System Virtual Machines

Similar documents
CS 695 Topics in Virtualization and Cloud Computing. More Introduction + Processor Virtualization

A Unified View of Virtual Machines

Virtualization. Jia Rao Assistant Professor in CS

Cloud Computing #6 - Virtualization

Hypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits:

Virtualization. Pradipta De

COS 318: Operating Systems. Virtual Machine Monitors

x86 ISA Modifications to support Virtual Machines

Virtualization. Dr. Yingwu Zhu

Chapter 5 Cloud Resource Virtualization

Full and Para Virtualization

Virtualization Technology. Zhiming Shen

Uses for Virtual Machines. Virtual Machines. There are several uses for virtual machines:

Distributed Systems. Virtualization. Paul Krzyzanowski

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University

Virtual machines and operating systems

Virtual Machines. COMP 3361: Operating Systems I Winter

Virtualization. ! Physical Hardware. ! Software. ! Isolation. ! Software Abstraction. ! Encapsulation. ! Virtualization Layer. !

Virtualization. Explain how today s virtualization movement is actually a reinvention

VMkit A lightweight hypervisor library for Barrelfish

Virtualization. Clothing the Wolf in Wool. Wednesday, April 17, 13

Hardware Assisted Virtualization

Virtualization. Jukka K. Nurminen

Virtual Machines. Virtualization

Virtualization. Types of Interfaces

Cloud Computing. Up until now

x86 Virtualization Hardware Support Pla$orm Virtualiza.on

COS 318: Operating Systems. Virtual Machine Monitors

Virtualization. P. A. Wilsey. The text highlighted in green in these slides contain external hyperlinks. 1 / 16

Introduction to Virtual Machines

How To Understand The Power Of A Virtual Machine Monitor (Vm) In A Linux Computer System (Or A Virtualized Computer)

Basics in Energy Information (& Communication) Systems Virtualization / Virtual Machines

Jukka Ylitalo Tik TKK, April 24, 2006

OS Virtualization. CSC 456 Final Presentation Brandon D. Shroyer

COM 444 Cloud Computing

Chapter 16: Virtual Machines. Operating System Concepts 9 th Edition

nanohub.org An Overview of Virtualization Techniques

Intel Virtualization Technology Overview Yu Ke

Microkernels, virtualization, exokernels. Tutorial 1 CSC469

Virtualization: Concepts, Applications, and Performance Modeling

Introduction to Virtual Machines

Hypervisors and Virtual Machines

Implementation of a Purely Hardware-assisted VMM for x86 Architecture

Clouds, Virtualization and Security or Look Out Below

9/26/2011. What is Virtualization? What are the different types of virtualization.

Virtual Machines. Adapted from J.S. Smith and R. Nair, VIRTUAL MACHINES, Morgan-Kaufmann Teodor Rus.

An Introduction to Virtual Machines Implementation and Applications

Basics of Virtualisation

CS5460: Operating Systems. Lecture: Virtualization 2. Anton Burtsev March, 2013

Outline. Outline. Why virtualization? Why not virtualize? Today s data center. Cloud computing. Virtual resource pool

Introduction to Virtualization

12. Introduction to Virtual Machines

FRONT FLYLEAF PAGE. This page has been intentionally left blank

Virtual Machines.

Knut Omang Ifi/Oracle 19 Oct, 2015

Virtual Servers. Virtual machines. Virtualization. Design of IBM s VM. Virtual machine systems can give everyone the OS (and hardware) that they want.

Virtualization Technologies

Distributed and Cloud Computing

Cloud Computing CS

ARM Virtualization: CPU & MMU Issues

Virtualization VMware Inc. All rights reserved

The MIPS architecture and virtualization

Cloud Architecture and Virtualisation. Lecture 4 Virtualisation

ELEC 377. Operating Systems. Week 1 Class 3

Virtualization Technology. Zhonghong Ou Data Communications Software Lab, Aalto University

The Xen of Virtualization

Virtualization for Cloud Computing

Nested Virtualization

Virtualization Concepts And Applications. Yash Jain DA-IICT (DCOM Research Group)

KVM: A Hypervisor for All Seasons. Avi Kivity avi@qumranet.com

evm Virtualization Platform for Windows

OSes. Arvind Seshadri Mark Luk Ning Qu Adrian Perrig SOSP2007. CyLab of CMU. SecVisor: A Tiny Hypervisor to Provide

Virtualization in Linux KVM + QEMU

MODULE 3 VIRTUALIZED DATA CENTER COMPUTE

Hardware accelerated Virtualization in the ARM Cortex Processors

kvm: Kernel-based Virtual Machine for Linux

COS 318: Operating Systems

Virtualization. Guillaume Urvoy-Keller UNS

Understanding Full Virtualization, Paravirtualization, and Hardware Assist. Introduction...1 Overview of x86 Virtualization...2 CPU Virtualization...

Virtualization in the ARMv7 Architecture Lecture for the Embedded Systems Course CSD, University of Crete (May 20, 2014)

Virtual Machines. Virtual Machines

How To Virtualize A Computer System

CS 152 Computer Architecture and Engineering. Lecture 22: Virtual Machines

Virtual Computing and VMWare. Module 4

Clouds Under the Covers. Elgazzar - CISC Fall

Chapter 14 Virtual Machines

Virtual Machine Security

Enabling Technologies for Distributed Computing

Enabling Technologies for Distributed and Cloud Computing

GUEST OPERATING SYSTEM BASED PERFORMANCE COMPARISON OF VMWARE AND XEN HYPERVISOR

Operating System Organization. Purpose of an OS

Security Overview of the Integrity Virtual Machines Architecture

Intro to Virtualization

CPS221 Lecture: Operating System Structure; Virtual Machines

matasano Hardware Virtualization Rootkits Dino A. Dai Zovi

Introduction to Virtualization & KVM

Arwed Tschoeke, Systems Architect IBM Systems and Technology Group

Transcription:

System Virtual Machines Introduction Key concepts Resource virtualization processors memory I/O devices Performance issues Applications 1

Introduction System virtual machine capable of supporting multiple system images each guest OS manages a set of virtualized hardware resources VMM owns the real system resources VMM allocates resources to guest OS by partitioning or time-sharing guest OS allocates resources to its user programs each virtual resource may not have physical resource see Figure 8.1 2

Introduction (2) L i n u x A p p l i c a t i o n W i n d o w s A p p l i c a t i o n O S / 2 A p p l i c a t i o n L i n u x O S W i n d o w s O S O S / 2 O S V i r t u a l I n t e l x 8 6 V i r t u a l I n t e l x 8 6 V i r t u a l I n t e l x 8 6 I n t e l x 8 6 H a r d w a r e 3

Key Concepts Outward appearance State management Resource control Native and hosted virtual machines Several concepts are simplified same guest and host ISA uniprocessor systems 4

Outward Appearance Create an illusion of multiple machines. Illusion in software no replication of hardware resources switch to move devices from one VM to the other Replication of hardware resources devices used directly by each user are replicated rest of the hardware is shared Hosted VM one OS more important than the other UI of host OS provides way to display UI of the second 5

State Management Refers to how each individual guest state is managed by the SVM each guest OS has an architected state host resources may not be adequate Fixed location for all guest state in host VMM manages pointer and switching indirection can be very inefficient (Figure 8.3a) Copy approach more efficient (Figure 8.3b) essential to allow direct execution of native code 6

State Management (2) V M M M e m o r y V M M M e m o r y P r o c e s s o r R e g i s t e r v a l u e s f o r V M 1 P r o c e s s o r R e g i s t e r v a l u e s f o r V M 1 R e g i s t e r B l o c k P o i n t e r R e g i s t e r v a l u e s f o r V M 2 P r o c e s s o r R e g i s t e r s R e g i s t e r v a l u e s f o r V M 2 R e g i s t e r v a l u e s f o r V M 3 R e g i s t e r v a l u e s f o r V M 3 7

Resource Control Refers to how the VMM maintains overall control of all hardware resources. Scheme similar to time-sharing OS VMM intercept accesses to privileged resources get control on all privileged instructions VMM handles the timer interrupt (Figure 8.4) similar tradeoffs between fair scheduling and large switching overhead 8

VMM Timesharing VMM timeshares resources among guests similar to OS timesharing T i m e r i n t e r r u p t o c c u r s V M M s a v e s a r c h i t e c t e d s t a t e o f r u n n i n g V M V M M d e t e r m i n e s n e x t V M t o b e a c t i v a t e d V M M r e s t o r e s a r c h i t e c t e d s t a t e f o r n e x t V M V M M s e t s t i m e r i n t e r v a l a n d V M M s e t s P C t o t i m e r e n a b l e s i n t e r r u p t h a n d l e r o f O S i n t e r r u p t s i n n e x t V M F i r s t V M A c t i v e V M M A c t i v e N e x t V M A c t i v e 9

Native and Hosted VM Refers to the runtime privilege level of the VMM (and OS). for efficiency, some part of VMM should have higher privileges Figure 8.5 analogous relationship to OS and user programs native VM system: only the VMM operates in privilege mode hosted VM: VMM installed on top of existing OS some or no part of VMM in privilege mode 10

Native and Hosted VM (2) V i r t u a l M a c h i n e V i r t u a l M a c h i n e A p p l i c a t i o n s V i r t u a l M a c h i n e V M M V M M N o n - p r i v i l e g e d m o d e s O S V M M H o s t O S H o s t O S P r i v i l e g e d M o d e H a r d w a r e H a r d w a r e H a r d w a r e H a r d w a r e T r a d i t i o n a l u n i p r o c e s s o r s y s t e m N a t i v e V M s y s t e m U s e r - m o d e H o s t e d V M s y s t e m D u a l - m o d e H o s t e d V M s y s t e m 11

Resource Virtualization Processors Techniques to execute guest instructions emulation direct native execution Emulation interpretation or binary translation necessary if different host and guest ISAs Direct native execution same host and guest ISAs required may still require emulation of some instructions 12

Conditions for ISA Virtualizability Conditions laid out by Popek and Goldberg. Assume native system VMs VMM runs in system mode all other software runs in user mode Other assumptions hardware consists of processor and uniformly addressable memory processor can operate in two modes, user and system some subset of instructions only available in system mode relocation register available for memory addressing 13

Privileged Instructions Instructions that trap if the machine is in user mode, and does not trap if the machine is in system mode. LPSW (Load Processor Status Word) PSW can change the state of the CPU can also change the instruction address (PC) SPT (Set CPU Timer) can change the CPU interval timer 14

Privileged Instructions (cont ) LRW (Load Real Address) translate a virtual address, save corresponding real address in a specified GPR POPF (Pop Stack into Flags Register) replace flag register with top of memory stack interrupt-enable flag can only be modified in system mode no trap in user mode 15

Sensitive Instructions These specify instructions that interact with hardware. Control-sensitive instructions can change the configuration of system resources e.g., physical memory assigned to a program e.g., LPSW change mode of operation e.g., SPT change CPU timer value 16

Sensitive Instructions (cont ) Behavior-sensitive instructions behavior or results depend on configuration of resources e.g., LRA depends on mapping (state) of real memory resource e.g., POPF depends on mode of operation Innocuous instructions neither context-sensitive nor behaviorsensitive see Figure 8.6 17

Instruction Types Summary N o n - P r i v i l e g e d P r i v i l e g e d I n n o c u o u s B e h a v i o r - s e n s i t i v e S e n s i t i v e C o n t r o l - s e n s i t i v e S e n s i t i v e 18

Components of a VMM I n s t r u c t i o n t r a p o c c u r s T h e s e i n s t r u c t i o n s d e s i r e t o c h a n g e m a c h i n e r e s o u r c e s, e. g. L o a d R e l o c a t i o n B o u n d s R e g i s t e r D i s p a t c h e r P r i v i l e g e d I n s t r u c t i o n P r i v i l e g e d I n s t r u c t i o n P r i v i l e g e d I n s t r u c t i o n I n t e r p r e t e r R o u t i n e 1 A l l o c a t o r P r i v i l e g e d I n s t r u c t i o n I n t e r p r e t e r R o u t i n e 2 T h e s e i n s t r u c t i o n s d o n o t c h a n g e m a c h i n e r e s o u r c e s, b u t a c c e s s p r i v i l e g e d r e s o u r c e s, e. g. I N, O U T, W r i t e T L B I n t e r p r e t e r R o u t i n e n 19

Components of a VMM (2) Dispatcher control module, called on hardware traps decides the next module to be invoked Allocator decides allocation of system resources invoked by dispatcher to change machine resource allocation for VMs Interpreter routines emulates trap functionality for each user VM all traps except resource re-assignment traps 20

Properties for a True VMM Efficiency All innocuous instructions must be natively executed Resource control impossible for guest s/w to directly change system resource configurations Equivalence guaranty of identical behavior allowed exceptions performance can be slower available resources can be limited differences in performance due to changed timings 21

Requirement for True VMM For any third-generation computer, a VMM may be constructed if the set of sensitive instructions for a computer is a subset of the set of privileged instructions sensitive instructions always trap in user mode non-privileged instructions execute natively 22

Handling Privileged Instruction Privileged instruction traps in the guest OS G u e s t O S c o d e i n V M ( u s e r m o d e ) V M M c o d e ( p r i v i l e g e d m o d e ) D i s p a t c h e r P r i v i l e g e d i n s t r u c t i o n ( L P S W )...... N e x t i n s t r u c t i o n ( t a r g e t o f L P S W ) L P S W R o u t i n e : C h a n g e m o d e t o p r i v i l e g e d C h e c k p r i v i l e g e l e v e l i n V M E m u l a t e i n s t r u c t i o n C o m p u t e t a r g e t R e s t o r e m o d e t o u s e r J u m p t o t a r g e t 23

Problem Instructions Sensitive instructions that are not privileged POPF instruction in the Intel IA-32 IA-32 not virtualizable by Popek-Goldberg rules Handling problem instructions interpret all guest software scan and patch problem instructions before execution see Figure 8.11 24

Patching Problem Instructions S c a n n e r a n d P a t c h e r C o d e P a t c h f o r d i s c o v e r e d c r i t i c a l i n s t r u c t i o n C o n t r o l t r a n s f e r, e. g. t r a p V M M O r i g i n a l P r o g r a m P a t c h e d P r o g r a m 25

Patching Problem Instructions (2) VMM takes control at the head of each basic block. Scan to find problem instructions. Replace with trap to VMM. Place another trap at end of basic block. Patched basic blocks can be chained. Mostly similar to binary translation. 26

Caching Emulation Code High frequency of sensitive instructions requiring interpretation increases VMM overhead cache interpreter actions in code cache cache block containing the problem instruction Each instance of the problem instruction in the code associated with a distinct piece of cache code make code instance-specific and optimize Simpler management of cached code cached code executed in system mode 27

Resource Virtualization Memory Generalizes the concept of virtual memory Virtual memory basics application provided a logical view of memory OS manages actual real memory page tables provide logical-physical mapping TLBs cache most common mappings VMM distinguishes between real memory and physical memory VMM does real-physical memory mapping 28

VMM Memory Support VMM mechanism to virtualize memory maintain a per-vm real-map table maps real pages to physical pages VMM maintains a distinct swap space Additional indirection layer may be inefficient virtualize architected page tables virtualize architected TLB 29

Resource Virtualization I/O Virtualization of I/O is difficult large number of I/O devices each I/O device controlled in specific manner OS have to deal with similar issues Virtualization Scheme provide VMs with virtual version of a device intercept VM requests made to virtual device convert request, perform equivalent action 30

Virtualizing Devices Dedicated devices display, keyboard, mouse etc., for each user no device virtualization necessary device requests could bypass the VM Partitioned devices smaller virtual disks for each user VMM use map to translate parameters status information from the device also needs translation and reflection in the map 31

Virtualizing Devices (cont ) Shared devices network adapter, virtual network address for a VM maintain state information for each guest VM translate device outgoing/incoming requests Spooled devices shared at higher granularity, e.g., printer two-level spool tables in OS and VMM VMM schedules requests from multiple guest VMs 32

Performance Degradation Setup initialize the state of the machine Emulation sensitive instructions, maybe others Interrupt handling handling interrupts generated by the guest programs State saving save/restore state of VM during switch to VMM Book-keeping special operations to maintain equivalent behavior Time elongation some instructions may require more processing time 33

VM Assists Piece of hardware that improves performance of an application when running on a VM. May not always improve performance improve user program-vmm system-mode switches improve address translation performance VM assists can help improve performance of instruction emulation other aspects of VMM the user-mode system running as the guest specific types of guest systems 34

Instruction Emulation Assists Emulation of privileged instructions in the guest VM is a cause of fundamental overhead causes interrupt that is handled by the VMM VMM emulation depends on whether guest VM in user or system mode when instruction called Assist for LPSW on system/370 check state of guest VM provides hardware-assisted instructions to modify physical resources Depends on VM system implementation The overhead of the trap still remains eliminates overhead of emulation and mode switching 35

VMM Assists Context switch hardware to save/restore registers, machine state Decoding of privileged instructions helps certain critical parts of the emulation Virtual interval timer precise timer for all guest VMs to schedule jobs Adding to the instruction set to help commonly executed VMM parts 36

Improve Guest VM Performance Requires guest system to be VMM aware avoid duplication of functionality provide VMM with additional information (handshaking), e.g., DIAGNOSE instruction Example; non-paged mode disable dynamic address translation in guest VM no translation from virtual to real address translation from real to physical done by VMM Paravirtualization modify guest OS to work around difficult to virtualize ISA features Xen for the IA-32, eliminates code detection, patching, shadow page tables 37

Applications Implementing multiprogramming Multiple single-application virtual machines Multiple secure environments Mixed-OS environments Legacy applications Multiplatform application development Gradual migration to new system New system software development Operating system training Help desk support Operating system instrumentation Event monitoring System encapsulation and checkpointing 38

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information