Skip to content

Latest commit

 

History

History
42 lines (28 loc) · 2.83 KB

hyperlight-execution-details.md

File metadata and controls

42 lines (28 loc) · 2.83 KB
Raw

How code is run inside a VM

This document details how VMs are very quickly and efficiently created and configured to run arbitrary code.

Background

Hyperlight is a library for creating micro virtual machines (VMs) intended for executing small, short-running functions. This use case is different from that of many other VM platforms, which are aimed at longer-running, more complex workloads.

A very rough contrast between Hyperlight's offerings and other platforms is as follows:

Feature Hyperlight Other platforms
Hardware isolation (vCPU, virtual memory) Yes Yes
Shared memory between host and in-VM process Yes Yes [2]
Lightweight function calls between host and in-VM process (the "guest") Yes No
Bootloader/OS kernel No Yes [1]
Virtual networking No Yes [2]
Virtual filesystem No Yes [1]

As seen in this table, Hyperlight offers little more than a CPU and memory. We've removed every feature we could, while still providing a machine on which arbitrary code can execute, so we can achieve our various use cases and efficiency targets.

How code runs

With this background in mind, it's well worth focusing on the "lifecycle" of a VM -- how, exactly, a VM is created, modified, loaded, executed, and ultimately destroyed.

At the highest level, Hyperlight takes roughly the following steps to create and run arbitrary code inside a VM:

  1. Loads a specially built, statically linked binary (currently, the PE and ELF executable formats are supported) into memory. This is the code that is executed inside a virtual machine.
  2. Allocates additional memory regions, for example stack and heap for the guest, as well as some regions used for communication between the host and the guest.
  3. Creates a Virtual Machine and maps shared memory into it
  4. Create one virtual CPU (vCPU) within the newly created VM
  5. Write appropriate values to the new vCPUs registers.
  6. In a loop, tell previously created vCPU to run until we reach a halt message, one of several known error states, or an unsupported message
    1. In the former case, exit successfully
    2. In any of the latter cases, exit with a failure message

[1] nearly universal support

[2] varied support