© 2010 VMware Inc. All rights reserved

Application-level mobile virtualizationHarvey Tuch, Staff Engineer, Mobile Virtualization Platform

January 25th 2012Sponsored by MIT and VMware Academic ProgramsVMware: www.vmware.comVMware Labs: labs.vmware.com

2

Agenda Mobile hypervisor distribution Virtualization at user-level on Linux Putting it together: Android VMM app Programming exercise

3

Mobile hypervisor distribution

4

Mobile hypervisor distribution

Not all mobile hypervisor components can be typically provisioned by app store• System software provisioned by OEM and/or carrier

• Maintenance of “baked on” bits

• Time to market (TTM)

• Market coverage

What if we move system (privileged) components to application (user) level?• Distribute entire hypervisor like a regular app, via app store

• Relax distribution constraints

• Performance, fidelity tradeoffs

5

Mobile hosted architecture

Privileged

User

Host world Guest/monitor world

Monitor

Guest

Kernel modulesHost kernel

VM control, device backends

6

Deprivileged hosted architecture

Privileged

User

Host worldGuest + monitor

Host kernel

7

App store distribution constraints

Mobile app security models, e.g. Android• User-level, deprivileged execution

• Kernel sandboxing, restricted access to:• File system

• Other applications• Services (e.g. SMS, GPS, network)

• Native components via JNI

• Unique UID + data directory for each application

8

Agenda Mobile hypervisor distribution Virtualization at user-level on Linux Putting it together: Android VMM app Programming exercise

9

Virtualization at user-level on Linux

10

User-level virtualization

Run guest as an application on host OS• Guest user ISA runs 1:1

• How to handle guest user exceptions? (syscall traps, page faults, etc.)

• How to execute guest privileged ISA? (e.g. on ARM MSR/MRS/MCR/MRC..)

• How to map guest adddress space to application address space on host?

11

User-level virtualization

Run guest as an application on host OS• Guest user ISA runs 1:1

• How to handle guest user exceptions? (syscall traps, page faults, etc.)

• How to execute guest privileged ISA? (e.g. on ARM MSR/MRS/MCR/MRC..)

• How to map guest adddress space to application address space on host?

12

Guest user ISA runs 1:1

13

Guest user ISA runs 1:1

14

User-level virtualization

Run guest as an application on host OS• Guest user ISA runs 1:1

• How to handle guest user exceptions? (syscall traps, page faults, etc.)

• How to execute guest privileged ISA? (e.g. on ARM MSR/MRS/MCR/MRC..)

• How to map guest adddress space to application address space on host?

15

Guest user syscall exception

16

Guest user syscall exception

17

Guest user syscall exception

18

Guest user syscall exception

19

ptrace system call

Linux system call allowing one process to control/monitor another• Used by gdb, strace• Parent can inspect/modify child’s:

• Register file

• Memory

• Parent can intercept child signals• Exceptions (including syscall traps) reflected in Unix at user-level as signals

• Parent can single step and inject signals into child

20

ptrace based virtualization

Hypervisor thread parent • ptrace child thread representing guest

• Use ptrace:• Intercept all signals (exceptions)

• Intercept system calls• Context switch child thread between guest kernel/user

Performance penalties• Each exception requires switching between guest thread, host kernel,

hypervisor thread, host kernel and guest thread

• ptrace originally only intended for debug, but now optimized to support User-mode Linux (see also Fiasco-UX)

21

ptrace exception handling

while (1) { waitpid(guestPID, &status, __WCLONE | WUNTRACED); ...

struct user_regs regs; ptrace(PTRACE_GETREGS, vmm->currentGuestPID, NULL, &regs);

int sig = WSTOPSIG(status);

switch (sig) { case SIGTRAP: { ...}

22

Guest user syscall exception

23

User-level virtualization

Run guest as an application on host OS• Guest user ISA runs 1:1

• How to handle guest user exceptions? (syscall traps, page faults, etc.)

• How to execute guest privileged ISA? (e.g. on ARM MSR/MRS/MCR/MRC..)

• How to map guest adddress space to application address space on host?

24

Guest privileged ISA

25

Guest privileged ISA

Sensitive + privileged instructions• E.g. MCR/MRC on ARM

• Trap+emulate with ptrace Sensitive + non-privileged instructions• E.g. MSR/MRS on ARM

• Paravirtualization

• Hypercall traps to hypervisor parent process via ptrace

26

User-level virtualization

Run guest as an application on host OS• Guest user ISA runs 1:1

• How to handle guest user exceptions? (syscall traps, page faults, etc.)

• How to execute guest privileged ISA? (e.g. on ARM MSR/MRS/MCR/MRC..)

• How to map guest adddress space to application address space on host?

27

Guest address space mapping

28

Guest address space mapping

29

Guest address space mapping

• Reduced guest address space• Guest kernel modifications required• Guest application visible

30

Agenda Mobile hypervisor distribution Virtualization at user-level on Linux Putting it together: Android VMM app Programming exercise

31

Putting it together: Android VMM app

32

Android .apk anatomy

.apk

Resources Meta-data

CertificatesDEX (Java)

Native code (JNI)

33

Android VMM application

Java frontend• VM lifecycle management

• Display VM framebuffer contents

• Touchscreen input

• Invoke native code via JNI

Native code (JNI)• ptrace-based VMM

Resources• Guest kernel + applications (LBS VM image)

34

Agenda Mobile hypervisor distribution Virtualization at user-level on Linux Putting it together: Android VMM app Programming exercise

35

Programming exercise

http://labs.vmware.com/academic/mit-iap-2012-mobile-virtualization

Implement parts of deprivileged mobile hypervisor• Context switching

• Paravirtualized hypercall handling

Run on your Android smartphone (or SDK emulator) Complete by 5th February 2012 to enter draw to win iPad Questions and clarification to: htuch@vmware.com