Virtual Machine Monitors (VMMs) are a hot topic in

Similar documents
CSE 120 Principles of Operating Systems

Virtual Machine Monitors!

Advanced Operating Systems (CS 202) Virtualization

CS 571 Operating Systems. Final Review. Angelos Stavrou, George Mason University

24-vm.txt Mon Nov 21 22:13: Notes on Virtual Machines , Fall 2011 Carnegie Mellon University Randal E. Bryant.

CS 350 Winter 2011 Current Topics: Virtual Machines + Solid State Drives

Module 1: Virtualization. Types of Interfaces

Lecture 7. Xen and the Art of Virtualization. Paul Braham, Boris Dragovic, Keir Fraser et al. 16 November, Advanced Operating Systems

Background. IBM sold expensive mainframes to large organizations. Monitor sits between one or more OSes and HW

Virtualization. Starting Point: A Physical Machine. What is a Virtual Machine? Virtualization Properties. Types of Virtualization

Virtualization. ! Physical Hardware Processors, memory, chipset, I/O devices, etc. Resources often grossly underutilized

CS370: Operating Systems [Spring 2017] Dept. Of Computer Science, Colorado State University

Virtualization. Operating Systems, 2016, Meni Adler, Danny Hendler & Amnon Meisels

COS 318: Operating Systems. Virtual Machine Monitors

COMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy

references Virtualization services Topics Virtualization

Virtualization. Pradipta De

CHAPTER 16 - VIRTUAL MACHINES

Xen and the Art of Virtualization. CSE-291 (Cloud Computing) Fall 2016

Operating Systems 4/27/2015

Virtualization and memory hierarchy

Spring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand

OS Virtualization. Why Virtualize? Introduction. Virtualization Basics 12/10/2012. Motivation. Types of Virtualization.

Multiprocessor Scheduling. Multiprocessor Scheduling

Xen and the Art of Virtualization. Nikola Gvozdiev Georgian Mihaila

Virtual Machines. Jinkyu Jeong Computer Systems Laboratory Sungkyunkwan University

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?

Chapter 5 C. Virtual machines

Advanced Systems Security: Virtual Machine Systems

Virtual Machines. Part 2: starting 19 years ago. Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.

CSCE 410/611: Virtualization!

Portland State University ECE 587/687. Virtual Memory and Virtualization

Linux and Xen. Andrea Sarro. andrea.sarro(at)quadrics.it. Linux Kernel Hacking Free Course IV Edition

Virtual Virtual Memory


The Architecture of Virtual Machines Lecture for the Embedded Systems Course CSD, University of Crete (April 29, 2014)

CSC 5930/9010 Cloud S & P: Virtualization

Virtualization. Dr. Yingwu Zhu

CHAPTER 16 - VIRTUAL MACHINES

VIRTUALIZATION: IBM VM/370 AND XEN

Virtual Machines Disco and Xen (Lecture 10, cs262a) Ion Stoica & Ali Ghodsi UC Berkeley February 26, 2018

Virtual Memory. Lecture for CPSC 5155 Edward Bosworth, Ph.D. Computer Science Department Columbus State University

Introduction to Virtual Machines. Carl Waldspurger (SB SM 89 PhD 95) VMware R&D

Lecture 5: February 3

CSCE 410/611: Virtualization

Knut Omang Ifi/Oracle 6 Nov, 2017

Virtual Machines. To do. q VM over time q Implementation methods q Hardware features supporting VM q Next time: Midterm?

Virtual Leverage: Server Consolidation in Open Source Environments. Margaret Lewis Commercial Software Strategist AMD

Overview of System Virtualization: The most powerful platform for program analysis and system security. Zhiqiang Lin

CS 5600 Computer Systems. Lecture 11: Virtual Machine Monitors

Virtualization. Virtualization

Nested Virtualization and Server Consolidation

Virtualization and Virtual Machines. CS522 Principles of Computer Systems Dr. Edouard Bugnion

Chapter 5 B. Large and Fast: Exploiting Memory Hierarchy

Virtualization. Adam Belay

The Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36

Virtual Machine Security

Cloud Computing Virtualization

Introduction to Cloud Computing and Virtualization. Mayank Mishra Sujesha Sudevalayam PhD Students CSE, IIT Bombay

VMWARE TUNING BEST PRACTICES FOR SANS, SERVER, AND NETWORKS

CS370 Operating Systems

System Virtual Machines

Unit 5: Distributed, Real-Time, and Multimedia Systems

CSE 120 Principles of Operating Systems

Darek Mihocka, Emulators.com Stanislav Shwartsman, Intel Corp. June

Learning Outcomes. Extended OS. Observations Operating systems provide well defined interfaces. Virtual Machines. Interface Levels

Server Virtualization Approaches

Xen and the Art of Virtualization

I, J A[I][J] / /4 8000/ I, J A(J, I) Chapter 5 Solutions S-3.

Performance Aspects of x86 Virtualization

Virtualization, Xen and Denali

Background. IBM sold expensive mainframes to large organiza<ons. Monitor sits between one or more OSes and HW

We ve seen lots of examples of virtualization. This is another: a virtual machine monitor. A VMM virtualizes an entire hardware machine.

System Virtual Machines

CSE 351. Virtual Memory

Advanced Systems Security: Virtual Machine Systems

DISCO and Virtualization

CS 550 Operating Systems Spring Introduction to Virtual Machines

Virtualization with XEN. Trusted Computing CS599 Spring 2007 Arun Viswanathan University of Southern California

CS5460: Operating Systems. Lecture: Virtualization. Anton Burtsev March, 2013

Virtualization. Michael Tsai 2018/4/16

Pacifica Next Generation Architecture for Efficient Virtual Machines

Virtual machine architecture and KVM analysis D 陳彥霖 B 郭宗倫

CSE 120 Principles of Operating Systems Spring 2017

CS 152 Computer Architecture and Engineering

CprE Virtualization. Dr. Yong Guan. Department of Electrical and Computer Engineering & Information Assurance Center Iowa State University

CS533 Concepts of Operating Systems. Jonathan Walpole

CSE543 - Computer and Network Security Module: Virtualization

Chapter 5 (Part II) Large and Fast: Exploiting Memory Hierarchy. Baback Izadi Division of Engineering Programs

Intel Virtualization Technology Roadmap and VT-d Support in Xen

What is KVM? KVM patch. Modern hypervisors must do many things that are already done by OSs Scheduler, Memory management, I/O stacks

Concepts. Virtualization

Background. IBM sold expensive mainframes to large organiza<ons. Monitor sits between one or more OSes and HW

A Survey on Virtualization Technologies

1 Virtualization Recap

CSE 237B Fall 2009 Virtualization, Security and RTOS. Rajesh Gupta Computer Science and Engineering University of California, San Diego.

Virtual Memory. Patterson & Hennessey Chapter 5 ELEC 5200/6200 1

for Kerrighed? February 1 st 2008 Kerrighed Summit, Paris Erich Focht NEC

CSE543 - Computer and Network Security Module: Virtualization

CSE543 - Computer and Network Security Module: Virtualization

Transcription:

CSE 120 Principles of Operating Systems Winter 2007 Lecture 16: Virtual Machine Monitors Keith Marzullo and Geoffrey M. Voelker Virtual Machine Monitors Virtual Machine Monitors (VMMs) are a hot topic in industry and academia Industry commitment» Software: VMware, Xen, Microsoft Virtual PC» Hardware: Intel VT, AMD-V If Intel and AMD add it to their chips, you know it s serious Academia: lots of VMM-based projects and papers An old idea, actually: developed by IBM in 60s and 70s Today What is it, what problems have to be solved, how to solve them Survey some virtualization systems Briefly outline cool things you can do with virtualization 2 1

What is a VMM? We have seen that an OS already virtualizes Syscalls, processes, virtual memory, file system, sockets, etc. Applications program to this interface A VMM virtualizes an entire physical machine Interface supported is the hardware» OS defines a higher-level interface VMM provides the illusion that software has full control over the hardware (of course, VMM is in control) VMM applications run in virtual machines (c.f., OS processes) Implications You can boot an operating system in a virtual machine Run multiple instances of an OS on same physical machine Run different OSes simultaneously on the same machine» Linux on Windows, Windows on Mac, etc. 3 Why in tarnation would you do such a crazy thing? Resource utilization Machines today are powerful, want to multiplex their hardware» e.g., ISP hosting can divvy up a physical machine to customers Can migrate VMs from one machine to another without shutdown Software use and development Can run multiple OSes simultaneously» No need to dual boot Can do system (e.g., OS) development at user-level Many other cool applications Debugging, emulation, security, speculation, fault tolerance Common theme is manipulating applications/services at the granularity of a machine Specific version of OS, libraries, applications, etc., as package 4 2

VMM Requirements Fidelity OSes and applications work the same without modification» (although we may modify the OS a bit) Isolation VMM protects resources and VMs from each other Performance VMM is another layer of software and therefore overhead» As with OS, want to minimize this overhead VMware:» CPU-intensive apps: 2-10% overhead» I/O-intensive apps: 25-60% overhead 5 Rough VMM Model VMM runs with privilege OS in VM runs at lesser privilege (think user-level) VMM multiplexes resources among VMs Want to run OS code in a VM directly on CPU Think in terms of making the OS a user-level process What OS code can run directly, what will cause problems? Ideally, want privileged instructions to trap Exception vectors to VMM, it emulates operation, returns Nothing modified, running unprivileged is transparant Known as trap-and-emulate Unfortunately on architectures like x86, not so easy 6 3

Virtualizing the x86 Ease of virtualization influenced by the architecture x86 is perhaps the last architecture you would choose But it s what everyone uses, so that s what we deal with Issues Unvirtualizable events» popf does not trap when it cannot modify system flags Hardware-managed TLB» VMM cannot easily interpose on a TLB miss (more in a bit) Untagged TLB» Have to flush on context switches (just a performance issue) Why Intel and AMD have added virtualization support 7 Xen Uses paravirtualization Fancy word for we have to modify & recompile the OS Since you re modifying the OS, make life easy for yourself Create a VMM interface to minimize porting and overhead Xen hypervisor (VMM) implements interface VMM runs at privilege, VMs (domains) run unprivileged Trusted OS (Linux) runs in own domain (Domain0)» Use Domain0 to manage system, operate devices, etc. Most recent version of Xen does not require OS mods Because of Intel/AMD hardware support Commercialized via XenSource, but also open source 8 4

Xen Architecture 9 VMware VMware workstation uses hosted model VMM runs unprivileged, installed on base OS Relies upon base OS for device functionality VMware ESX server uses hypervisor model Similar to Xen, but no guest domain/os VMware uses software virtualization Dynamic binary rewriting translates code executed in VM» Rewrite privileged instructions with emulation code (may trap) CPU only executes translated code Think JIT compilation for JVM, but» full binary x86 IR code safe subset of x86 Incurs overhead, but can be well-tuned (small % hit) 10 5

VMware Hosted Architecture 11 What needs to be virtualized? Exactly what you would expect CPU Events (exceptions and interrupts) Memory I/O devices Isn t this just duplicating OS functionality in a VMM? Yes and no Approaches will be similar to what we do with OSes» Simpler in functionality, though (VMM much smaller than OS) But implements a different abstraction» Hardware interface vs. OS interface 12 6

Virtualizing Privileged Insts OSes can no longer successfully execute privileged instructions Virtual memory registers, interrupts, I/O, halt, etc. For those instructions that cause an exception Trap to VMM, take care of business, return to OS in VM For those that do not Xen: modify OS to hypervisor call into VMM VMware: rewrite OS instructions to emulate or call into VMM 13 Virtualizing the CPU VMM needs to multiplex VMs on CPU How? Just as you would expect Timeslice the VMs Each VM will timeslice its OS/applications during its quantum Typically relatively simple scheduler Round robin, work-conserving (give unused quantum to other VMs) 14 7

Virtualizing Events VMM receives interrupts, exceptions Needs to vector to appropriate VM Xen: modify OS to use virtual interrupt register, event queue VMware: craft appropriate handler invocation, emulate event registers 15 Virtualizing I/O OSes can no longer interact directly with I/O devices Xen: modify OS to use low-level level I/O interface (hybrid) Define generic devices with simple interface» Virtual disk, virtual NIC, etc. Ring buffer of control descriptors, pass pages back and forth Handoff to trusted domain running OS with real drivers VMware: VMM supports generic devices (hosted) E.g., AMD Lance chipset/pcnet Ethernet device Load driver into OS in VM, OS uses it normally Driver knows about VMM, cooperates to pass the buck to a real device driver (e.g., on underlying host OS) VMware ESX Server: drivers run in VMM (hypervisor) 16 8

Virtualized I/O Models Abramson et al., Intel Virtualization Technology for Directed I/O, Intel Technology Journal, 10(3) 2006 17 Virtualizing Memory OSes assume they have full control over memory Managing g it: OS assumes it owns it all Mapping it: OS assumes it can map any virtual page to any physical page But VMM partitions memory among VMs VMM needs to assign hardware pages to VMs VMM needs to control mappings for isolation» Cannot allow an OS to map a virtual page to any hardware page» OS can only map to a hardware page given to it by the VMM Hardware-managed TLBs make this difficult When the TLB misses, the hardware automatically walks the page tables in memory As a result, VMM needs to control access by OS to page tables 18 9

Xen Paravirtualization Xen uses the page tables that an OS creates These page tables are used directly by hardware MMU Xen validates all updates to page tables by OS OS can read page tables without modification But Xen needs to check all PTE writes to ensure that the virtual-to-physical mapping is valid» That the OS owns the physical page being used in the PTE Modify OS to hypervisor call into Xen when updating PTEs» Batch updates to reduce overhead Page tables work the same as before, but OS is constrained to only map to the physical pages it owns Works fine if you can modify the OS. If you can t 19 Shadow Page Tables Three abstractions of memory Machine: actual hardware memory» 2 GB of DRAM Physical: abstraction of hardware memory managed by OS» If a VMM allocates 512 MB to a VM, the OS thinks the computer has 512 MB of contiguous physical memory» (Underlying machine memory may be discontiguous) Virtual: virtual address spaces you know and love» Standard 2 32 address space In each VM, OS creates and manages page tables for its virtual address spaces without modification But these page tables are not used by the MMU hardware 20 10

Shadow Page Tables (2) VMM creates and manages page tables that map virtual pages directly to machine pages These tables are loaded into the MMU on a context switch VMM page tables are the shadow page tables VMM needs to keep its VM tables consistent with changes made by OS to its VP tables VMM maps OS page tables as read only When OS writes to page tables, trap to VMM VMM applies write to shadow table and OS table, returns Also known as memory tracing Again, more overhead 21 Shadow Page Tables (3) 22 11

Memory Allocation VMMs tend to have simple hardware memory allocation policies Static: VM gets 512 MB of hardware memory for life No dynamic adjustment based on load» OSes not designed to handle changes in physical memory No swapping to disk More sophistication: Overcommit with balloon driver Balloon driver runs inside OS to consume hardware pages» Steals from virtual memory and file buffer cache (balloon grows) Gives hardware pages to other VMs (those balloons shrink) Identify identical physical pages (e.g., all zeroes) Map those pages copy-on-write across VMs 23 Hardware Support Intel and AMD implement virtualization support in their latest x86 chips (Intel VT-x, AMD-V) Goal is to fully virtualize architecture Transparent trap-and-emulate approach now feasible Echoes hardware support originally implemented by IBM Execution model New execution mode: guest mode» Direct execution of guest OS code, including privileged insts Virtual machine control block (VMCB)» Controls what operations trap, records info to handle traps in VMM New instruction vmrun enters guest mode, runs VM code When VM traps, CPU executes new exit instruction Enters VMM, which emulates operation 24 12

Hardware Support (2) Intel and AMD working on further hardware support Memory Intel extended page tables (EPT), AMD nested page tables (NPT) Original page tables map virtual to (guest) physical pages» Managed by OS in VM, backwards-compatible» No need to trap to VMM when OS updates its page tables New tables map physical to machine pages» Managed by VMM Tagged TLB w/ virtual process identifiers (VPIDs)» Tag VMs with VPID, no need to flush TLB on VM/VMM switch I/O Constrain DMA operations only to page owned by specific VM AMD DEV: exclude pages (c.f. Xen memory paravirtualization) Intel VT-d: IOMMU address translation support for DMA 25 Cool VMM Tricks @ UCSD Fork VMs with copy-on-write memory (Michael Vrable) Scales the # of VMs on the same machine (100s) Michael modified Xen for a large-scale honeyfarm (Potemkin) Time dilation (Diwaker Gupta) VMM can control the rate of timer interrupts to OS Can change how OS interprets passage of time If VMM slows timer by 10x, then other hardware (CPU, disk, network) appears 10x faster to OS and applications Can experiment with apps, protocols, and systems on future hardware» But, applications run 10x slower 26 13

Cool VMM Tricks @ UCSD Virtual clusters (Marvin McNett) We have a 200-node cluster for research Of course, everyone wants 200 machines for their own project» But they are 99.9% idle over time Instead, give everyone a virtual cluster of 200 VMs Multiplex those VMs on physical hardware Migrate VMs as load varies over time 27 Summary VMMs multiplex virtual machines on hardware Export the hardware interface Run OSes in VMs, apps in OSes unmodified Run different versions, kinds of OSes simultaneously Lesson: Never underestimate the power of indirection 28 14

Next Time Internet Outbreaks: Epidemiology and Defenses 29 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback