lecture 12 virtualization overview 1 dec. 1, 2015 prof. kyu ho park “understanding full...
TRANSCRIPT
![Page 1: Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White](https://reader035.vdocuments.us/reader035/viewer/2022070416/5697c01e1a28abf838cd14fb/html5/thumbnails/1.jpg)
1
Lecture 12 Virtualization Overview
Dec. 1, 2015Prof. Kyu Ho Park
“Understanding Full Virtualization, Paravirtualization, and Hardware Assist”,White paper, VMware.
![Page 2: Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White](https://reader035.vdocuments.us/reader035/viewer/2022070416/5697c01e1a28abf838cd14fb/html5/thumbnails/2.jpg)
2
Physical Hardware Processors, memory,
chipset, I/O bus and de-vices, etc.
Software Tightly coupled to hardware Single active OS image OS controls hardware
Starting Point : A Physical Machine
![Page 3: Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White](https://reader035.vdocuments.us/reader035/viewer/2022070416/5697c01e1a28abf838cd14fb/html5/thumbnails/3.jpg)
3
Hardware-level Abstraction Virtual Hardware : processors,
memory, chipset, I/O devices, etc.
Virtualization Software Extra level of indirection decou-
ples hardware and OS Multiplexes physical hardware
across multiple “guest” VMs Strong isolation between VMs Manages physical resources, im-
proves utilization
Virtual Machine“An efficient, isolated, duplicate of the real machine”
![Page 4: Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White](https://reader035.vdocuments.us/reader035/viewer/2022070416/5697c01e1a28abf838cd14fb/html5/thumbnails/4.jpg)
4
Consolidation High resource utilization
Isolation Performance isolation Fault containment
Live migration Easy management & deployment
Why Virtualization?
![Page 5: Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White](https://reader035.vdocuments.us/reader035/viewer/2022070416/5697c01e1a28abf838cd14fb/html5/thumbnails/5.jpg)
5
Virtual machines abstracted using a layer at dif-ferent places
System Virtualization alter-natives
![Page 6: Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White](https://reader035.vdocuments.us/reader035/viewer/2022070416/5697c01e1a28abf838cd14fb/html5/thumbnails/6.jpg)
6
Classical Techniques Instruction : Trap & Emulate Memory : Shadow Page Table
Full-virtualization Interpretation & code patching Binary Translation
Para-virtualization Hardware-assisted x86 VMM
Processor/Memory Virtualization Overview
![Page 7: Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White](https://reader035.vdocuments.us/reader035/viewer/2022070416/5697c01e1a28abf838cd14fb/html5/thumbnails/7.jpg)
7
CPU implements 4 privilege levels or “rings” 0 through 3
Two CPU execution modes divided into supervisor (0) and user mode (3)
Privilege - x86 Protection Ring
![Page 8: Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White](https://reader035.vdocuments.us/reader035/viewer/2022070416/5697c01e1a28abf838cd14fb/html5/thumbnails/8.jpg)
8
Native Execution Privileged kernels calls run in ring 0 Applications / userspace run in ring 3
Part of the CPU ISA only accessible by “supervi-sor” code
Virtualizing the x86 Archi-tecture
![Page 9: Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White](https://reader035.vdocuments.us/reader035/viewer/2022070416/5697c01e1a28abf838cd14fb/html5/thumbnails/9.jpg)
9
Virtualized Execution Hypervisor must run in ring 0 Virtual machines run in ring 3
Problem: The operating system kernel tries to run privileged “ring
0” instructions. This will cause a machine fault
Virtualizing the x86 Archi-tecture
![Page 10: Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White](https://reader035.vdocuments.us/reader035/viewer/2022070416/5697c01e1a28abf838cd14fb/html5/thumbnails/10.jpg)
Full Virtualization using Binary Translation
![Page 11: Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White](https://reader035.vdocuments.us/reader035/viewer/2022070416/5697c01e1a28abf838cd14fb/html5/thumbnails/11.jpg)
OS Assisted Virtualization or Paravirtualization
![Page 12: Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White](https://reader035.vdocuments.us/reader035/viewer/2022070416/5697c01e1a28abf838cd14fb/html5/thumbnails/12.jpg)
Hardware Assisted Virtualiza-tion
![Page 13: Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White](https://reader035.vdocuments.us/reader035/viewer/2022070416/5697c01e1a28abf838cd14fb/html5/thumbnails/13.jpg)
13
Creates entire virtual machines with emulated H/W Appears to the operating system to be generic hardware Includes virtual BIOS, Network cards, Storage controllers,
etc. No modifications to guest OS Requires “Ring compression” or “de-privileging”
Advantages “Guest” unaware of virtualization – runs unmodified OS
Disadvantages Performance - using software to emulate hardware com-
ponents Complexity – Support and maintenance issues
Examples: VMware ESX, ESXi
Full virtualization – software based
![Page 14: Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White](https://reader035.vdocuments.us/reader035/viewer/2022070416/5697c01e1a28abf838cd14fb/html5/thumbnails/14.jpg)
14
Interpretation Problem – too inefficient x86 decoding slow
Code Patching Problem – not transparent Guest can inspect its own code
Binary Translation (BT) Approach pioneered by VMware Run any unmodified x86 OS in VM
Methods to virtualize x86
![Page 15: Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White](https://reader035.vdocuments.us/reader035/viewer/2022070416/5697c01e1a28abf838cd14fb/html5/thumbnails/15.jpg)
15
Interpret all instructions
Example
Interpretation
While(1) { inst = mem[PC]; // fetch if(inst == add) { // decode // execute reg[inst.reg1]=reg[inst.reg2] + reg[inst.reg3]; PC++; }} // repeat
![Page 16: Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White](https://reader035.vdocuments.us/reader035/viewer/2022070416/5697c01e1a28abf838cd14fb/html5/thumbnails/16.jpg)
16
1. Scan Guest OS2. find problem instructions3. Replace with jump to VMM
Code Patching
![Page 17: Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White](https://reader035.vdocuments.us/reader035/viewer/2022070416/5697c01e1a28abf838cd14fb/html5/thumbnails/17.jpg)
17
“Binary translate” all guest kernel code, run it unprivileged Since x86 has non-virtualizable instructions, proactively
transfer control to the VMM (no need for traps) Safe instructions are emitted without change For “unsafe” instructions, emit a controlled emulation
sequence Use VMM translation cache for good performance
Binary Translation
![Page 18: Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White](https://reader035.vdocuments.us/reader035/viewer/2022070416/5697c01e1a28abf838cd14fb/html5/thumbnails/18.jpg)
18
For each translator invocation Consume a basic block (BB) Produce a compiled code frag-
ment (CCF)
Store CCF in Translation Cache Future reuse Capture working set of guest
kernel Amortize translation costs Not “patching in place”
Binary Translation mecha-nism
![Page 19: Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White](https://reader035.vdocuments.us/reader035/viewer/2022070416/5697c01e1a28abf838cd14fb/html5/thumbnails/19.jpg)
19
Binary Translation Example
![Page 20: Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White](https://reader035.vdocuments.us/reader035/viewer/2022070416/5697c01e1a28abf838cd14fb/html5/thumbnails/20.jpg)
20
1. Scan guest OS2. “translate” into code cache3. Find problem instructions4. Replace with jump to VMM
Binary Translation – Code caching
![Page 21: Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White](https://reader035.vdocuments.us/reader035/viewer/2022070416/5697c01e1a28abf838cd14fb/html5/thumbnails/21.jpg)
21
Modifies the guest operating system to be “virtu-alization aware”
Replaces privileged instructions in guest kernel Guest operating system “cooperates” with hypervisor Operating systems “talks” to the hypervisor directly in-
stead of emulation layer
Para-virtualization
![Page 22: Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White](https://reader035.vdocuments.us/reader035/viewer/2022070416/5697c01e1a28abf838cd14fb/html5/thumbnails/22.jpg)
22
Advantages High performance – near native speeds Cooperating with hypervisor leads to improved IO and
resource scheduling
Disadvantages Requires changes to the guest operating system that
only the OS vendor can perform Run a different kernel for virtual machines
Para-virtualization
![Page 23: Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White](https://reader035.vdocuments.us/reader035/viewer/2022070416/5697c01e1a28abf838cd14fb/html5/thumbnails/23.jpg)
23
Known as hardware virtualization x86 extension to support virtualization Enables classical trap-and-emulate VMMs while avoiding BT Intel VT-x, aka “Vanderpool Technology” AMD AMD-V, aka “Pacifica”
Case Study : Intel VT-x New VMX mode
Two privilege levels : root and non-root Root level
Similar to conventional x86 Add new VMX instructions VMM runs in root level
Non-root level Limited control of resources Including when in ring 0 Guest OS + apps runs in non-root level
Hardware-assisted VMM
![Page 24: Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White](https://reader035.vdocuments.us/reader035/viewer/2022070416/5697c01e1a28abf838cd14fb/html5/thumbnails/24.jpg)
24
VT-x Capabilities Root mode eliminates need to run all guest code in user
mode VMM runs in root mode For code regions with no critical instructions, HW is as effi-
cient as normal machine VM-x HW maps state-holding data elements directly to
native structures during VM execution VMCS (virtual machine control structure) encapsulates VM
state HW implementation can take over loading and unloading
state No need for VMM to perform load/stores of state info.
Eliminates the need for para-virtualization Allows standard versions of OSes to be used as guests The vmcall instruction can be used to pass hints and data
to the VMM if desired
Hardware-assisted VMM
![Page 25: Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White](https://reader035.vdocuments.us/reader035/viewer/2022070416/5697c01e1a28abf838cd14fb/html5/thumbnails/25.jpg)
25
Summary of virtualization technique