can compete against you know companies like VMware and Virtual Box, you know, II. 321 00:43:12.750 --> 00:43:20.550 William Cheng: Ii Ii inside the data center. Yeah. Alright, so we're not going to talk too much about it. I saw all the other one I have x is on it. 322 00:43:21.630 --> 00:43:32.400 William Cheng: All right, so. So in summary, I saw him so it was talking about all these different kind of virtualization. Oh, we talked about food virtualization like VMware or apparel apparel virtualization like Zen right 323 00:43:32.820 --> 00:43:39.030 William Cheng: In in VMware at virtualize the CPUs. They use dynamic binary writing and make them a lot of money. 324 00:43:39.570 --> 00:43:50.340 William Cheng: For to virtualize I oh they split the driver in the VM M and they also use the host guest host model, you know, for, you know, for, for, for, for, for the desktop. 325 00:43:50.910 --> 00:43:58.470 William Cheng: And, you know, for for for them. They use a problem. So ization to virtualize the CPU they replace 326 00:43:58.980 --> 00:44:08.940 William Cheng: All those, you know, bad, bad instruction with direct hypervisor call and also if I oh they took out all the device driver code because now you can change the Colonel, you can change the color of the entity you want. Yeah. 327 00:44:09.870 --> 00:44:21.060 William Cheng: So unfortunately, you know, in the real world out there. They also call something else virtualization, one of the company. They're very successful, they're doing that they call containerized operating system or always containers. 328 00:44:21.540 --> 00:44:25.260 William Cheng: So so so that will be a third categories of virtualization, guys. Okay. 329 00:44:25.440 --> 00:44:35.970 William Cheng: As far as our class is concerned, we don't call them a virtual machine. Right. Again, we don't call them virtual machine because they don't have one operating system running inside and that up and he said they only have one operating system. 330 00:44:36.210 --> 00:44:37.980 William Cheng: Right, so that's why we don't call them a virtual machine. 331 00:44:38.790 --> 00:44:45.330 William Cheng: There. So in this guys over here. Basically, there's one iOS. Okay, even though they look like they're multiple offices in the end it's the same operating system. 332 00:44:45.660 --> 00:44:58.200 William Cheng: Okay, so you just one operating system that design so that they look like they are separate machines. Okay, so they call these virtual machine containers over here inside a virtual machine container. You can run, you can basically run, run. 333 00:44:59.250 --> 00:45:03.240 William Cheng: Run, run, something that looks like a different opportunities there, but in the end is running the same operating system. 334 00:45:03.660 --> 00:45:10.650 William Cheng: Okay, so what they focus on is that when you're running on architecture like this, right. So some of the company and company over here that are very successful with this architecture. 335 00:45:11.190 --> 00:45:14.280 William Cheng: You probably you probably heard of them. Right. One of them is called Docker. 336 00:45:14.700 --> 00:45:24.450 William Cheng: The otherwise Open VZ and there's some Colin man's container. I think one of them when public and then, you know, call become doctors and I think there are they bought out by some big company. 337 00:45:24.960 --> 00:45:32.250 William Cheng: So again, you know, see detect that this kind of technology is pretty popular when they are focusing on is that you know he's had a data center. So again, if you, you know, 338 00:45:34.170 --> 00:45:41.010 William Cheng: If you have a virtual machine over here. So sorry if you have a hypervisor. The support many, many virtual machine. So let's say I support 20 different virtual machines. 339 00:45:41.280 --> 00:45:52.230 William Cheng: Okay if I buy one of the machines over here. I want one 20th, or the CPU I want 120 of the memory. I want one to one 20th of everything I want to make sure that all the other machine cannot interfere with what I oh 340 00:45:53.580 --> 00:45:59.730 William Cheng: OK, so in that case you need a specialized operating system to make sure that this will be the case. Right. So if you use, you know, Microsoft Windows over here. 341 00:45:59.940 --> 00:46:04.980 William Cheng: If there's a, you know, there's a memory hog. It will eat up all the memory over here, then all the other people is going to be really upset. 342 00:46:05.520 --> 00:46:13.170 William Cheng: Okay, so that's one of the success of these kind of company, they actually they try to perform they they try to provide performance isolation. 343 00:46:13.530 --> 00:46:25.830 William Cheng: Okay, so this way, every virtual machine over here, they will have their own exclusive resources now. Alright. So anyways, I'm not gonna talk too much about it. So if you're interested, you know, like as Google at the lots of information on the Internet. 344 00:46:26.970 --> 00:46:36.360 William Cheng: Alright, so now we're going to sort of talk about one of the topic that we skip on Chapter seven, the last chapter seven is virtualized in virtual memory. So since we haven't really talked about virtual machines. 345 00:46:36.660 --> 00:46:42.810 William Cheng: We skip that part. Now we finished talking about virtual machine will can actually talk about how to virtualize virtual memory. Yeah. 346 00:46:43.590 --> 00:46:51.510 William Cheng: I mean, this term you've been sounds really weird right yeah alright so so when you're running your application, right, your application is using virtual memory. 347 00:46:51.870 --> 00:47:00.360 William Cheng: Okay, so you know all your user space program you're using virtual address space over here. But if you run inside a virtual machine or we here. Well, then you are using virtual virtual memory. 348 00:47:01.200 --> 00:47:03.990 William Cheng: Right, because you're not using virtual memory, you're using virtual virtual memory. 349 00:47:04.350 --> 00:47:07.440 William Cheng: Because you're running inside a virtual machine, right. All right, what about the guest operating system. 350 00:47:07.650 --> 00:47:15.990 William Cheng: The guess audiences and think that they're dealing with physical memory or real memory. But in this case, if you run inside. Inside a virtual machine, then it will be fake real memory. 351 00:47:16.260 --> 00:47:19.590 William Cheng: So this will call be called as virtual real memory or virtual physical memory. 352 00:47:20.370 --> 00:47:27.450 William Cheng: Okay, so who's actually dealing with the real memory, what the virtual machine monitor or the hypervisor they are the one that actually deal with real memory, right. 353 00:47:27.720 --> 00:47:36.330 William Cheng: So if you again. Look at the next day or we hear the VMware the VM M is the one that actually deal with the deal with the sort of the 354 00:47:36.960 --> 00:47:44.850 William Cheng: The only the VM M knows the real physical address of the memory, right, because instead of guest operating system, the guess obviously them. Do they know about physical addresses. 355 00:47:45.330 --> 00:47:49.980 William Cheng: Well, they only know about faith physical address it. So, so that's why I will be here it says they're dealing with virtual real memory. 356 00:47:50.430 --> 00:47:58.740 William Cheng: Okay. So forget about the you know the the the application, they don't. They actually don't. They don't know anything. Okay, so the question over here. Is that how do you virtualize these virtual memory. 357 00:47:59.460 --> 00:48:05.850 William Cheng: Okay, so what. So what does that mean, I'll be here. So if you think about, you know, if you have a page, page table over here, the page, it was before my address translation. 358 00:48:06.630 --> 00:48:16.170 William Cheng: And then so when I run my when I run my application over here, right, if I run on the the get the operating system, the operating system is going to pull up a table like this. 359 00:48:16.380 --> 00:48:24.360 William Cheng: Okay, so this way when the application technical for address translation, they're going to use the virtual page number as their index over here to access the page table entry over here. 360 00:48:24.720 --> 00:48:37.110 William Cheng: Okay, I mean the table over here I stands for invalid. So these two other two entries that we have Allah. So if you try to access like this entry right here. Right. This one says the physical page number is two. But in this case, what kind of physical page, it is 361 00:48:37.500 --> 00:48:39.090 William Cheng: Why it's a virtual physical page. 362 00:48:40.230 --> 00:48:47.490 William Cheng: Right. Because over here. It says, you know, the physical page number of years. Again, that's the leading the leading physical page number 363 00:48:48.270 --> 00:48:55.560 William Cheng: You know, for, for, for the physical memory, but the physical memory is that this virtual machine is fake. Okay. So, therefore, you know the number to over here is actually no good. 364 00:48:56.640 --> 00:49:05.370 William Cheng: Okay. So, therefore, this guy is. How do we map the virtual the virtual physical page number two the rope physical page number why we need another level of page table. 365 00:49:05.880 --> 00:49:12.450 William Cheng: Okay, so over here inside VMware for inside via there's going to be one page table for every virtual machine. 366 00:49:13.320 --> 00:49:23.040 William Cheng: Okay, so here's the VM as a stable for this virtual machine, right. So over here, what it will do is is that it will take the virtual physical page number and translate into a real physical page number 367 00:49:24.270 --> 00:49:33.570 William Cheng: Okay, so let me say that again. Right. The original the original page table inside. Inside the guests are brings us and it translate a virtual virtual page number to a virtual physical patient number 368 00:49:34.050 --> 00:49:39.630 William Cheng: Okay, the page table inside a VM. M It will translate your virtual physical page number to a physical page number 369 00:49:41.160 --> 00:49:45.660 William Cheng: Alright so this guy's if you go over the second level trends translation, right. So, this one says physical 370 00:49:46.110 --> 00:49:53.400 William Cheng: Virtual physical page number two for this virtual machine you for this table to is this one over here and then it will tell you, you have to go to physical page number one. 371 00:49:54.210 --> 00:50:05.550 William Cheng: Okay. So, therefore, what is it telling you if you combine these two page table together if the application over here, tried to access Virtual. Virtual page number three I should use the real physical page number one. 372 00:50:06.600 --> 00:50:10.410 William Cheng: Okay, so you know what I, what can I do, is I can actually combine these two pages table over here. 373 00:50:10.620 --> 00:50:20.550 William Cheng: into what's called a shadow page table so unfortunately they use the word shadow over here. So this has nothing to do with the shadow object. This has nothing to do with shadow paging as this is called a shadow page table. 374 00:50:20.940 --> 00:50:29.640 William Cheng: Okay, so I'm going to combine these two page tables together to generate a shadow page a ball and this shadow page table. I'm going to give this to the real hardware, give it to the real CPU. 375 00:50:30.180 --> 00:50:33.720 William Cheng: Okay, so remember there's instructions as see our three get x 376 00:50:34.620 --> 00:50:48.540 William Cheng: Equals x over here is going to be a physical address, but in this case is going to be a virtual physical address, so I need to perform address translation to convert the virtual physical address events into the real physical address using a second level paste a ball and then the 377 00:50:49.770 --> 00:50:57.600 William Cheng: In my previous lecture, I call this expression right. Okay. So, therefore, in the real CPU. I'm gonna say see our three is going to get the real expert price. 378 00:50:57.990 --> 00:51:08.220 William Cheng: Okay. And inside the virtual CPU the virtual CPU is going to get the value of x. But again, the x only it's a virtual fiscal page number. Okay. Well, in the real CPU. I'm going to get the expression, which is what 379 00:51:09.570 --> 00:51:11.520 William Cheng: Would which is going to be the real physical page number 380 00:51:12.600 --> 00:51:25.650 William Cheng: That. So the basic idea over here is that when I perform this add the page table look up instead of going through these two different table. I can combine them into one shadow paste table and then I'm going to set the base address over here to give it to see our three 381 00:51:26.610 --> 00:51:37.500 William Cheng: OK, so now when I'm running this user process inside this virtual machine, then in that case, you know, inside a real CPU CR three registered need to point to the base address, you know, for the shadow page table. 382 00:51:39.210 --> 00:51:42.330 William Cheng: Okay, so this way, it will perform address translation correctly. Okay. 383 00:51:43.170 --> 00:51:45.210 William Cheng: All right, so how do I actually construct this page table. 384 00:51:45.420 --> 00:51:55.380 William Cheng: So again, you can actually see that you know if these two entries are I over here. So again, the left hand side over here, our virtual virtual page number and the number inside over here is going to be the real physical page number 385 00:51:55.830 --> 00:52:01.440 William Cheng: Okay, so therefore the virtual page number over here, Virgil, Virgil page number of invalid over here, they should also be invalid. 386 00:52:01.650 --> 00:52:09.960 William Cheng: Right. The other ones that are valid over here, then we need to follow the, you know, follow the pointer over here. So this one on a virtual page zero V or virtual virtual page zero 387 00:52:10.200 --> 00:52:17.880 William Cheng: It needs to go to virtual physical page one virtual physical page was going to go to physical the real physical page number three. So that's why you put a three right here. 388 00:52:18.750 --> 00:52:26.340 William Cheng: Okay, so this way for this user process inside this virtual machine. If you access Virtual. Virtual page number, we need to go to physical page number three. 389 00:52:27.090 --> 00:52:33.270 William Cheng: Okay, what about the last century is over here. If you're accessing Virtual. Virtual page number, it needs to go to virtual physical page number two. 390 00:52:33.450 --> 00:52:38.400 William Cheng: Virtual physical page number two need to go to physical page number one. So, therefore, you put physical page number. While we're here, 391 00:52:38.580 --> 00:52:48.810 William Cheng: So that if you give this page table to this user process inside this virtual machine when you try to use virtual virtual page. Page Number three, your assets physical page number one again. You know, this is how it works. 392 00:52:49.980 --> 00:53:00.630 William Cheng: So if you combine these two page table over here, you can create a shadow page table you give the physical address for the the physical base after some set up a table and put that into the CRC register and then it will work. 393 00:53:02.370 --> 00:53:11.010 William Cheng: Okay. Alright, so, so, so again, this means that every time when you try to change all these pages table right so so when the guest operating system over here, try to manipulate this patient about what needs to happen. 394 00:53:12.000 --> 00:53:18.900 William Cheng: What if it gets up in the system is changing the pace that will be here. What, then, then you need to tap into the virtual machine monitor over here to actually modify the 395 00:53:19.710 --> 00:53:27.930 William Cheng: page table entry in the real page table. Okay. So every time you might have all these pages that branches over here and you just dropping inside the inside a virtual machine monitor you do all these things. This 396 00:53:28.260 --> 00:53:35.280 William Cheng: And also when you try to switch to a different process. Again, you need to construct the shadow paste a ball and then make sure that everything over here is correct and then 397 00:53:36.030 --> 00:53:42.180 William Cheng: And then again, you're gonna you're going to get the you gotta send the best the best actors over here into the real car through register. 398 00:53:42.900 --> 00:53:51.690 William Cheng: Okay, so again, all these things can be done right. So how do you make sure that when the guest operating system, try to access to change the pace table. Are you traveling to the virtual machine monitor 399 00:53:52.170 --> 00:53:59.910 William Cheng: So again, you know, the page table over here is four kilobytes long for Intel. So all you need to do is to set up the page protection over here. So when the guest. Is this a 400 00:54:00.120 --> 00:54:05.130 William Cheng: Try to access, you know, these memory location. Okay, you're trying. Are you trying to type into the virtual machine monitor 401 00:54:05.610 --> 00:54:13.560 William Cheng: Okay, so this can be done right. But, uh, but once you're trapped inside a guest operating system over here. There's a lot of things that you have to do so, so, so in general, this is really, really slow. 402 00:54:14.460 --> 00:54:16.290 William Cheng: Okay, so how do you actually speed this up. 403 00:54:16.890 --> 00:54:26.850 William Cheng: Okay, so. So one thing that you can do is I can use virtualization right so anytime when you try to modify the page table instead of guess often is that you take all that instruction or you change it into a hypervisor call 404 00:54:27.480 --> 00:54:30.630 William Cheng: Okay. But again, this, this is not very, very much different from companies. 405 00:54:31.980 --> 00:54:38.370 William Cheng: Coming into the virtual machine monitor using a page fall. So even if you have power virtualization. In the end, it's not very, very fast. 406 00:54:39.000 --> 00:54:48.480 William Cheng: Okay, the real solution over here is actually you have to do this in hardware. Okay, so if I use noticing hardware. So in terms of CPU that support the extended page table tech 407 00:54:48.870 --> 00:54:54.810 William Cheng: Technology. It's got a PT right so again you can you know where you installed onto onto the real all as 408 00:54:54.990 --> 00:55:04.020 William Cheng: Well you finish booting the operating system in a terminal. You can type D and E, F, G, right, the debugging message over here, right, and then you grab you type of you know you Piper to grab 409 00:55:04.410 --> 00:55:15.090 William Cheng: Looking for a PT and to see if it actually support it. Okay. So I think one of the more events Intel CPU. That should support, Ed. So he's a PT over here, they will always use to page table. 410 00:55:15.690 --> 00:55:18.840 William Cheng: Okay, so, so instead of trying to combine these two tables together. 411 00:55:19.230 --> 00:55:24.180 William Cheng: You're going to give this to the CPU to pay stable. One is a CRT register. So this one is here are three 412 00:55:24.330 --> 00:55:31.770 William Cheng: They also have a specialized page table over here to use the second level translation. So therefore, we prefer address translation, you actually go through to page table over here. 413 00:55:32.430 --> 00:55:36.450 William Cheng: Okay, so since this is Danny hardware. Okay, it's going to perform much faster, right. 414 00:55:37.110 --> 00:55:48.450 William Cheng: There. So the picture will look like this right when you perform address translation right you, you start with a you know a 32 bit virtual address you take the first 10 minutes over here and access the pace directory table over here and that will give you 415 00:55:49.320 --> 00:55:59.250 William Cheng: That then that will give you a virtual page number. But again, that sounds right. That will give you a fiscal page number, but that's a virtual physical base number. So, therefore, you have to go through the second level accurate translation. 416 00:55:59.430 --> 00:56:05.460 William Cheng: Right. So in this case, the second level case table over here we're going to use a different registrations that the CPU to perform the address translation. 417 00:56:05.580 --> 00:56:12.330 William Cheng: So now this address over here, which is the virtual physical page number need to perform go to the second level translation and then and then eventually 418 00:56:12.660 --> 00:56:19.440 William Cheng: Got a physical address and the physical address over here will point to the second level patient of all and then use the middle 10 pages that will be here as an array index. 419 00:56:19.650 --> 00:56:31.620 William Cheng: Again, well, you try to access this page table over here. What it will give you is a virtual physical page number, you need to go to the second level address translation over here to get there. And then eventually you can get a base address and then you add the offset your 420 00:56:32.220 --> 00:56:36.900 William Cheng: Final file even get a physical address. Yeah. So the real picture will look like this. 421 00:56:37.920 --> 00:56:40.830 William Cheng: Okay. So in this case, you know, how many you know how many times, I'd be 422 00:56:41.190 --> 00:56:50.790 William Cheng: Happy to go across the bus right every time we go through this page table entries over here, you have to go go go across the bus. So in this case, instead of, you know, even if you're doing a 32 bit CPU over here. 423 00:56:51.240 --> 00:56:56.220 William Cheng: Instead of going through the bus twice to do address translation. Now you have to go through about six times. 424 00:56:57.120 --> 00:57:08.730 William Cheng: Okay, so this is why into how to use a way said associative cash. So this way, hopefully, every time we need to go to the bus, all these information or inside the translation, because I buffer. So therefore, the performance over here will be very, very 425 00:57:09.630 --> 00:57:20.310 William Cheng: Very reasonable. Okay. And again it magically, we have a 64 bit CPU, we're going to go through even more levels over here because there are four levels address and say, you know, the top over here. Each one of them is going to 426 00:57:21.540 --> 00:57:30.180 William Cheng: cost you three address translation altogether so India going to go to the bus 12 times. So again, without a very, very good performed, you know, 427 00:57:31.230 --> 00:57:45.840 William Cheng: Transition books I bought for, you know, running out of virtual run inside a virtual machine will be helpless. Yeah. Alright. So again, if you use the PT, you know, technology over here you don't end up running much faster than using apparel virtualization. Yeah. 428 00:57:48.030 --> 00:57:58.800 William Cheng: All right, so I guess this is a good time to break. So next time we'll have the second part of the lecture I'm going to come back and talk about the remaining part of how to shrink the the the 429 00:57:59.160 --> 00:58:06.570 William Cheng: The colonel in a monolithic opportunities and we're going to see what micro kernels are yeah and then again we will go back to section 4.2 yeah