Presentation is loading. Please wait.

Presentation is loading. Please wait.

Slides from E0-253 taught by Arkaprava Basu and Vinod Ganapathy

Published byRune Lundberg Modified over 4 years ago

Similar presentations

Presentation on theme: "Slides from E0-253 taught by Arkaprava Basu and Vinod Ganapathy"— Presentation transcript:

1 Slides from E0-253 taught by Arkaprava Basu and Vinod Ganapathy
Virtual Machines Slides from E0-253 taught by Arkaprava Basu and Vinod Ganapathy

2 What is (system) virtual machine?
Virtual machine: Complete compute environment with its own isolated processing capabilities, memory and communication channels. Virtual machine is an efficient isolated duplicate of the physical machine [Goldberg, Popek] Virtual Machine Monitor/Hypervisor: System software that creates and manages virtual machines Desirable qualities of a VMM [Goldberg/Popek]: Equivalence: Virtual m/c interface similar to real m/c Safety/Isolation: Each VM should be isolated from other Low performance overhead: Perf. close to real m/c

3 Without virtualization (bare metal)
Application 1 Application 2 OS Hardware Slide Sorav Bansal, IIT-Delhi

4 With virtualization Virtual Machine Monitor (VMM)/Hypervisor Hardware
Virtual Hardware Guest OS 1 App Virtual Hardware Guest OS 2 App Virtual Machine Monitor (VMM)/Hypervisor Hardware Slide Sorav Bansal, IIT-Delhi

5 Why Virtual Machines? Operating system diversity: Can run both Linux and Windows on same h/w

6 Different OS on same H/W
Virtual Hardware Linux App Virtual Hardware Windows App Virtual Machine Monitor (VMM)/Hypervisor Hardware Slide Sorav Bansal, IIT-Delhi

7 Why Virtual Machines? Operating system diversity: Can run both Linux and Windows on same h/w Security/Isolation: Hypervisor separates the VMs from each other and isolates VMs from H/W Rapid provisioning/Cloud/ Server consolidation: On demand provisioning of hardware resources

8 Underutilization wastes resource
Slide Sorav Bansal, IIT-Delhi

9 Why Virtual Machines? Operating system diversity: Can run both Linux and Windows on same h/w Security/Isolation: Hypervisor separates the VMs from each other and isolates VMs from H/W Rapid provisioning/Server consolidation: On demand provisioning of hardware resources High availability/Load balancing: Ability to live-migrate a VM to other physical server Encapsulation: The execution environment of an application is encapsulated within VM

10 Other “virtual machines(?)”
Language VM: Language runtime focused on running a single application e.g., Java Virtual Machine, Microsoft Common Language runtime, Javascripts “Lightweight” VM: Does not run guest OS; Isolate applications from other e.g., Docker, FreeBSD’s Jail, Google’s Native Client Our focus is System virtual machine: presents a “copy” of whole machine

11 Types of system virtual machine
Type 1 (Bare metal): VMM runs on bare metal; directly control the physical machine e.g., Xen, VMWare ESX server Type 2 (Hosted): VMM runs as part of/on top of an OS e.g., KVM, VMWare workstation

12 Implementing a VMM Three pieces of a system:
Instructions -- defined by the ISA (e.g., x86, ARM) Memory I/O (network, disk) Mostly a quick discussion of the first two. We won’t discuss the third in this course. For a detailed discussion of virtualization, take E0253!

13 Techniques to Virtualize instruction SET ARCHItecture

14 Software emulation Implement each instruction as a C function
1 Implement each instruction as a C function Interpret each instruction and emulate it e.g., Each instruction is implemented by a C function incl (%eax): r = regs[EAX]; tmp = read_mem(r); tmp++; write_mem(r, tmp); Memory is emulated as an array I/O is emulated in software Slowdown: 50x or more Example: bochs

15 Binary Translation 2 Translate each VM instruction to minimal set of host instructions on the fly Example: incl(%eax) »leal mem0(%eax), %esi »incl(%esi) CPU state is kept in software structure (e.g., VCPU) Memory is emulated/relocated Privileged instructions gets translated to calls to emulation routine Example: Qemu

16 Optimizing Binary translation
Observation: Code is executed in basic blocks Basic block: straight line code that ends with branch/jump Optimization: Cache translated basic block  no need to translate every instruction Optimization: Direct jumps/function calls to translated basic block

17 Direct Execution 3 Idea: Run most instructions of the VM directly on the hardware Advantage: Performance close to native execution Challenge: How to ensure isolation/protection ? If all instructions of the VM are directly executed then VMM has no control !

18 Direct Execution + Trap and Emulate
Idea: Trap to hypervisor when the VM tries to execute an instruction that could change the state of the system/take control (i.e., impact safety/isolation). Emulate execution of these instruction in hypervisor Direct execution of any other innocuous instructions on h/w that cannot impact other VMs or the hypervisor

19 How to do Trap and Emulate?
Generally two categories of instructions: User instructions: Typically compute instructions e.g., add, mult, ld, store, jmp System instructions: Typically for system management e.g., iret, invlpg, hlt, in, out Two mode of CPU operation: User mode (in x86-64 typically ring 3) Privileged mode (in x86-64 ring 0) Attempt to execute system instructions in user mode generates trap/general protection fault (gpf)

20 How to do Trap and Emulate?
System state: Example, control registers like cr3 (remember?) Access to system state in user mode trigger gpf Idea: Run the VM in user mode (ring 3), while the hypervisor in privileged mode (ring 0) Anytime VM tries to execute an system instr. or tries to access system state, trap to VMM

21 Formalizing Direct exec. + Trap & emulate
Goldberg & Popek theorem: Control sensitive intr.: Instructions that can update system state Behavior sensitive instr.: If instructions behavior depends upon system state Requirement for architecture/ISA to be virtualizable via trap & emulate: {control sensitive} U {behavior sensitive} {privileged} UI

22 x86 is not virtualizable via trap & emulate
Example: popf (pop flags) Can be used in user mode to change ALU flags Can be used in privileged mode to change system state flag (e.g., interrupt delivery flag) Trouble: No trap is popf is attempted to alter interrupt flag in user mode --- CPU just ignores it !  Behavior sensitive instruction but is not privileged There are about 17 such instructions in x86

23 Hardware assisted virtualization: Intel VT-x/AMD-v for x86-64
Two challenges of virtualizing x86-64 ISA: How to hide system/privileged state from the VM? How to ensure a VM cannot directly change system state (e.g., interrupt flags) of the processor?

24 Hardware assisted virtualization: Intel VT-x/AMD-v for x86-64
Solution idea: Two new modes of operation: root and non-root Each mode has complete set of execution rings (0-3) New instructions to switch between modes H/W state is duplicated for each operation mode Hypervisor runs in root mode and VMs in non-root mode When any “sensitive” instruction executed in non-root mode it either (1) executed by processor on duplicated state or (2) trap to hypervisor

25 Hardware assisted virtualization: Intel VT-x/AMD-v for x86-64
VM 1 VM 0 Ring 0 Ring 1 Ring 2 Ring 3 Guest OS Guest app Ring 0 Ring 1 Ring 2 Ring 3 Guest OS Guest app Non- root mode Ring 3 (Legacy/un-virtualized) User program Root mode Ring 2 Ring 1 Ring 0 Hypervisor/VMM

26 Virtualizing memory

27 Recap: Virtual Memory in un-virtualized system
Process A’s virtual address space Process B’s virtual address space Page table Page table Managed by the OS Physical memory

28 Recap: Performing address translation in unvirtualized machine
VA TLB Virtual Address Hit? Miss? PTW CR3 PA Physical Address

29 Requirement for memory virtualization
No direct access to physical memory from VM Only hypervisor should manage physical memory Why? But, fool the guest OS to think that it is accessing physical memory

30 Virtualizing Virtual Memory
Managed by guest OS Virtual Machine 1 Virtual Machine 2 App 2 App 1 App 2 App 1 Guest Page table Guest physical memory Managed by hypervisor Nested Page table System (real)Physical memory

31 Virtualizing Virtual Memory
Guest Virtual Address Guest Physical Address System Physical Address 1 2 gVA gPA sPA Guest Page Table Nested Page Table Two levels of address translation on each memory access by an application running inside a VM Based on "Efficient Memory Virtualization" Gandhi et. al., MICRO'14

32 Implementing two level address translation
1 Shadow page table Software only technique Nested/Extended page table Hardware support 2

33 Shadow page table Idea: Let hypervisor “create” a shadow page table that maps guest VA to system PA directly Made by combining guest page table w/ system page table Hypervisor makes the cr3 point to the shadow page table

34 Shadow page table gVA gPA sPA Guest Page Table Nested Page Table
Guest Virtual Address Guest Physical Address System Physical Address 1 2 gVA gPA sPA Guest Page Table Nested Page Table Shadow Page Table

35 Challenge of shadow page table
How to create a shadow page table? Anytime guest OS modifies guest page table hypervisor needs to update shadow page table Solution: Write protect guest page table Any write access to guest page table would generate page fault  trap to hypervisor Drawback: Many page faults for application that alters page tables

36 Challenge of shadow page table
For every guest application there is one shadow page table Every time guest application context switches trap to hypervisor to change cr3 to point to new shadow page table

37 Nested/Extended page table
Idea: Make hardware aware of two levels of address translation and guest and nested page table Make hardware page walker walk both guest page table and nested page table on a TLB miss  Two dimensional page walk Two cr3s : gCR3  gPT; nCR3  nPT Eliminates the need of shadow page table

Download ppt "Slides from E0-253 taught by Arkaprava Basu and Vinod Ganapathy"

Similar presentations

Virtualization Dr. Michael L. Collard

Virtualization Dr. Michael L. Collard
Virtualization Technology

Virtualization Technology
Bart Miller. Outline Definition and goals Paravirtualization System Architecture The Virtual Machine Interface Memory Management CPU Device I/O Network,

Bart Miller. Outline Definition and goals Paravirtualization System Architecture The Virtual Machine Interface Memory Management CPU Device I/O Network,
Virtualization and Cloud Computing

Virtualization and Cloud Computing
CS-3013 & CS-502, Summer 2006 Virtual Machine Systems1 CS-502 Operating Systems Slides excerpted from Silbershatz, Ch. 2.

CS-3013 & CS-502, Summer 2006 Virtual Machine Systems1 CS-502 Operating Systems Slides excerpted from Silbershatz, Ch. 2.
KVM/ARM: The Design and Implementation of the Linux ARM Hypervisor Fall 2014 Presented By: Probir Roy.

KVM/ARM: The Design and Implementation of the Linux ARM Hypervisor Fall 2014 Presented By: Probir Roy.
ELEC6200, Fall 07, Oct 29 Westrom: Virtual Machines 1 Kenneth Westrom ELEC-6620.

ELEC6200, Fall 07, Oct 29 Westrom: Virtual Machines 1 Kenneth Westrom ELEC-6620.
Introduction to Virtual Machines

Introduction to Virtual Machines
Virtualization for Cloud Computing

Virtualization for Cloud Computing
LINUX Virtualization Running other code under LINUX.

LINUX Virtualization Running other code under LINUX.
CSE 451: Operating Systems Winter 2012 Module 18 Virtual Machines Mark Zbikowski and Gary Kimura.

CSE 451: Operating Systems Winter 2012 Module 18 Virtual Machines Mark Zbikowski and Gary Kimura.
Virtualization Technology Prof D M Dhamdhere CSE Department IIT Bombay Moving towards Virtualization… Department of Computer Science and Engineering, IIT.

Virtualization Technology Prof D M Dhamdhere CSE Department IIT Bombay Moving towards Virtualization… Department of Computer Science and Engineering, IIT.
Tanenbaum 8.3 See references

Tanenbaum 8.3 See references
Zen and the Art of Virtualization Paul Barham, et al. University of Cambridge, Microsoft Research Cambridge Published by ACM SOSP’03 Presented by Tina.

Zen and the Art of Virtualization Paul Barham, et al. University of Cambridge, Microsoft Research Cambridge Published by ACM SOSP’03 Presented by Tina.
Virtualization Virtualization is the creation of substitutes for real resources – abstraction of real resources Users/Applications are typically unaware.

Virtualization Virtualization is the creation of substitutes for real resources – abstraction of real resources Users/Applications are typically unaware.
Microkernels, virtualization, exokernels Tutorial 1 – CSC469.

Microkernels, virtualization, exokernels Tutorial 1 – CSC469.
A Survey on Virtualization Technologies. Virtualization is “HOT” Microsoft acquires Connectix Corp. EMC acquires VMware Veritas acquires Ejascent IBM,

A Survey on Virtualization Technologies. Virtualization is “HOT” Microsoft acquires Connectix Corp. EMC acquires VMware Veritas acquires Ejascent IBM,
Virtualization Concepts Presented by: Mariano Diaz.

Virtualization Concepts Presented by: Mariano Diaz.
Virtual Machine Monitors: Technology and Trends Jonathan Kaldor CS614 / F07.

Virtual Machine Monitors: Technology and Trends Jonathan Kaldor CS614 / F07.
Introduction 1-1 Introduction to Virtual Machines From “Virtual Machines” Smith and Nair Chapter 1.

Introduction 1-1 Introduction to Virtual Machines From “Virtual Machines” Smith and Nair Chapter 1.

Similar presentations

Ads by Google