CS 695 Topics in Virtualization and Cloud Computing More Introduction + Processor Virtualization (source for all images: Virtual Machines: Versatile Platforms for Systems and Processes Morgan Kaufmann; 1 st edition (June 3, 2005)
Process vs. System view of machine ABI application binary interface ISA instruction set architecture
Process Virtual Machine
System Virtual Machine
Virtual Machine Applications
System VM benefits Single application containers---reliability, isolation, security Mixed OS environments (legacy apps) Multi-platform application development Software testing and debugging Version transitioning Event monitoring and checkpointing Record-replay, migration of machines IaaS
Scope of course (revisited) How to provide system-level virtualization? Common problems/approaches Specific techniques/optimizations Assuming VMs exist (and can be flexed)... How to exploit/use them to meet IaaS requirements?
Key VMM responsibilities State management Switch VMs Resource control VM has access to resources when scheduled cpu, memory region etc. VMM owns & controls all resources VMM is required to control/arbitrate hardware resources
Ex.1 : Process virtual memory example
VA to RA conversion Each process provided with a (virtual) linear address space Translation via a system call Number of page tables? When process switches what happens?
Ex.2 : The interval time interval timer OS (privileged) resource Set value to timer (register) when process scheduled Timer ticks to zero (time to deschedule process) Interrupt on regs value zero OS handles interrupt, schedules (new) process How to manage interval timer with VMs? Should OS of VM be able to read/write interval timer? Write Read
Processor Virtualization Different ISAs of guest and host Emulation Binary translation Same ISAs of guest and host Direct native execution In all cases?
Virtualizability properties Popek & Goldberg (1974) VMM should satisfy following properties 1. Efficiency Innocuous instructions natively executed 2. Resource control No direct control on physical resources for guest 3. Equivalence Identical behavior on native and virtual environments Performance and resource availability exceptions
Modes of execution User mode Guest OS VMM Privileged mode (System mode) VMM
Types of instructions Privileged instructions Reduced functionality or no-permissions in user mode Generate trap when executed in user mode E.g., LPSW (load processor status word from memory location) Set CPU mode, PC etc. SPT (set cpu timer) LRA (load real address) POPF (pop stack into eflags register)
Types of instructions What should be condition on guest VMs?
Does this satisfy G&P conditions?
Does this satisfy G&P conditions? Theorem 1: VMM can be constructed if, sensitive subset of priviliged Theorem 2: VMM is virtualizable VMM w/o timing dependencies
What about problem cases? Sensitive but unprivileged instructions Critical instructions 1. popf, pushf no-op for interrupt enable/disable in user mode sensitive instruction 2. %cs register Expose CPL to process (Guest OS in ring 3) 3. lar, lsl Load access rights, load segment limits Answer depends on privilege level Guest OS is at ring 3! Instruction execution depends on mode/ring# and do not trap on execution
Handling Criticial instructions Scan and patch Paravirtualization Replace criticial instructions with new 'safe' versions New ISA exported by VMM Guest OS needs to re-implement/re-compile Hardware-assisted virtualization AMD-V, VT-X Root and non-root modes Configure exit conditions (more on this in the kvm discussion)
Resource virtualization - Memory What do Guest VMs expect? A linear memory address space Real addressable area, staring from 0x00000000 Memory for processes Virtual memory (and paging)
Paging on Native Systems cr3 page directory page table page
Paging on Native Systems source: Understanding the Linux kernel, O'Reilly Publication
Resource virtualization - Memory What do Guest VMs expect? A linear memory address space Real addressable area, staring from 0x00000000 Memory for processes Virtual memory (and paging) How to virtualize memory to meet these requirements?
Terminology guest virtual address gfn : guest frame number pseudo-physical address pfn : physical frame number machine address mfn : machine frame number
(Two-level) translation Virtual address of process in guest VM needs a real physical address Guest virtual address v2p Pseudo-physical address p2m Machine address Guest OS VMM
Direct Mapping source: Selective Hardware/Software Memory Virtualization, VEE 2011
Shadow Paging source: Selective Hardware/Software Memory Virtualization, VEE 2011
Hardware-assisted source: Selective Hardware/Software Memory Virtualization, VEE 2011
Memory virtualization performance (1) source: Selective Hardware/Software Memory Virtualization, VEE 2011
Memory virtualization performance (2) source: Selective Hardware/Software Memory Virtualization, VEE 2011
What about the TLB? Translation lookaside buffer v2m mapping in cache When is TLB flushed? Virtualizing the TLB
Next class [kvm] Next week [kvm] [xen]