The Architecture of Virtual Machines Lecture for the Embedded Systems Course CSD, University of Crete (April 29, 2014)

Similar documents
Concepts. Virtualization

Virtualization. Part 1 Concepts & XEN

Virtualization. Pradipta De

Learning Outcomes. Extended OS. Observations Operating systems provide well defined interfaces. Virtual Machines. Interface Levels

Πποχωπημένη Κατανεμημένη Υπολογιστική

Virtualization. Operating Systems, 2016, Meni Adler, Danny Hendler & Amnon Meisels

The Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36

Virtualization. Dr. Yingwu Zhu

Virtualization. Starting Point: A Physical Machine. What is a Virtual Machine? Virtualization Properties. Types of Virtualization

Virtualization. ! Physical Hardware Processors, memory, chipset, I/O devices, etc. Resources often grossly underutilized

CS5460: Operating Systems. Lecture: Virtualization. Anton Burtsev March, 2013

COMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy

Chapter 5 C. Virtual machines

Spring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand

24-vm.txt Mon Nov 21 22:13: Notes on Virtual Machines , Fall 2011 Carnegie Mellon University Randal E. Bryant.

Nested Virtualization and Server Consolidation

Module 1: Virtualization. Types of Interfaces

Virtual Machines. Jinkyu Jeong Computer Systems Laboratory Sungkyunkwan University

Introduction to Virtualization

CS370 Operating Systems

Virtual Machines. To do. q VM over time q Implementation methods q Hardware features supporting VM q Next time: Midterm?

OS Virtualization. Why Virtualize? Introduction. Virtualization Basics 12/10/2012. Motivation. Types of Virtualization.

System Virtual Machines

Virtualization and memory hierarchy

Virtual Machines. Part 2: starting 19 years ago. Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.

System Virtual Machines

Lecture 5: February 3

Virtual machine architecture and KVM analysis D 陳彥霖 B 郭宗倫

Virtualization History and Future Trends

A Survey on Virtualization Technologies

references Virtualization services Topics Virtualization

Introduction to Virtual Machines. Michael Jantz

CSE 120 Principles of Operating Systems

Operating Systems 4/27/2015

Lecture 7. Xen and the Art of Virtualization. Paul Braham, Boris Dragovic, Keir Fraser et al. 16 November, Advanced Operating Systems

Lecture 5. KVM for ARM. Christoffer Dall and Jason Nieh. 5 November, Operating Systems Practical. OSP Lecture 5, KVM for ARM 1/42

CS 350 Winter 2011 Current Topics: Virtual Machines + Solid State Drives

Introduction to Cloud Computing and Virtualization. Mayank Mishra Sujesha Sudevalayam PhD Students CSE, IIT Bombay

Cloud Computing Virtualization

Virtualization. Application Application Application. MCSN - N. Tonellotto - Distributed Enabling Platforms OPERATING SYSTEM OPERATING SYSTEM

CSCE 410/611: Virtualization!

Distributed Systems COMP 212. Lecture 18 Othon Michail

CHAPTER 16 - VIRTUAL MACHINES

Overview of System Virtualization: The most powerful platform for program analysis and system security. Zhiqiang Lin

LIA. Large Installation Administration. Virtualization

COS 318: Operating Systems. Virtual Machine Monitors

CS370: Operating Systems [Spring 2017] Dept. Of Computer Science, Colorado State University

Lecture 4: Extensibility (and finishing virtual machines) CSC 469H1F Fall 2006 Angela Demke Brown

Virtualization and Virtual Machines. CS522 Principles of Computer Systems Dr. Edouard Bugnion

CS370: Operating Systems [Spring 2016] Dept. Of Computer Science, Colorado State University

CS370: Operating Systems [Spring 2017] Dept. Of Computer Science, Colorado State University

Introduction to Virtual Machines. Carl Waldspurger (SB SM 89 PhD 95) VMware R&D

Virtual Machine Systems

LINUX Virtualization. Running other code under LINUX

CSCE 410/611: Virtualization

What is KVM? KVM patch. Modern hypervisors must do many things that are already done by OSs Scheduler, Memory management, I/O stacks

VIRTUALIZATION: IBM VM/370 AND XEN

Virtualization. Virtualization

CS252 Spring 2017 Graduate Computer Architecture. Lecture 18: Virtual Machines

Virtual Machine Monitors!

Virtualization. ...or how adding another layer of abstraction is changing the world. CIS 399: Unix Skills University of Pennsylvania.

EE 660: Computer Architecture Cloud Architecture: Virtualization

Multiprocessor Scheduling. Multiprocessor Scheduling

CprE Virtualization. Dr. Yong Guan. Department of Electrical and Computer Engineering & Information Assurance Center Iowa State University


I/O and virtualization

Advanced Operating Systems (CS 202) Virtualization

An overview of virtual machine architecture

Virtualization. Michael Tsai 2018/4/16

CLOUD COMPUTING IT0530. G.JEYA BHARATHI Asst.Prof.(O.G) Department of IT SRM University

Originally prepared by Lehigh graduate Greg Bosch; last modified April 2016 by B. Davison

Linux and Xen. Andrea Sarro. andrea.sarro(at)quadrics.it. Linux Kernel Hacking Free Course IV Edition

Virtual Machine Monitors (VMMs) are a hot topic in

CS370 Operating Systems

Virtual Machines Disco and Xen (Lecture 10, cs262a) Ion Stoica & Ali Ghodsi UC Berkeley February 26, 2018

Knut Omang Ifi/Oracle 6 Nov, 2017

VIRTUALIZATION. Dresden, 2011/12/6. Julian Stecklina

Virtualization. Adam Belay

Virtualization. Guillaume Urvoy-Keller UNS/I3S

BUD17-301: KVM/ARM Nested Virtualization. Christoffer Dall

Virtual Virtual Memory

CS 550 Operating Systems Spring Introduction to Virtual Machines

The Future of Virtualization

CHAPTER 16 - VIRTUAL MACHINES

CSE543 - Computer and Network Security Module: Virtualization

Background. IBM sold expensive mainframes to large organizations. Monitor sits between one or more OSes and HW

Virtualization Introduction

The only open-source type-1 hypervisor

CS 5600 Computer Systems. Lecture 11: Virtual Machine Monitors

e-pg Pathshala Subject: Computer Science Paper: Cloud Computing Module 23: Virtualization II Module No: CS/CC/23 Quadrant 1 e-text

Virtualization. Darren Alton

Xen and the Art of Virtualization. CSE-291 (Cloud Computing) Fall 2016

CS-580K/480K Advanced Topics in Cloud Computing. VM Virtualization II

Virtual machines are an interesting extension of the virtual-memory concept: not only do we give processes the illusion that they have all of memory

Xen and the Art of Virtualization. Nikola Gvozdiev Georgian Mihaila

Mach External pager. IPC Costs. Why the difference? Example of IPC Performance. First generation microkernels were slow Mach, Chorus, Amoeba

Fast access ===> use map to find object. HW == SW ===> map is in HW or SW or combo. Extend range ===> longer, hierarchical names

DISCO and Virtualization

Fast access ===> use map to find object. HW == SW ===> map is in HW or SW or combo. Extend range ===> longer, hierarchical names

On the DMA Mapping Problem in Direct Device Assignment

Transcription:

The Architecture of Virtual Machines Lecture for the Embedded Systems Course CSD, University of Crete (April 29, 2014) ManolisMarazakis (maraz@ics.forth.gr) Institute of Computer Science (ICS) Foundation for Research and Technology Hellas (FORTH)

Virtualization Use-cases Server (workload) consolidation Legacy software systems Virtual desktop infrastructure (VDI) End-user virtualization (e.g. S/W testing & QA, OS research) Compute clouds Embedded (e.g. smartphones) How does virtualization work, in detail? 2 The Architecture of Virtual Machines

Lecture Outline Abstraction, system interfaces and implementation layers ISA, ABI, API Virtual Machine Taxonomy Process virtual machines Multiprogrammedsystems Emulators and dynamic binary translation High-level-language virtual machines System virtual machines Classic virtual machines Hosted virtual machines Whole-system virtual machines Key virtualization techniques 3 The Architecture of Virtual Machines

Computer systems are built on levels of abstraction Different perspectives on what a machine is OS ISA: Instruction Set Architecture ABI h/w s/w interface Compiler ABI: Application Binary Interface User ISA + OS calls Application API: Application Programming Interface User ISA + Library calls API ISA 4 The Architecture of Virtual Machines

Definitions Virtualization A layer mapping its visible interface and resources onto the underlying layer or system on which it is implemented Purposes: abstraction, replication, isolation Virtual Machine (VM) an efficient, isolated duplicate of a real machine Programs should not be able to distinguish between execution on real or virtual H/W (except for: fewer/variable resources, and device timing) VMs should execute without interfering with each other Efficiency requires that most instructions execute directly on real H/W Hypervisor / Virtual Machine Monitor (VMM) Partitions a physical machine into multiple virtual machines Host : machine and / or software on which the VMM is implemented Guest : the OS which executes under the control of the VMM 5 The Architecture of Virtual Machines

Virtualization Timeline (C. Dall 2013) Virtual machines were popular in 60s-70s IBM OS/370 Share resources of mainframe computers to run multiple single-user OSs Interest is lost by 80s-90s: development of multi-user OS, rapid drop in H/W cost Hardware support for virtualization is lost until the late 90s (VMware) 6 The Architecture of Virtual Machines

Virtualization alternatives & their performance 7 The Architecture of Virtual Machines

OS vs Hypervisor (VMM) Hypervisor / Virtual Machine Monitor (VMM) Software that supports virtual machines on a physical machine Determines how to map VM resources to physical ones Physical resources may be time-shared, partitioned, or emulated The OS has complete control of the (physical) system Impossible for >1 operating systems to be executing on the same platform OS provides execution environment for processes Hypervisor (VMM) virtualizes the hardware interface GuestOS sdo not have complete control of the system VMM provides execution environment for OS virtual hardware 8 The Architecture of Virtual Machines

What needs to be emulated for a VM? CPU and memory Register state Memory state Memory management unit Page tables, segments Platform Interrupt controller, timer, buses BIOS Peripheral devices Disk, network interface, serial line Hardware is not (commonly) designed to be multiplexed Loss of isolation 9 The Architecture of Virtual Machines

Design space API interface ABI interface 10 The Architecture of Virtual Machines

VMM architectures Only OS knows about H/W Unmodified view of H/W Modified view of H/W Paravirtualized VMM 11 The Architecture of Virtual Machines

Process vs System VM Process: Provides API interface + Easier to install + Leverages OS services e.g. device drivers - Execution overhead System: Provides ABI interface + Efficient execution + Can add OSindependent services e.g. migration, checkpointing, sandbox 12 The Architecture of Virtual Machines

Process VM concept A guest program developed for a machine (ISA and OS) other than the user s host system can be used in the same way as all other programs in the host system Runtime system Encapsulates an individual guest process giving it the same appearance as a native host process All host processes appear to conform to the guest s worldview 13 The Architecture of Virtual Machines

Process VM architecture 14 The Architecture of Virtual Machines

System VMMs Type 1 Type 1: runs directly on hardware primary goal: performance Examples: OS/370, VMware ESXi Type 2: runs on host OS primary goal: ease of installation Example: User-Mode Linux, VMware Workstation Type 2 15 The Architecture of Virtual Machines

Hosted VMMs Hybrid between Type 1 and Type 2 Core VMM runs directly on hardware Improved performance as compared to pure Type 2 Leverage s/w engineering investment in host OS for I/O device support I/O services provided by host OS Overhead for I/O operations, reduced performance isolation Example: VMware Workstation 16 The Architecture of Virtual Machines

Whole-system VMMs Case of GuestOSISA!= HostOSISA Full emulation of GuestOSand its applications Example: VirtualPC 17 The Architecture of Virtual Machines

VMM examples VMware workstation Xen kvm 18 The Architecture of Virtual Machines

Classic VM (Popek& Goldberg, 1974) (1/4) Essentials of a Virtual Machine Monitor (VMM) An efficient, isolated duplicate of the real machine. Equivalence Software on the VMM executes identically to its execution on hardware, barring timing effects. i.e. Running on VMM == Running directly on HW Performance Non Privilegedinstructions can be executed directly by the real processor, with no software intervention by the VMM. i.e. Performance on VMM == Performance on HW Resource control The VMM must have complete control of the virtualizedresources. 19 The Architecture of Virtual Machines VMM Hardware VM

Classic VM (Popek& Goldberg, 1974) (2/4) Instruction types Privileged instructions: generate trap when executed in any but the most-privileged level Execute in privileged mode, trap in user mode E.g. x86 LIDT : load interrupt descriptor table address Privileged state: determines resource allocation Privilege mode, addressing context, exception vectors, Sensitive instructions: instructions whose behavior depends on the current privilege level Control sensitive: change privileged state Behavior sensitive: exposes privileged state E.g. x86 POPF : pop stack to EFLAGS (in user-mode, the interrupt enable bit is not over-written) 20 The Architecture of Virtual Machines

Classic VM (Popek& Goldberg, 1974) (3/4) Theorem 1: A VMM may be constructed if the set of SI s is a subset of the set of PI s USER USER PI PI SI SI ISA is Virtualizable ISA is NOT Virtualizable 21 The Architecture of Virtual Machines

Classic VM (Popek& Goldberg, 1974) (4/4) To build a VMM, it is sufficient for all instructions that affect the correct functioning of the VMM (SI s) always trap and pass control to the VMM. This guarantees the resource control property Non-privileged instructions are executed without VMM intervention Equivalence property: We are not changing the original code, so the output will be the same. 22 The Architecture of Virtual Machines

Mostly-virtualizable Architectures x86 Sensitive push/pop instructions are not privileged Segment and interrupt descriptor tables in virtual memory Itanium Interrupt vectors table in virtual memory MIPS User-accessible kernel registers k0, k1 (save/restore state) ARM PC is a general-purpose register Exception returns to PC (no trap) 23 The Architecture of Virtual Machines

Key Techniques (1/3): De-privileging GuestOS trap change resource emulate change vmm resource privileged instruction 24 The Architecture of Virtual Machines VMM emulates the effect on system/hardware resources of privileged instructions whose execution traps into the VMM aka trap-and-emulate Typically achieved by running GuestOSat a lower hardware priority level than the VMM Normal instructions run directly on processor Privileged instructions trap into VMM (for safe emulation) Problematic on architectures where privileged instructions do not trap when executed at deprivileged priority!

Key Techniques (2/3): Primary vs Shadow Structures VMM maintains shadow copies of critical structures whose primary versions are manipulated by GuestOS e.g., page tables Primary copies needed to insure correct environment visible to GuestOS 25 The Architecture of Virtual Machines

Memory Management by the VMM VMM machine OS physical process virtual entity address space VMM GuestOS Isolation/protection of Guest OS address spaces Efficient MM address translation shadow page tables page tables 26 The Architecture of Virtual Machines

Key Techniques (3/3): Memory Tracing (Trace faults) Shadow page table Shadow page table Applications Applications User mode Updated OS OS Kernel mode Updated PFH VMM Primary Page table TRAP Physical Machine Control access to memory so that the shadow and primary structures remain coherent Write-protect primary structure so that update operations cause page faults caught, interpreted, emulated by the VMM VMM typically use hardware page protection mechanisms to trap accesses to in-memory primary structures 27 The Architecture of Virtual Machines

Virtualization overheads VMM maintains virtualized privileged machine state Processor status, addressing context, device state, VMM emulates privileged instructions Translation between virtual and real privileged state E.g. guest-to-real page tables Traps are expensive Several 100s cycles (for x86) Certain important OS operations involve several traps Interrupt enable/disable for mutual exclusion Page table setup/updates for fork() 28 The Architecture of Virtual Machines

Acceleration techniques Binary translation locate sensitive instructions in guest binary and replace on-the-fly with emulation code or hypercall VMware, QEMU Para-virtualization Port the GuestOSto modified ISA Xen, L4, Denali, Hyper-V Reduce number of traps Remove un-virtualizable instructions Hardware support Make all sensitive instructions privileged (!) Intel VT-x, AMD SVM Xen, VMware, kvm Nested page tables Direct device assignment, IOMMU, Virtual interrupts 29 The Architecture of Virtual Machines

Evolution of System Virtualization System Virtualization Classic Virtualization (Popek & Goldberg) Trap-and-emulate Enhancement VMM / Guest OS Interface Hardware / VMM Interface Modern Approach Binary Translation Para-virtualization (Xen) Hardware Support for Virtualization (Intel VT & AMD SVM) Software Virtualization (VMware) 30 The Architecture of Virtual Machines

Sources James E. Smith, Ravi Nair, The Architecture of Virtual Machines, IEEE Computer, vol.38, no.5, May 2005 Mendel Rosenblum, Tal Garfinkel, Virtual Machine Monitors: Current Technology and Future Trends, IEEE Computer, May 2005. A. Whitaker, R.S. Cox, M. Shaw, S.D. Gribble, Rethinking the Design of Virtual Machine Monitors, IEEE Computer, vol.38, no.5, May 2005. Kirk L. Kroeker, The Evolution of Virtualization, CACM, vol.52, no. 3, March 2009 G.J. Popek, and R.P. Goldberg, Formal Requirements for VirtualizableThird Generation Architectures, CACM, vol. 17 no. 7, 1974. Jim Smith and Ravi Nair, Virtual Machines: Versatile Platforms for Systems and Processes, ISBN-10: 1558609105, Elsevier, 2005 31 The Architecture of Virtual Machines

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback