Virtualization Technique Virtualization Technique System Virtualization I/O Virtualization.
Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full...
-
Upload
duane-shields -
Category
Documents
-
view
217 -
download
0
Transcript of Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full...
1
Lecture 12 Virtualization Overview
Dec. 1, 2015Prof. Kyu Ho Park
“Understanding Full Virtualization, Paravirtualization, and Hardware Assist”,White paper, VMware.
2
Physical Hardware Processors, memory,
chipset, I/O bus and de-vices, etc.
Software Tightly coupled to hardware Single active OS image OS controls hardware
Starting Point : A Physical Machine
3
Hardware-level Abstraction Virtual Hardware : processors,
memory, chipset, I/O devices, etc.
Virtualization Software Extra level of indirection decou-
ples hardware and OS Multiplexes physical hardware
across multiple “guest” VMs Strong isolation between VMs Manages physical resources, im-
proves utilization
Virtual Machine“An efficient, isolated, duplicate of the real machine”
4
Consolidation High resource utilization
Isolation Performance isolation Fault containment
Live migration Easy management & deployment
Why Virtualization?
5
Virtual machines abstracted using a layer at dif-ferent places
System Virtualization alter-natives
6
Classical Techniques Instruction : Trap & Emulate Memory : Shadow Page Table
Full-virtualization Interpretation & code patching Binary Translation
Para-virtualization Hardware-assisted x86 VMM
Processor/Memory Virtualization Overview
7
CPU implements 4 privilege levels or “rings” 0 through 3
Two CPU execution modes divided into supervisor (0) and user mode (3)
Privilege - x86 Protection Ring
8
Native Execution Privileged kernels calls run in ring 0 Applications / userspace run in ring 3
Part of the CPU ISA only accessible by “supervi-sor” code
Virtualizing the x86 Archi-tecture
9
Virtualized Execution Hypervisor must run in ring 0 Virtual machines run in ring 3
Problem: The operating system kernel tries to run privileged “ring
0” instructions. This will cause a machine fault
Virtualizing the x86 Archi-tecture
Full Virtualization using Binary Translation
OS Assisted Virtualization or Paravirtualization
Hardware Assisted Virtualiza-tion
13
Creates entire virtual machines with emulated H/W Appears to the operating system to be generic hardware Includes virtual BIOS, Network cards, Storage controllers,
etc. No modifications to guest OS Requires “Ring compression” or “de-privileging”
Advantages “Guest” unaware of virtualization – runs unmodified OS
Disadvantages Performance - using software to emulate hardware com-
ponents Complexity – Support and maintenance issues
Examples: VMware ESX, ESXi
Full virtualization – software based
14
Interpretation Problem – too inefficient x86 decoding slow
Code Patching Problem – not transparent Guest can inspect its own code
Binary Translation (BT) Approach pioneered by VMware Run any unmodified x86 OS in VM
Methods to virtualize x86
15
Interpret all instructions
Example
Interpretation
While(1) { inst = mem[PC]; // fetch if(inst == add) { // decode // execute reg[inst.reg1]=reg[inst.reg2] + reg[inst.reg3]; PC++; }} // repeat
16
1. Scan Guest OS2. find problem instructions3. Replace with jump to VMM
Code Patching
17
“Binary translate” all guest kernel code, run it unprivileged Since x86 has non-virtualizable instructions, proactively
transfer control to the VMM (no need for traps) Safe instructions are emitted without change For “unsafe” instructions, emit a controlled emulation
sequence Use VMM translation cache for good performance
Binary Translation
18
For each translator invocation Consume a basic block (BB) Produce a compiled code frag-
ment (CCF)
Store CCF in Translation Cache Future reuse Capture working set of guest
kernel Amortize translation costs Not “patching in place”
Binary Translation mecha-nism
19
Binary Translation Example
20
1. Scan guest OS2. “translate” into code cache3. Find problem instructions4. Replace with jump to VMM
Binary Translation – Code caching
21
Modifies the guest operating system to be “virtu-alization aware”
Replaces privileged instructions in guest kernel Guest operating system “cooperates” with hypervisor Operating systems “talks” to the hypervisor directly in-
stead of emulation layer
Para-virtualization
22
Advantages High performance – near native speeds Cooperating with hypervisor leads to improved IO and
resource scheduling
Disadvantages Requires changes to the guest operating system that
only the OS vendor can perform Run a different kernel for virtual machines
Para-virtualization
23
Known as hardware virtualization x86 extension to support virtualization Enables classical trap-and-emulate VMMs while avoiding BT Intel VT-x, aka “Vanderpool Technology” AMD AMD-V, aka “Pacifica”
Case Study : Intel VT-x New VMX mode
Two privilege levels : root and non-root Root level
Similar to conventional x86 Add new VMX instructions VMM runs in root level
Non-root level Limited control of resources Including when in ring 0 Guest OS + apps runs in non-root level
Hardware-assisted VMM
24
VT-x Capabilities Root mode eliminates need to run all guest code in user
mode VMM runs in root mode For code regions with no critical instructions, HW is as effi-
cient as normal machine VM-x HW maps state-holding data elements directly to
native structures during VM execution VMCS (virtual machine control structure) encapsulates VM
state HW implementation can take over loading and unloading
state No need for VMM to perform load/stores of state info.
Eliminates the need for para-virtualization Allows standard versions of OSes to be used as guests The vmcall instruction can be used to pass hints and data
to the VMM if desired
Hardware-assisted VMM
25
Summary of virtualization technique