Virtual Machines (part 2) CPS210 Spring 2006
Papers Xen and the Art of Virtualization Paul Barham ReVirt: Enabling Intrusion Analysis through Virtual Machine Logging and Replay George Dunlap
Virtualization in the enterprise X Consolidate under-utilized servers to reduce CapEx and OpEx Avoid downtime with VM Relocation Dynamically re-balance workload to guarantee application SLAs X Enforce security policy X
VMware architecture Host Machine Host OS VM AppTarget OS Target App Target App Virtual Machine Monitor VM Driver Host App VMM World Host World
SimOS architecture Host Machine Host OS SimOS Target OS Target App Target App Host App Host App
SimOS memory SimOS Target OS Host Machine Host OS Target App Mem File SimDisk File SimDisk SimOS VMemory Target App SimOS code, data TargOS code, data TargApp code, data Virtual MMU
SimOS page fault SimOS Target OS Host Machine Host OS Target App Mem File SimDisk File SimDisk SimOS VMemory Target App Unmapped addr SimOS Fault handler TargOS Fault handler Virtual MMU
Generic TLB Cache of recently used PTEs Small – usually about 64 entries Huge impact on performance TLB Virtual Address Physical Address or TLB Miss or Access fault
ring 3 x86_32 Address space Kernel User 4GB 3GB 0GB Xen S S U ring 1 ring 0
VMware Guest Page Tables MMU Guest OS VMM Hardware Virtual → Machine Shadow page table Update PTE
Para-Virtualizing the MMU Guest OSes allocate and manage own PTs “Hypercall” to change PT base Xen must validate PT updates before use Validation rules applied to each PTE: 1. Guest may only map phys. pages it owns 2. PT pages may only be mapped RO
Xen guest page tables MMU Guest OS VMM Hardware Virtual → Machine Update PTE 1) Validation check 2) Perform update