OS Virtualization. CSC 456 Final Presentation Brandon D. Shroyer

Similar documents
COS 318: Operating Systems. Virtual Machine Monitors

Full and Para Virtualization

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University

Uses for Virtual Machines. Virtual Machines. There are several uses for virtual machines:

Virtualization. Pradipta De

Virtualization. Jia Rao Assistant Professor in CS

Virtualization. Jukka K. Nurminen

Chapter 5 Cloud Resource Virtualization

Virtualization. Dr. Yingwu Zhu

Cloud Computing #6 - Virtualization

Chapter 16: Virtual Machines. Operating System Concepts 9 th Edition

Virtual Machines. COMP 3361: Operating Systems I Winter

Virtualization. Explain how today s virtualization movement is actually a reinvention

COS 318: Operating Systems. Virtual Machine Monitors

Virtual machines and operating systems

Cloud Computing CS

Virtualization Technology. Zhiming Shen

Virtualization. ! Physical Hardware. ! Software. ! Isolation. ! Software Abstraction. ! Encapsulation. ! Virtualization Layer. !

Hypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits:

CS 695 Topics in Virtualization and Cloud Computing. More Introduction + Processor Virtualization

System Virtual Machines

Hypervisors and Virtual Machines

Understanding Full Virtualization, Paravirtualization, and Hardware Assist. Introduction...1 Overview of x86 Virtualization...2 CPU Virtualization...

Virtualization. Types of Interfaces

VMware and CPU Virtualization Technology. Jack Lo Sr. Director, R&D

Virtualization Technologies

Outline. Outline. Why virtualization? Why not virtualize? Today s data center. Cloud computing. Virtual resource pool

Virtualization VMware Inc. All rights reserved

The Xen of Virtualization

Microkernels, virtualization, exokernels. Tutorial 1 CSC469

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?

Jukka Ylitalo Tik TKK, April 24, 2006

VMkit A lightweight hypervisor library for Barrelfish

Survey On Hypervisors

Virtual Machines.

Introduction to Virtual Machines

COM 444 Cloud Computing

Xen and the Art of. Virtualization. Ian Pratt

Introduction to Virtualization

Knut Omang Ifi/Oracle 19 Oct, 2015

An Introduction to Virtual Machines Implementation and Applications

Basics in Energy Information (& Communication) Systems Virtualization / Virtual Machines

Hybrid Virtualization The Next Generation of XenLinux

FRONT FLYLEAF PAGE. This page has been intentionally left blank

x86 Virtualization Hardware Support Pla$orm Virtualiza.on

CS5460: Operating Systems. Lecture: Virtualization 2. Anton Burtsev March, 2013

Xen and the Art of Virtualization

Intel Virtualization Technology Overview Yu Ke

Virtualization. Clothing the Wolf in Wool. Wednesday, April 17, 13

12. Introduction to Virtual Machines

Introduction to Virtual Machines

Clouds, Virtualization and Security or Look Out Below

A Unified View of Virtual Machines

Clouds Under the Covers. Elgazzar - CISC Fall

Models For Modeling and Measuring the Performance of a Xen Virtual Server

Virtualization is set to become a key requirement

Distributed and Cloud Computing

CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies. Virtualization of Clusters and Data Centers

matasano Hardware Virtualization Rootkits Dino A. Dai Zovi

Cloud Computing. Dipl.-Wirt.-Inform. Robert Neumann

kvm: Kernel-based Virtual Machine for Linux

Chapter 14 Virtual Machines

Nested Virtualization

Virtualization Technology. Zhonghong Ou Data Communications Software Lab, Aalto University

Networked I/O for Virtual Machines

x86 ISA Modifications to support Virtual Machines

INFO5010 Advanced Topics in IT: Cloud Computing

Virtual Machines. Virtualization

Performance Profiling in a Virtualized Environment

Virtualization. P. A. Wilsey. The text highlighted in green in these slides contain external hyperlinks. 1 / 16

Virtual Machines Fact Sheet

Virtualization Concepts And Applications. Yash Jain DA-IICT (DCOM Research Group)

Virtualization. Michael Tsai 2015/06/08

nanohub.org An Overview of Virtualization Techniques

Brian Walters VMware Virtual Platform. Linux J. 1999, 63es, Article 6 (July 1999).

Virtual Computing and VMWare. Module 4

Virtualization Technologies (ENCS 691K Chapter 3)

Chapter 2 Addendum (More on Virtualization)

How do Users and Processes interact with the Operating System? Services for Processes. OS Structure with Services. Services for the OS Itself

Implementation of a Purely Hardware-assisted VMM for x86 Architecture

Virtual Servers. Virtual machines. Virtualization. Design of IBM s VM. Virtual machine systems can give everyone the OS (and hardware) that they want.

Platform Virtualization: Model, Challenges and Approaches

The Microsoft Windows Hypervisor High Level Architecture

A Survey on Virtualization Technologies

Cloud Computing. Up until now

How To Understand The Power Of A Virtual Machine Monitor (Vm) In A Linux Computer System (Or A Virtualized Computer)

Virtualization and the U2 Databases

Virtualization. Mike Kasick Glenn Willen Mike Cui. April 16, : Operating System Design & Implementation

ARM Virtualization: CPU & MMU Issues

Compromise-as-a-Service

Taming Hosted Hypervisors with (Mostly) Deprivileged Execution

Basics of Virtualisation

Optimizing Network Virtualization in Xen

Transcription:

OS Virtualization CSC 456 Final Presentation Brandon D. Shroyer

Introduction Virtualization: Providing an interface to software that maps to some underlying system. A one-to-one mapping between a guest and the host on which it runs [9, 10]. Virtualized system should be an efficient, isolated duplicate [8] of the real one. Process virtual machine just supports a process; system virtual machine supports an entire system.

Why Virtualize? Reasons for Virtualization Hardware Economy Versatility Environment Specialization Security Safe Kernel Development OS Research [12]

Process Virtualization VM interfaces with single process Application sees virtual machine as address space, registers, and instruction set [10]. Examples: Multiprogramming Emulation for binaries High-level language VMMs (e.g., JVM) Application Virtualization Layer OS Hardware

System Virtualization Application OS Virtualization Layer Hardware Classical Virtualization Application OS Virtualization Layer OS Hardware Hosted Virtualization/ Emulation

System Virtualization Interfaces with operating system OS sees VM as an actual machine memory, I/O, CPU, etc [10]. Classic virtualization: virtualization layer runs atop the hardware. Usually found on servers (Xen, VMWare ESX) Hosted or whole-system virtualization: virtualization runs on an operating system Popular for desktops (VMWare Workstation, Virtual PC)

Emulation Providing an interface to a system so that it can run on a system with a different interface [10]. Lets compiled binaries, OSes run on architectures with different ISA (binary translation) Performance usually worse than classic virtualization. Example: QEMU [11] Breaks CPU instructions into small ops, coded in C. C code is compiled into small objects on native ISA. dyngen utility runs code by dynamically stitching objects together (dynamic code generation).

Some Important Terms Virtual Machine (VM): An instance of of an operating system running on a virtualized system. Also known as a virtual or guest OS. hypervisor: The underlying virtualization system sitting between the guest OSes and the hardware. Also known as a Virtual Machine Monitor (VMM).

Requirements of a VMM Developed by Popek & Goldberg in 1974 [8]: 1. Provides environment identical to underlying hardware. 2. Most of the instructions coming from the guest OS are executed by the hardware without being modified by the VMM. 3. Resource management is handled by the VMM (this all non-cpu hardware such as memory and peripherals).

Guest OS Model Hypervisor exists as a layer between the operating systems and the hardware. Performs memory management and scheduling required to coordinate multiple operating systems. May also have a separate controlling interface. Apps Apps Apps Guest OS Guest OS Guest OS Hypervisor (Host) Hardware

Virtualization Challenges Privileged Instructions Handling architecture-imposed instruction privilege levels. Performance Requirements Holding down the cost of VMM activities. Memory Management Managing multiple address spaces efficiently. I/O Virtualization Handling I/O requests from multiple operating systems.

hardware. The functionality of the hypervisor varies greatly based on architecture and lementation. Each VMM running on the hypervisor implements the virtual machine hardware traction and is responsible for running a guest OS. Each VMM has to partition and share the, memory and I/O devices to successfully virtualize the system. Virtualizing Privileged U Virtualization Instructions x86 architecture has four privilege levels (rings). e Challenges of x86 Hardware Virtualization operating systems are designed to run directly on bare-metal hardware, The OS so assumes they naturally it will assume be they y own the computer hardware. As shown in Figure executing in Ring 0. he x86 architecture offers four levels of privilege wn as Ring 0, 1, Many 2 and system 3 to operating calls systems require and lications to manage access to the computer 0-level privileges to dware. While user level applications typically run in execute. g 3, the operating system needs to have direct ess to the memory and hardware and must execute privileged instructions in Ring 0. Virtualizing the x86 hitecture requires placing a virtualization layer under Any virtualization strategy must find a way to circumvent this. operating system (which expects to be in the st privileged Ring 0) to create and manage the ual machines that deliver shared resources. ther complicating the situation, some sensitive Figure 4 x86 privilege level architecture without virtualization Image Source: VMWare White Paper, Understanding Full Virtualization, Paravirtualization, and Hardware ructions can t Assist, effectively 2007. be virtualized as they have different semantics when they are not cuted in Ring 0. The difficulty in trapping and translating these sensitive and privileged ruction requests at runtime was the challenge that originally made x86 architecture ualization look impossible.

Full Virtualization Hardware is functionally identical to underlying architecture. [3] Typically accomplished through interpretation or binary translation. Advantage: Guest OS will run without any changes to source code. Disadvantage: Complex, usually slower than paravirtualization. Image Source: VMWare White Paper, Understanding Full Virtualization, Paravirtualization, and Hardware Assist, 2007.

Paravirtualization Replace certain unvirtualized sections of OS code with virtualization-friendly code. Virtual architecture similar but not identical to the underlying architecture. [3] Advantages: easier, lower virtualization overhead Disadvantages: requires modifications to guest OS Image Source: VMWare White Paper, Understanding Full Virtualization, Paravirtualization, and Hardware Assist, 2007.

Performance Modern VMMs based around trap-and-emulate [8]. When a guest OS executes a privileged instruction, control is passed to VMM (VMM traps on instruction), which decides how to handle instruction [8]. VMM generates instructions to handle trapped instruction (emulation). Non-privileged instructions do not trap (system stays in guest context). CPU_INST TRAP CPU_INST1 EXEC CPU_INST Guest OS VMM

Trap-and-Emulate Problems Trap-and-emulate is expensive Requires context-switch from guest OS mode to VMM. x86 is not trap-friendly Guest s CPL privilege level is visible in hardware registers; cannot change it in a way that the guest OS cannot detect [5]. Some instructions are not privileged, but access privileged systems (page tables, for example) [5].

VMWare Virtualization Full virtualization implemented through dynamic binary translation [5]. Translated code is grouped and stored in translation caches (TCs). Callout method replaces traps with stored emulation functions. In-TC emulation blocks are even more efficient. Adaptive binary translation rewrites translated blocks to minimize PTE traps [5]. Direct execution of user-space code further reduces overhead [5].

Xen Virtualization Xen occupies privilege level 0; guest OS occupies privilege level 1. OS code is modified so that high-privilege calls (hypercalls) are made to and trapped by Xen [3]. Xen traps guest OS instructions using table of exception handlers. Frequently used handlers (e.g., system calls) have special handlers that allow guest OS to bypass privilege level 0 [3]. Approach does not work with page faults. Handlers are vetted by Xen before being stored.

Hardware-Assisted Virtualization Hardware virtualization-assist released in 2006 [5]. Intel, AMD both have technologies of this type. Introduces new VMX runtime mode. Two modes: guest (for OS) and root (for VMM). Each mode has all four CPL privilege levels available [8]. Switching from guest to VMM does not require changes in privilege level. Root mode supports special VMX instructions. Virtual machine control block [5] contains control flags and state information for active guest OS. New CPU instructions for entering and exiting VMM mode. Does not support I/O virtualization.

Intel VT-X Both modes have no restrictions on privilege No need for software-based deprivileging Image Source: Smith, J. and Nair, R. Virtual Machines, Morgan Kaufmann, 2005.

Applications of VT-X Xen uses Intel VT-x to host fully-virtualized guests alongside paravirtualized guests [6]. System has root (VMM) and non-root (guest) modes, each with privilege levels 0-3. QEMU/Bochs projects provide emulations VMWare does not make use of VT technology [5]. VMWare s software-based VMMs significantly outperformed VT-X-based VMMs [5]. VT-X virtualization is trap-based, and DBT tries to eliminate traps wherever possible.

Virtualizing Memory Virtualization software must find a way to handle paging requests of operating systems, keeping each set of pages separate. Memory virtualization must not impose too much overhead, or performance and scalability will be impaired. Guest OS must each have an address space, be convinced that it has access to the entire address space. SOLUTION: most modern VMMs add an additional layer of abstraction in address space [4]. Machine Address bare hardware address. Physical Address VMM abstraction of machine address, used by guest Oses. Guest maintains virtual-to-physical page tables. VMM maintains pmap structure containing physical-to-machine page mappings.

Memory Problem virtual a physical b physical machine b c frame Page Table for Program m on VM n. Pmap structure in VMM. That s a lot of lookups!

Shadow Page Tables Shadow page tables map virtual memory to machine memory [4]. One page table maintained per guest OS. TLB caches results from shadow page tables. Shadow page tables must be kept consistent with guest pages. VMM updates shadow page tables when pmap (physical-to-machine) records are updated. VMM now has access to virtual addresses, eliminating two page table lookups.

Shadow Page Tables virtual physical physical machine virtual machine a b b c a c Page Table for Program m on VM n. Guest VMM Pmap structure in VMM. Shadow page table in VMM.

Shadow Page Table Drawbacks Updates are expensive On a write, the VMM must update the VM and the shadow page table. TLB must be flushed on world switch. TLB from other guest will be full of machine addresses that would be invalid in the new context.

Direct Access Direct access to hardware is not permitted by the Popek and Goldberg model [8]. VMWare and Xen both bend this rule, allow guests to access hardware directly in certain cases. Xen uses validated access model [3]. Fine-grained control over direct access. VMWare allows user-mode instructions to bypass BT, go straight to CPU [5]. Memory accesses are sometimes batched to minimize context switches.

Load Balancing Problem Assume VMM divides address space evenly among guests. If guest workload is not balanced, one guest could be routinely starved for memory. 2/n 1/n (n 2)/n 4/n Other guests have way more than they need. Solution: memory overcommitment

Memory Overcommitment Overcommitment: committing more total memory to guest OSes than actually exists on the system [4]. Guest memory can be adjusted according to workload. Higher-workload servers get better performance than with a simple even allocation. Requires some mechanism to reclaim memory from other guests [4]. Poor page replacement schemes can result in double paging [4]. VMM marks page for reclamation, OS immediately moves reclaimed page out of memory Most common in high memory-usage situations.

Mechanism for page reclamation. Technique to induce pageins, page-outs in a guest OS. Balloon module [4] loaded on guest OS reserves physical pages; can be expanded or contracted. Balloon inflates, guest starts releasing memory Balloon deflates, guest may start allocating pages. VMWare and Xen both support ballooning. Ballooning Image Source: Waldspurger, C. Memory Resource Management in VMware ESX Server, OSDI 2002.

I/O Virtualization Performance is critical for virtualized I/O Many I/O devices are timesensitive or require low latency [7]. Most common method: device emulation VMM presents guest OS with a virtual device [7]. Preserves security, handles concurrency, but imposes more overhead. Guest OS Guest Driver Virtual Device VMM Virtual Driver Physical Device

I/O Virtualization Problems Multiplexing How to share hardware access among multiple OSes. Switching Expense Low-level I/O functionality happens at the VMM level, requiring a context switch.

Packet Queuing Both major VMMs use an asynchronous ring buffer to store I/O descriptors. Batches I/O operations to minimize cost of world switches [7]. Sends and receives exist in same buffer. If buffer fills up, an exit is triggered [7]. Request Consumer Private pointer in Xen Response Producer Shared pointer updated by Xen Request Producer Shared pointer updated by guest OS Response Consumer Private pointer in guest OS Request queue - Descriptors queued by the VM but not yet accepted by Xen Outstanding descriptors - Descriptor slots awaiting a response from Xen Response queue - Descriptors returned by Xen in response to serviced requests Unused descriptors Figure 2: The structure of asynchronous I/O rings, which are used for data transfer between Xen and guest OSes. Figure 2 shows the structure of our I/O descriptor rings. A ring is a circular queue of descriptors allocated by a domain but accessible from withinsosp Xen. Descriptors 2003. do not directly contain I/O data; Image Source: Barham, P. et al. Xen and the Art of Virtualization, instead, I/O data buffers are allocated out-of-band by the guest OS and indirectly referenced by I/O descriptors. Access to each ring is based around two pairs of producer-consumer pointers: domains place requests on a ring, advancing a request producer pointer, and Xen removes these requests for handling, advancing an associated the timel work rou ing virtu ideal fa other sch our gene ters can b 3.3.2 Xen p and wallsince ma sor s cyc source (f vances w schedule cation pr to be add to be adj Each g time and maintain timers to ing Xen 3.3.3

I/O Rings, continued Xen Rings contain memory descriptors pointing to I/O buffer regions declared in guest address space. Guest and VMM deposit and remove messages using a producer-consumer model [2]. Xen 3.0 places device drivers on their own virtual domains, minimizing the effect of driver crashes. VMWare Ring buffer is constructed in and managed by VMM. If VMM detects a great deal of entries and exits, it starts queuing I/O requests in ring buffer [7]. Next interrupt triggers transmission of accumulated messages.

Summary Current VMM implementations provide safe, relatively efficient virtualization, albeit often at the expense of theoretical soundness [8]. The x86 architecture requires a) binary translation, b) paravirtualization, or c) hardware support to virtualize. Binary translation and instruction trapping costs are currently the largest drains on efficiency [5]. Management of memory and other resources remains a complex and expensive task in modern virtualization implementations.

References 1. Singh, A. An Introduction To Virtualization, www.kernelthread.com, 2004. 2. VMWare White Paper, Understanding Full Virtualization, Paravirtualization, and Hardware Assist, 2007. 3. Barham, P. et al. Xen and the Art of Virtualization, SOSP 2003. 4. Waldspurger, C. Memory Resource Management in VMware ESX Server, OSDI 2002. 5. Adams, K. and Agesen, O. A Comparison of Software and Hardware Techniques for x86 Virtualization, ASPLOS 2006. 6. Pratt, I. et al. Xen 3.0 and the Art of Virtualization, Linux Symposium 2005. 7. Sugerman, J. et al. Virtualizing I/O Devices on Vmware Workstation s Hosted Virtual Machine Monitor, Usenix, 2001. 8. Popek, G. and Kgoldberg, R. Formal Requirements for Virtualizable Third-Generation Architectures, Communications of the ACM, 1974. 9. Mahalingam, M. I/O Architectures for Virtualization, VMWorld, 2006. 10. Smith, J. and Nair, R. Virtual Machines, Morgan Kaufmann, 2005. 11. Bellard, F. QEMU, a Fast and Portable Translator, USENIX 2005. 12. Silberschatz, A., Galvin, P., Gagne, G. Operating System Concepts, Eighth Edition. Wiley & Sons, 2009.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information