Running Rings Around Virtualisation
Posted on 01.Feb 2010 by Ray Heffer in VMware, VMware
In 1987 when I was just 11 years old, I used my first real PC, other than the Sinclair Spectrum and Commodore 64 (1984) of course… an Intel 80386 Personal Computer with a green screen CRT display. Bundled with it was a book called ‘80386 Programmer’s Reference Manual‘. Back then I was fascinated with computer programming and machine code, and although little of the book was understood at the time, much of it is still relevant today. The book was published in 1986, and one of the sections covered processor privilege levels.
Privilege levels determine what rights the procedure being executed has when issuing instructions, or accessing I/O ports and memory addresses. There are 4 privilege levels for x86 processor architecture, and these are called rings. The four rings (0 to 3) are designed to protect the hardware resources, keeping user applications at level 3 (the least privilege) and the operating system kernel at ring 0 (the most privileged).
In 1998 VMware used a technique called binary translation that allowed the operating system to operate at ring 1, whilst (unknown to the OS) the VMM (Virtual Machine Monitor) is running at ring 0 with the highest privileges on the hardware resources. Binary translation achieves high performance CPU performance, and it’s input in x86 code (not source code). The translation itself if dynamic, which happens at runtime (interleaved with the generated code) and it’s only translated when it is about to execute. You can read more on that <here>. What is important, is that this approach enabled full virtualisation of any x86 operating system on VMware Virtual Infrastructure. Interestingly, Virtual Iron which Oracle acquired then ditched back in 2009, didn’t use binary translation but still managed to achieve full virtualisation using what they labelled as ‘native virtualisation’.
Then in 2006 Intel and AMD released hardware virtualisation technology (VT or AMD-V) in their processors that overcomes the need for using binary translation techniques. This introduced a new level (or mode) aptly names ‘root mode’ that sits under ring 0.
I imagine that one day in the distant future, this technology will evolve to such as level it could be like trying to understand molecular modelling!
Got r00t?
Thanks for reading! Feel free comment below
80386, cpu, Hardware, i386, kernel, paravirtualisation, privilege, processors, programming, rings, VMware, x86
I have been using Xen virtualization for 2 years now, which uses domains for each virtual instance. Dom0 is the first domain started by Xen at boot.
This all makes sense now, if its referring to having special privileges at ring 0.
Nice post.
Hi Matthew,
Thanks for the comment, and I’m glad you are running Xubuntu Linux
I’ll be tweaking the site over the coming weeks, and I intend to change the navigation to make it a little easier.
Thanks for stopping by!
Ray
If anyone thinks the topic of ‘rings’ is boring, think again! A hacker has managed to exploit ring0 of the Playstation 3… you can read more on that here: http://www.reghardware.co.uk/2010/01/27/playstation_exploit_released/