在OpenCL虛擬化系統中的記憶體存取驗證

Abstract

近年來為了能充分發揮多圖形處理器(GPU)的運算性能，GPU 虛擬化技術越來越受到注 意。其中一種簡單的設計方法是由單一的程序(process)接受來自不同程序的請求，並且由單一 的程序透過同一個OpenCL 執行環境(OpenCL context)來管理資源。然而這種設計方法會造成 某個程序的資料可能會被其他程序存取的安全問題。 在本研究中，我們提供了有效率的記憶體存取驗證器 clValidator 使 kernel 函數能動態的 檢查對裝置記憶體(包含global, local, private 與 constant 記憶體與共享虛擬記憶體(SVM))的 存取行為。 clValidator 由三個元件所組成： (1) kernel 分析器，其分析取得 OpenCL kernel 函數的靜 態記憶體存取資訊，(2) kernel 改寫器，其改寫OpenCL kernel 函數使記憶體存取能被驗證，(3) 驗證管理器，其記錄執行時的資訊並且將其傳送至被改寫的 kernel 函數。 在實驗中，clValidator 相比 WebCL Validator(已知唯一同樣對OpenCL 1.2 Kernel 進行記 憶體保護的程式)有較小的執行負擔。同時 clValidator 也有能力偵測到OpenCL 2.0 中對 SVM(除 fine-grained system SVM) 的非法存取行為。

Graphics processing unit (GPU) abstraction techniques have emerged and have been attracting more research interest in recent years so as to utilize the power of multiple GPUs. A common and simple approach to manage the resources of multiple GPUs is to use a single process that creates tasks according to requests from applications and manages these requests within a single context. However, this design exposes a potential security flaw that data belong to one application might be accessible to other applications within the single context. In this thesis, we propose an efficient memory access validator (clValidator) that dynamically validates all accesses to device (e.g., GPU) memory [including the global, constant, local, and private memories and the shared virtual memory (SVM), which is introduced in OpenCL 2.0] for OpenCL applications. ClValidator is composed of three main components: (1) a kernel analyzer, which extracts static memory access information within an OpenCL kernel function, (2) a kernel instrumentator, which rewrites the OpenCL kernel function such that each memory access is validated before it is made, and (3) a validation manager, which intercepts run-time information and passes it to the instrumented OpenCL kernel function. Experiments demonstrated that clValidator introduced a smaller validation overhead than WebCL Validator, iii which is, to our best knowledge, the first and only implementation that enforces memory protection for OpenCL 1.2 kernels, for the Rodinia benchmark suite. ClValidator also detected and prevented access violation errors that were caused by invalid references to SVM buffers (excluding fine-grained system SVM buffers) for the OpenCL 2.0 programs from the sample package of the AMD APP SDK.