Operating Systems 4/27/2015

Similar documents
Virtualization. Virtualization

Computer Security. 05. Confinement. Paul Krzyzanowski. Rutgers University. Spring 2018

Module 1: Virtualization. Types of Interfaces

The Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36

Chapter 5 C. Virtual machines

Virtualization. Pradipta De

Multiprocessor Scheduling. Multiprocessor Scheduling

references Virtualization services Topics Virtualization

Spring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand

CHAPTER 16 - VIRTUAL MACHINES

Virtualization. Dr. Yingwu Zhu

CSE 120 Principles of Operating Systems

Distributed Systems COMP 212. Lecture 18 Othon Michail

CS370 Operating Systems

Virtual Machines. Jinkyu Jeong Computer Systems Laboratory Sungkyunkwan University

CSCI 8530 Advanced Operating Systems. Part 19 Virtualization

Virtual Machine Monitors!

Virtualization. Starting Point: A Physical Machine. What is a Virtual Machine? Virtualization Properties. Types of Virtualization

Virtualization. ! Physical Hardware Processors, memory, chipset, I/O devices, etc. Resources often grossly underutilized

COMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy

Virtualization. Operating Systems, 2016, Meni Adler, Danny Hendler & Amnon Meisels

Virtual Machines. Part 2: starting 19 years ago. Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.

Lecture 5: February 3

Virtual Machine Monitors (VMMs) are a hot topic in

COS 318: Operating Systems. Virtual Machine Monitors

for Kerrighed? February 1 st 2008 Kerrighed Summit, Paris Erich Focht NEC

Virtualization and memory hierarchy

Server Virtualization Approaches

The Architecture of Virtual Machines Lecture for the Embedded Systems Course CSD, University of Crete (April 29, 2014)

CSE 237B Fall 2009 Virtualization, Security and RTOS. Rajesh Gupta Computer Science and Engineering University of California, San Diego.

24-vm.txt Mon Nov 21 22:13: Notes on Virtual Machines , Fall 2011 Carnegie Mellon University Randal E. Bryant.

CHAPTER 16 - VIRTUAL MACHINES

CS 550 Operating Systems Spring Introduction to Virtual Machines

A Survey on Virtualization Technologies

Cloud Computing Virtualization

Nested Virtualization and Server Consolidation

CprE Virtualization. Dr. Yong Guan. Department of Electrical and Computer Engineering & Information Assurance Center Iowa State University

Learning Outcomes. Extended OS. Observations Operating systems provide well defined interfaces. Virtual Machines. Interface Levels

CS 470 Spring Virtualization and Cloud Computing. Mike Lam, Professor. Content taken from the following:

Lecture 7. Xen and the Art of Virtualization. Paul Braham, Boris Dragovic, Keir Fraser et al. 16 November, Advanced Operating Systems

Using MySQL in a Virtualized Environment. Scott Seighman Systems Engineer Sun Microsystems

1 Virtualization Recap

Types of Virtualization. Types of virtualization

NON SCHOLAE, SED VITAE

CSCE 410/611: Virtualization

Virtual Machine Security

CSCE 410/611: Virtualization!

Advanced Operating Systems (CS 202) Virtualization

LINUX Virtualization. Running other code under LINUX

Virtualization. Michael Tsai 2018/4/16

Virtualization. join, aggregation, concatenation, array, N 1 ühendamine, agregeerimine, konkateneerimine, massiiv

Virtualization. ...or how adding another layer of abstraction is changing the world. CIS 399: Unix Skills University of Pennsylvania.

Overview of System Virtualization: The most powerful platform for program analysis and system security. Zhiqiang Lin

OS Virtualization. Why Virtualize? Introduction. Virtualization Basics 12/10/2012. Motivation. Types of Virtualization.

Introduction to Virtual Machines. Carl Waldspurger (SB SM 89 PhD 95) VMware R&D

Virtual machine architecture and KVM analysis D 陳彥霖 B 郭宗倫

System Virtual Machines

Virtualization. Part 1 Concepts & XEN

CS370 Operating Systems

Xen and the Art of Virtualization. Nikola Gvozdiev Georgian Mihaila

Virtual Machines. To do. q VM over time q Implementation methods q Hardware features supporting VM q Next time: Midterm?

LIA. Large Installation Administration. Virtualization

Xen and the Art of Virtualization. CSE-291 (Cloud Computing) Fall 2016

CIS 21 Final Study Guide. Final covers ch. 1-20, except for 17. Need to know:

Virtualization Introduction

Originally prepared by Lehigh graduate Greg Bosch; last modified April 2016 by B. Davison

Xen and the Art of Virtualization

Introduction to Cloud Computing and Virtualization. Mayank Mishra Sujesha Sudevalayam PhD Students CSE, IIT Bombay

CS370 Operating Systems

Cloud and Datacenter Networking

CS-580K/480K Advanced Topics in Cloud Computing. VM Virtualization II

Linux and Xen. Andrea Sarro. andrea.sarro(at)quadrics.it. Linux Kernel Hacking Free Course IV Edition

CS370: Operating Systems [Spring 2017] Dept. Of Computer Science, Colorado State University

Lecture 4: Extensibility (and finishing virtual machines) CSC 469H1F Fall 2006 Angela Demke Brown


Concepts. Virtualization

System Virtual Machines

I/O and virtualization

Chapter 5 B. Large and Fast: Exploiting Memory Hierarchy

Virtualization technology

Chapter 5 (Part II) Large and Fast: Exploiting Memory Hierarchy. Baback Izadi Division of Engineering Programs

W4118: virtual machines

CS 350 Winter 2011 Current Topics: Virtual Machines + Solid State Drives

Four Components of a Computer System

Virtualization. Guillaume Urvoy-Keller UNS/I3S

CSC 5930/9010 Cloud S & P: Virtualization

What is KVM? KVM patch. Modern hypervisors must do many things that are already done by OSs Scheduler, Memory management, I/O stacks

Virtual Machine Systems

CS5460: Operating Systems. Lecture: Virtualization. Anton Burtsev March, 2013

Virtualization History and Future Trends

EE 660: Computer Architecture Cloud Architecture: Virtualization

Virtualisation: The KVM Way. Amit Shah

ELEC 377 Operating Systems. Week 1 Class 2

CSE543 - Computer and Network Security Module: Virtualization

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?

Unit 5: Distributed, Real-Time, and Multimedia Systems

Virtualization. Adam Belay

Virtualization (II) SPD Course 17/03/2010 Massimo Coppola

Virtual Leverage: Server Consolidation in Open Source Environments. Margaret Lewis Commercial Software Strategist AMD

What is a VM? Categories of Virtual Machines. Process Virtual Machine 11/17/2010

Transcription:

Virtualization inside the OS Operating Systems 24. Virtualization Memory virtualization Process feels like it has its own address space Created by MMU, configured by OS Storage virtualization Logical view of disks connected to a machine External pool of storage Paul Krzyzanowski Rutgers University Spring 2015 CPU/Machine virtualization Each process feels like it has its own CPU Created by OS preemption and scheduler 1 2 Logical Volume Management Physical disk Divided into one or more Physical Volumes Storage Virtualization Logical partitions Volume Groups Created by combining Physical Volumes May span multiple physical disks Can be resized Each can hold a file system 3 4 Mapping Logical to Physical data Storage on physical volumes is divided into clusters (misnamed extents): fixed-size chunks Logical volume defined and managed by mapping of logical extents to physical extents LVM Linear Mapping Concatenate multiple physical disks to create a larger disk PV 2 Logical Volume Manager (LVM) takes care of this mapping PV 1 LV 0 PV 0 5 6 Paul Krzyzanowski 1

LVM Striped Mapping Advantages Groups from alternate physical volumes mapped to a logical volume. N physical extents per stripe. Improve bandwidth of file transfers PV 2 Logical disks can be resized while mounted Some file systems (e.g., ext3 on Linux or NTFS) support dynamic resizing Data can be relocated from one disk to another Improved performance (through disk striping) PV 1 PV 0 LV 0 Improved redundancy (disk mirroring) Snapshots Save the state of the volume at some point in time. Allow backups to proceed while the file system is being modified 7 8 Storage Virtualization Dissociate knowledge of physical disks The computer system does not manage physical disks Software between the computer and the disks manages the view of storage Storage Virtualization Logical view of disks connected to a machine Separate logical view from physical storage External pool of storage Virtualization software translates read-block / write-block requests for logical devices to read-block / write-block requests for physical devices Host 1 Host 2... Host n Virtualization appliance Fibre-channel or iscsi switch Replication Snapshots Pooling Partitioning 10 11 Virtual CPUs (sort of) What time-sharing operating systems give us Processor Virtualization Each process feels like it has its own CPU & memory But cannot execute privileged instructions (e.g., modify the MMU or the interval timer, halt the processor, access I/O) Illusion created by OS preemption, scheduler, and MMU User software has to ask the OS to do system-related functions. 12 13 Paul Krzyzanowski 2

Process Virtual Machines CPU interpreter running as a process Pseudo-machine with interpreted instructions 1966: O-code for BCPL 1973: P-code for Pascal 1995: Java Virtual Machine (JIT compilation added) 2002: Microsoft.NET CLR (pre-compilation) 2003: QEMU (dynamic binary translation) 2008: Dalvik VM for Android 2014: Android Runtime (ART) ahead of time compilation Advantage: run anywhere, sandboxing capability No ability to even pretend to access the system hardware Just function calls to access system functions Or generic hardware Machine Virtualization 14 15 Machine Virtualization Normally all hardware and I/O managed by one operating system Machine virtualization Abstract (virtualize) control of hardware and I/O from the OS Partition a physical computer to act like several real machines Manipulate memory mappings Set system timers Access devices Migrate an entire OS & its applications from one machine to another 1972: IBM System 370 Machine Virtualization An OS is just a bunch of code! Privileged vs. unprivileged instructions Regular applications use unprivileged instructions Easy to virtualize If regular applications execute privileged instructions, they trap VM catches the trap and emulates the instruction Trap & Emulate 16 17 Hypervisor Hypervisor Hypervisor: Program in charge of virtualization Aka Virtual Machine Monitor Provides the illusion that the OS has full access to the hardware Arbitrates access to physical resources Presents a set of virtual device interfaces to each host Application or Guest OS runs until: Privileged instruction traps System interrupts Exceptions (page faults) Explicit call: VMCALL (Intel) or VMMCALL (AMD) Page Fault Operating System & Instruction Fault virtual IRQ Unprivileged MMU emulation CPU or device emulation I/O emulation Privileged Hypervisor (Virtual Machine Monitor) 18 19 Paul Krzyzanowski 3

syscall Intel & ARM Didn t Make VM Easy Hardware support for virtualization Intel/AMD systems prior to Core 2 Duo (2006) did not support trapping privileged instructions Most ARM architectures also did not trap on certain privileged instructions Hardware support added in Cortex-A15 (ARMv7 Virtualization Extension): 2011 Two approaches Binary translation (BT) Scan instruction stream on the fly (when page is loaded) and replace privileged instructions with instructions that work with the virtual hardware (VMware approach) Paravirtualization Don t use non-virtualizable instructions (Xen approach) Invoke hypervisor calls explicitly Root mode (Intel example) Layer of execution more privileged than the kernel apps RING 3 RING 2 RING 1 Guest OS RING 0 Without virtualization Non-root mode privilege levels Guest mode privilege level Root mode privilege level apps Guest OS VMM hardware RING 3 RING 2 RING 1 RING 0 OS requests trap to VMM 20 21 Architectural Support Intel Virtual Technology AMD Opteron Guest mode execution: can run privileged instructions directly E.g., a system call does not need to go to the VM Certain privileged instructions are intercepted as VM exits to the VMM Exceptions, faults, and external interrupts are intercepted as VM exits Virtualized exceptions/faults are injected as VM entries CPU Architectural Support Setup Turn VM support on/off Configure what controls VM exits Processor state Saved & restored in guest & host areas VM Entry: go from hypervisor to VM Load state from guest area VM Exit VM-exit information contains cause of exit Processor state saved in guest area Processor state loaded from host area 22 23 Two Approaches to Running VMs 1. Native VM (hypervisor model) 2. Hosted VM Native Virtual Machine Example: VMware ESX Native VM (or Type 1 or Bare Metal) No primary OS Hypervisor is in charge of access to the devices and scheduling OS runs in kernel mode but does not run with full privileges OS Virtual Machine OS Virtual Machine OS Virtual Machine Virtual Machine Monitor (Hypervisor) Device driver Physical Machine 24 25 Paul Krzyzanowski 4

Hosted Virtual Machine Hosted VM VMM runs without special privileges Primary OS responsible for access to the raw machine Lets you use all the drivers available for that primary OS Guest operating systems run under a VMM VMM invoked by host OS Serves as a proxy to the host OS for access to devices Host OS Physical Machine VMM Device driver Guest OS Device emulation VM Driver Example: VMware Workstation Virtualizing Memory Shadow Similar to OS-based virtual memory Page An OS sees a contiguous address space Table But it is not necessarily tied to physical memory Guest Page Table Need to virtualize MMU Two levels of translation: Shadow page tables Host allocates virtual memory for guest Guest treats that as physical memory Guest OS cannot access real page tables Access attempts are trapped and emulated VMM maps guest physical memory settings to actual memory Second-level address translation (SLAT) = Nested page tables Hardware support in MMU similar to multilevel page tables Performance enhancement over shadow page tables A guest s physical address is treated as a virtual address System Memory 26 27 Scheduling VMs Each VM competes for a physical CPU Typically # VMs > # CPUs VMs need to get scheduled Each VM gets a time slice Often round robin scheduler or minor variations Allocate CPU to a single-cpu VM Allocate multiple CPUs to multi-cpu VMs: co-scheduling Strict co-scheduler: VM with two virtual CPUs gets two real CPUs Relaxed co-scheduler: if two CPUs are not available, use one CPU affinity: try to run the VM on the same CPU VM scheduler controls the level of multiprogramming of VMs Virtualizing Drivers & Events Operating systems cannot interact directly with I/O devices Device drivers VMM has to multiplex physical devices & create network bridges Virtualize network interfaces (e.g., MAC addresses) Guest OS gets device drivers that interface to an abstract device implementation provided by the VMM VMM gets all system interrupts and exceptions Needs to figure out which OS gets a simulated interrupt Simulate those events on the guest OS 29 31 Live Migration Select alternate host (B) Mirror block devices (for file systems) Initialize VM on B Initialize Copy dirty pages to host B iteratively To migrate Suspend VM on A Send ARP message to redirect traffic to B Synchronize remaining VM state to B Release state on A Some Popular VM Platforms Native VMs Microsoft Hyper-V VMWare ESX Server IBM z/vm (mainframe) XenServer Ran under an OS and provides virtual containers for running other operating systems. Runs a subset of x86. Routes all hardware accesses to the host OS. Non-modified OS support for processors that support x86 virtualization Sun xvm Server Hosted VMs VMWare Workstation VirtualBox Parallels 32 33 Paul Krzyzanowski 5

Security Threats OS-Level Virtualization Hypervisor-based rootkits A system with no virtualization software installed but with hardware-assisted virtualization can have a hypervisorbased rootkit installed. Not full machine virtualization Multiple instances of the same operating system Each has its own environment Process list, mount table, file descriptors, virtual network interface Advantage: low overhead: no overhead to system calls Rootkit runs at a higher privilege level than the OS. It s possible to write it in a way that the kernel will have a limited ability to detect it. Examples: Linux VServer, Solaris Containers, FreeBSD Jails Symantec Software Virtualization Solution (originally Altris Software Virtualization Services) Windows registry & directory tweaking Allows multiple instances of applications to be installed 34 35 BSD Jails Directory subtree Root of namespace. Process cannot escape from this subtree Hostname Hostname that will be used within the jail The End IP address IP address used for a process within the jail Command Command that will be run within the jail 36 37 Paul Krzyzanowski 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback