200 likes | 394 Views
CPU Virtualization. Brian Kocoloski CSE 522S – Advanced Operating Systems Washington University in St. Louis St. Louis, MO 63130. Virtualization. Virtualization refers to the act of creating a virtual (rather than actual) version of something Examples of virtualization we’ve already seen:
E N D
CPU Virtualization Brian Kocoloski CSE 522S – Advanced Operating Systems Washington University in St. Louis St. Louis, MO 63130
Virtualization • Virtualization refers to the act of creating a virtual (rather than actual) version of something • Examples of virtualization we’ve already seen: • Virtual memory creates illusion of full access to system memory • Context switching creates illusion of full access to system CPU(s) CSE 522S – Advanced Operating Systems
Virtualization • Virtual machine: emulation of a full computer system • Rather than virtualize only specific resources to support multi-processing, we can virtualize the entire platform to support multi-operating systems • Why would we want to? • Cloud computing • Server consolidation + software packaging • Virtual test environments • E.g., OS development for specific hardware platforms • Linux enthusiasts who still can not decide which distribution is best CSE 522S – Advanced Operating Systems
System Virtualization • Requires a hypervisor to share and manage hardware, creating multiple environments that are isolated from each other P2 P1 OS 2 OS 1 P1 P2 OS Hypervisor Hardware Hardware CSE 522S – Advanced Operating Systems
Types of Hypervisors • Type 1: hypervisor runs directly on hardware (no host operating system) • Type 2: hypervisor runs within host operating system P2 P1 P2 P1 OS 2 OS 1 OS 2 OS 1 Hypervisor Hypervisor Host OS Hardware Hardware CSE 522S – Advanced Operating Systems
Ways to Virtualize • The key challenge is to prevent the guest OS from accessing shared hardware and possibly corrupting other programs/Oses • As a result, guest behavior must be isolated from other guests and host processes • Shared state: • CPU registers • Physical memory contents • I/O devices (next lecture) CSE 522S – Advanced Operating Systems
Emulation vs Virtualization • Instruction emulation • Guest OS (and all processes it creates) run as a user-mode process • An interpreter first checks that instructions are legal and don’t manipulate shared state • Interpreter can even translate between different instruction set architectures (ISA) (e.g., using dynamic binary translation) • Hardware virtualization • Guest OS runs directly on the hardware with no interpreter • CPU provides a separate privilege domain to prevent guest from manipulating shared hardware CSE 522S – Advanced Operating Systems
QEMU • qemu.org • Free and open source emulator • Can be configured to perform both instruction emulation in software and leverage hardware virtualization features CSE 522S – Advanced Operating Systems
(QEMU) Emulation Example • Assume virtual machine executes:P1: store 4 0xabcd<ctx switch>P2: store 5 0xabcd • What type of address is 0xabcd? • Virtual address – these should resolve to two different physical memory locations • But QEMU runs all guest processes within a single user process (e.g., single address space) • How to determine what the physical addresses are? QEMU use a software MMU (memory management unit) • Performs the same functions as a page table – i.e., can convert to physical address • Problems? • Every memory access requires a SW translation -- VERY slow CSE 522S – Advanced Operating Systems
Emulation Problems • Emulator is a software implementation of hardware, meaning: • It must understand/interpret all instructions in the ISA • It must model an MMU (including page tables) to translate memory locations • It must understand the meaning of special CPU control registers • Emulation requires the emulator to interpret every instruction issued by the guest OS • Enter hardware virtualization CSE 522S – Advanced Operating Systems
Hardware Virtualization • Modern hardware has support for drastically improving the performance of virtualization • Basic idea: hardware introduces a new privilege domain called supervisor mode • Supervisor mode indicates whether trusted (host) or untrusted (guest) code is running • Supervisor mode allows the host to trap specific instructions that might modify shared state, thus retaining isolation CSE 522S – Advanced Operating Systems
CPU Rings https://en.wikipedia.org/wiki/Protection_ring CSE 522S – Advanced Operating Systems
Rings and Supervisor Modes P1 Ring 3, Guest Mode Guest OS Ring 0, Guest Mode Hypervisor P2 Ring 3, Supervisor Mode Ring 0,Supervisor Mode Host OS Hardware CSE 522S – Advanced Operating Systems
Virtualization Hardware (e.g., x86) Userspace processesin the guest Guest kernel code VMX nonroot(aka guest mode) Regular userspace processes VMX root (akahost/supervisor mode) Host kernel codeHypervisor code (e.g., KVM) Userspace(e.g., x86 ring 3) Kernel space(e.g., x86 ring 0) CSE 522S – Advanced Operating Systems
Hardware Virtualization • Hardware virtualization allows guest code to run directly on the hardware P1: store 4 0xabcd (guest, userspace)<ctx switch> (guest, kernel) - will switch in page tables for P2P2: store 5 0xabcd (guest, userspace) • Both of these processes run on the hardware without emulation • The CPU’s page tables are used to map these guest virtual addresses to distinct physical memory locations (more on this on Weds) CSE 522S – Advanced Operating Systems
Studio • Today’s studio gives you experience using QEMU emulator and KVM hypervisor on the Raspberry Pi • Support for KVM on ARM based CPUs is very recent • We need to update the OS on the Raspberry Pi • Measure performance of virtualization vs emulation CSE 522S – Advanced Operating Systems