Virtualization. Part 1 Concepts & XEN

Size: px

Start display at page:

Download "Virtualization. Part 1 Concepts & XEN"

Eugenia Stephens
6 years ago
Views:

1 Part 1 Concepts & XEN

2 Concepts References and Sources James Smith, Ravi Nair, The Architectures of Virtual Machines, IEEE Computer, May 2005, pp Mendel Rosenblum, Tal Garfinkel, Virtual Machine Monitors: Current Technology and Future Trends, IEEE Computer, May 2005, pp L.H. Seawright, R.A. MacKinnon, VM/370 a study of multiplicity and usefulness, IBM Systems Journal, vol. 18, no. 1, 1979, pp S.T. King, G.W. Dunlap, P.M. Chen, Operating System Support for Virtual Machines, Proceedings of the 2003 USENIX Technical Conference, June 9-14, 2003, San Antonio TX, pp A. Whitaker, R.S. Cox, M. Shaw, S.D. Gribble, Rethinking the Design of Virtual Machine Monitors, IEEE Computer, May 2005, pp G.J. Popek, and R.P. Goldberg, Formal requirements for virtualizable third generation architectures, CACM, vol. 17 no. 7, 1974, pp

3 Virtualization Definitions A layer mapping its visible interface and resources onto the interface and resources of the underlying layer or system on which it is implemented Purposes Abstraction to simplify the use of the underlying resource (e.g., by removing details of the resource s structure) Replication to create multiple instances of the resource (e.g., to simplify management or allocation) Isolation to separate the uses which clients make of the underlying resources (e.g., to improve security) Virtual Machine Monitor (VMM) A virtualization system that partitions a single physical machine into multiple virtual machines. Terminology Host the machine and/or software on which the VMM is implemented Guest the OS which executes under the control of the VMM 3

4 Origins - Principles an efficient, isolated duplicate of the real machine Efficiency Innocuous instructions should execute directly on the hardware Resource control Equivalence Executed programs may not affect the system resources The behavior of a program executing under the VMM should be the same as if the program were executed directly on the hardware (except possibly for timing and resource availability) Communications of the ACM, vol 17, no 7, 1974, pp

5 Origins - Principles Instruction types Privileged an instruction traps in unprivileged (user) mode but not in privileged (supervisor) mode. Sensitive Control sensitive attempts to change the memory allocation or privilege mode Behavior sensitive Location sensitive execution behavior depends on location in memory Mode sensitive execution behavior depends on the privilege mode Innocuous an instruction that is not sensitive Theorem For any conventional third generation computer, a virtual machine monitor may be constructed if the set of sensitive instructions for that computer is a subset of the set of privileged instructions. Signficance The IA-32/x86 architecture is not virtualizable. 5

Origins - Technology IBM Systems Journal, vol. 18, no. 1, 1979, pp. 4-17.

6 Origins - Technology IBM Systems Journal, vol. 18, no. 1, 1979, pp Concurrent execution of multiple production operating systems Testing and development of experimental systems Adoption of new systems with continued use of legacy systems Ability to accommodate applications requiring special-purpose OS Introduced notions of handshake and virtual-equals-real mode to allow sharing of resource control information with CP Leveraged ability to co-design hardware, VMM, and guestos 6

VMMs Rediscovered Application Guest OS Virtual Machine Application Guest OS Virtual Machine

server sprawl ) Compatible with evolving multi-core architectures Simplifies software

data-center management and efficiency Additional services (workload isolation) added

7 VMMs Rediscovered Application Guest OS Virtual Machine Application Guest OS Virtual Machine Application Guest OS Virtual Machine VMM Real Machine Server/workload consolidation (reduces server sprawl ) Compatible with evolving multi-core architectures Simplifies software distributions for complex environments Whole system (workload) migration Improved data-center management and efficiency Additional services (workload isolation) added underneath the OS security (intrusion detection, sandboxing, ) fault-tolerance (checkpointing, roll-back/recovery) 7

8 Architecture & Interfaces Virtualization Architecture: formal specification of a system s interface and the logical behavior of its visible resources. API Applications ABI Libraries Operating System System Calls ISA System ISA User ISA Hardware API application binary interface ABI application binary interface ISA instruction set architecture 8

9 VMM Types System Provides ABI interface Efficient execution Can add OS-independent services (e.g., migration, intrustion detection) Process Provdes API interface Easier installation Leverage OS services (e.g., device drivers) Execution overhead (possibly mitigated by justin-time compilation) 9

Example: VMWare Paravirtualization OS modified to execute under VMM Requires porting OS

10 System-level Design Approaches Full virtualization (direct execution) Exact hardware exposed to OS Efficient execution OS runs unchanged Requires a virtualizable architecture Example: VMWare Paravirtualization OS modified to execute under VMM Requires porting OS code Execution overhead Necessary for some (popular) architectures (e.g., x86) Examples: Xen, Denali 10

11 Design Space (level vs. ISA) Virtualization API interface ABI interface Variety of techniques and approaches available Critical technology space highlighted 11

12 System VMMs Type 1 Structure Type 1: runs directly on host hardware Type 2: runs on HostOS Primary goals Examples Type 1: High performance Type 2: Ease of construction/installation/acceptability Type 1: VMWare ESX Server, Xen, OS/370 Type 2: User-mode Linux Type 2 12

Hosted VMMs Structure Goals Hybrid between Type1 and Type2 Core VMM executes directly on hardware I/O services provided by code running on HostOS Improve performance overall

13 Hosted VMMs Structure Goals Hybrid between Type1 and Type2 Core VMM executes directly on hardware I/O services provided by code running on HostOS Improve performance overall leverages I/O device support on the HostOS Disadvantages Incurs overhead on I/O operations Lacks performance isolation and performance guarantees Example: VMWare (Workstation) 13

14 Whole-system VMMs Challenge: GuestOS ISA differs from HostOS ISA Requires full emulation of GuestOS and its applications Example: VirtualPC 14

15 Strategies GuestOS trap resource privileged instruction De-privileging VMM emulates the effect on system/hardware resources of privileged instructions whose execution traps into the VMM aka trap-and-emulate Typically achieved by running GuestOS at a lower hardware priority level than the VMM Problematic on some architectures where privileged instructions do not trap when executed at deprivileged priority change emulate change vmm resource Primary/shadow structures VMM maintains shadow copies of critical structures whose primary versions are manipulated by the GuestOS e.g., page tables Primary copies needed to insure correct environment visible to GuestOS Memory traces Controlling access to memory so that the shadow and primary structure remain coherent Common strategy: write-protect primary copies so that update operations cause page faults which can be caught, interpreted, and emulated. 15

16 Virtualizing the IA-32 (x86) architecture Architecture has protection rings 0..3 with OS normally in ring 0 and applications in ring 3 and VMM must run in ring 0 to maintain its integrity and control but GuestOS not running in ring 0 is problematic: Some privileged instructions execute only in ring 0 but do not fault when executed outside ring 0 (remember privileged vs. sensitive?) instructions for low latency system calls (SYSENTER/SYSEXIT) always transition to ring 0 forcing the VMM into unwanted emulation or overhead For the Itanium architecture, interrupt registers only accessible in ring 0; forcing VMM to intercept each device driver access to these registers has severe performance consequences Masking interrupts can only be done in ring 0 Ring compression: paging does not distinguish privilege levels 0-2, GuestOS must run in ring 3 but is then not protected from its applications also running in ring 3 Cannot be used for 64-bit guests on IA-32 The fact that it is not running in ring 0 can be detected (is this important?) 16

17 VMM machine Memory Management OS physical process virtual entity address space VMM shadow page tables GuestOS page tables Isolation/protection of Guest OS address spaces Efficient MM address translation 17

18 XEN: paravirtualization Computer Laboratory References and Sources Paul Barham, et.al., Xen and the Art of Virtualization, Symposium on Operating Systems Principles 2003 (SOSP 03), October 19-22, 2003, Bolton Landing, New York. Presentation by Ian Pratt available at 18

Xen - Structure Employs paravirtualization strategy Deals with machine architectures that cannot be virtualized Requires modifications to guest OS Allows optimizations

19 Xen - Structure Employs paravirtualization strategy Deals with machine architectures that cannot be virtualized Requires modifications to guest OS Allows optimizations Domain 0 has special access to control interface for platform management Has back-end device drivers Xen VMM entirely event driven no internal threads Xen 3.0 Architecture 19

20 MMU Virtualizion : Shadow-Mode guest reads Virtual physical guest writes Accessed & dirty bits Updates Guest OS Virtual Machine MMU VMM Hardware 20

21 guest reads Virtualization MMU Virtualization : Direct-Mode guest writes Virtual Machine Guest OS MMU Xen VMM Hardware 21

22 Queued Update Interface (Xen 1.2) guest reads guest writes Virtual Machine Guest OS validation MMU Xen VMM Hardware 22

23 Writeable Page Tables : 1 write fault guest reads first guest write Virtual Machine Guest OS page fault MMU Xen VMM Hardware 23

24 Writeable Page Tables : 2 - Unhook guest reads guest writes X Virtual Machine Guest OS MMU Xen VMM Hardware 24

25 Writeable Page Tables : 3 - First Use guest reads guest writes X Virtual Machine Guest OS page fault MMU Xen VMM Hardware 25

26 Writeable Page Tables : 4 Re-hook guest reads guest writes Virtual Machine Guest OS validate MMU Xen VMM Hardware 26

Safe hardware interfaces I/O Spaces I/O Restricts access to I/O registers Isolated Device Drive Driver isolated from VMM in its own domain (i.e., VM) Communication between domains via device channels Unified interfaces Virtualization Common interface for group of similar devices Exposes raw device interface (e.

27 Safe hardware interfaces I/O Spaces I/O Restricts access to I/O registers Isolated Device Drive Driver isolated from VMM in its own domain (i.e., VM) Communication between domains via device channels Unified interfaces Virtualization Common interface for group of similar devices Exposes raw device interface (e.g., for specialized devices like sound/video) Separate request/response from event notification I/O descriptor rings Used to communicate I/O requests and responses For bulk data transfer devices (DMA, network), buffer space allocated out of band by GuestOS Descriptor contains unique identifier to allow out of order processing Multiple requests can be added before hypercall made to begin processing Event notification can be masked by GuestOS for its convenience 27

28 Device Channels Connects front end device drivers in GuestOS with native device driver Is an I/O descriptor ring Buffer page(s) allocated by GuestOS and granted to Xen Buffer page(s) is/are pinned to prevent page-out during I/O operation Pinning allows zero-copy data transfer 28

29 System Performance L X V U L X V U SPEC INT2000 (score) Linux build time (s) L X V U OSDB-OLTP (tup/s) L X V U SPEC WEB99 (score) Benchmark suite running on Linux (L), Xen (X), VMware Workstation (V), and UML (U) Benchmark suites Spec INT200: compute intensive workload Linux build time: extensive file I/O, scheduling, memory management OSBD-OLTP: transaction processing workload, extensive synchronous disk I/O Spec WEB99: web-like workload (file and network traffic) Fair comparison? 29

I/O Peformance Systems Benchmarks L: Linux IO-S: Xen using IO-Space access IDD: Xen using isolated device driver Linux build time: file I/O, scheduling, memory management PM: file

30 I/O Peformance Systems Benchmarks L: Linux IO-S: Xen using IO-Space access IDD: Xen using isolated device driver Linux build time: file I/O, scheduling, memory management PM: file system benchmark OSDB-OLTP: transaction processing workload, extensive synchronous disk I/O httperf: static document retrievel SpecWeb99: web-like workload (file and network traffic) 30

Concepts. Virtualization

Concepts. Virtualization Concepts Virtualization Concepts References and Sources James Smith, Ravi Nair, The Architectures of Virtual Machines, IEEE Computer, May 2005, pp. 32-38. Mendel Rosenblum, Tal Garfinkel, Virtual Machine