1 / 35

Understanding Virtual Machines in Advanced Operating Systems

Explore in-depth information on virtual machines, including types, benefits, and virtualization technologies in advanced operating systems. Learn about VM execution, privileged instructions, and handling sensitive instructions effectively.

plyles
Download Presentation

Understanding Virtual Machines in Advanced Operating Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CSC 660: Advanced OS Virtual Machines CSC 660: Advanced Operating Systems

  2. Topics • What is a VM? • Process vs System VMs • Virtualizing the Processor • Virtualizing Memory • Virtualizing I/O • VM Performance Issues • Intel VT-x Technology • Paravirtualization CSC 660: Advanced Operating Systems

  3. What is a VM? A virtualized system that • Provides a consistent ABI to guest programs. • Runs on a host system (software + hardware.) • Controls resources available to guest programs. • May provide different resources than hardware • Different Type (ex: JVML in Java VM) • Different Quantity (ex: more/fewer CPUs, disks, etc.) • May be of two major types • Process: provides VM to a single process. • System: emulates an entire machine w/ guest OS. CSC 660: Advanced Operating Systems

  4. System Models Non-virtual Machine Virtual Machine CSC 660: Advanced Operating Systems

  5. Why use Virtual Machines? Portability Run software on a different OS. Run software on a different CPU. Aggregation Modern machines are fast and underused. Put multiple servers in VMs on one real machine. Development Complex software environments. Processor testing and simulation. Debugging Can analyze every aspect of hardware behavior. Security VMs provide greater isolation of software than regular OS. CSC 660: Advanced Operating Systems

  6. Types of VMs CSC 660: Advanced Operating Systems

  7. Process VMs • Multitasking • Each process in a multitasking OS. • VM = System call interface + ISA + VirtMem • Emulators • Allow a process to run on a different OS/ISA. • Types: • Interpreter • Dynamic binary translator • High Level Language VMs • ex: Pascal, JVM, CLR CSC 660: Advanced Operating Systems

  8. HLL VMs HLL Program HLL Program Compiler Front End Compiler Intermediate Code Byte Code Compiler Back End Dist VM Loader Object Code Virtual Memory Image Loader VM Dist Memory Image Host Instructions CSC 660: Advanced Operating Systems

  9. System VMs • Virtual Machine Monitor (VMM) • Provides illusion of multiple isolated machines. • Manages allocation of and access to hardware resources for multiple guest OSes. • Layer between hardware and guest OS. • VMM tasks • State management • Resource control CSC 660: Advanced Operating Systems

  10. Guest Apps Guest Apps Guest OS Host OS Guest OS OS Hardware Hardware Hardware System VMs Applications VMM VMM b. Native VMM c. User-mode Hosted VMM a. Traditional OS CSC 660: Advanced Operating Systems

  11. VMM Modes • Requirement: guest OS may not change hardware resources to impact other VMs or the VMM. • Guest OS runs in user mode. • VMM runs in supervisor mode. • Tracks virtual mode of VM. • User programs run in virtual user mode. • OS runs in virtual supervisor mode. • Exceptions & interrupts invoke VMM. • VMM can handle directly • or produce a virtual exception for guest OS. CSC 660: Advanced Operating Systems

  12. System VM Execution • Timer Interrupt in running VM. • Context switch to VMM. • VMM saves state of running VM. • VMM determines next VM to execute. • VMM sets timer interrupt. • VMM restores state of next VM. • VMM sets PC to timer interrupt handler of next VM. • Next VM active. CSC 660: Advanced Operating Systems

  13. IBM VM/370 Mainframe VMM OS. • First VM environment in System/360 1965. • Control program was a native VMM. • Each user had VM running single-user CMS. • Principles still used in z/VM on IBM zSeries. CSC 660: Advanced Operating Systems

  14. VMWare • x86-based VM. • VMWare Workstation • Hosted VMM runs on Linux or Windows. • Any x86 OS can be used as guest OS. • VMWare ESX Server • Native VMM runs directly on x86 hardware. • VMotion allows VM migration. CSC 660: Advanced Operating Systems

  15. Virtualizing the Processor • Emulation • VMM examines each guest instruction and emulates on virtualized resources the effects that instruction would have had on real resources. • Only method when host/guest ISA differs. • May be necessary with identical host/guest ISA. • Direct Native Execution • Host ISA must be identical to guest ISA. • Most instructions executed directly on CPU. • Some sensitive instructions must be emulated. CSC 660: Advanced Operating Systems

  16. Privileged Instructions • Instrs that trap if executed in user mode. • I/O • Memory Management • Can only be executed in supervisor mode. CSC 660: Advanced Operating Systems

  17. Handling Privileged Instructions Instruction Trap Dispatcher Interpreter Routine #1 Instructions to change machine resources. Allocator Interpreter Routine #N CSC 660: Advanced Operating Systems

  18. Handling Privileged Instructions • Instruction Trap invokes VMM Dispatcher. • Dispatcher calls Instruction Routine. • Changes mode to supervisor. • Emulates instruction. • Computes return target. • Restores mode to user. • Jumps to target. CSC 660: Advanced Operating Systems

  19. Sensitive Instructions Some instructions cannot be executed directly on the CPU because they would interfere with the VMM or other VMs. Control-sensitive Instructions Attempt to modify resource configuration. Behavior-sensitive Instructions Behavior depends on resource configuration, including user/kernel mode setting. CSC 660: Advanced Operating Systems

  20. Non-Privileged Sensitive Instructions Example: POPF Pops flag registers from stack. Includes interrupt-enable flag. User mode, POPF modifies all but interrupt flag. Kernel mode, POPF modifies all flags. CSC 660: Advanced Operating Systems

  21. Efficient VMs • If all sensitive instructions are privileged, the processor is considered to be virtualizable. • All sensitive instructions produce a trap. • If non-privileged sensitive instructions exist, then the VMM must examine all instructions before execution to trap these instructions. • Emulation • Dynamic Binary Translation (Patching) CSC 660: Advanced Operating Systems

  22. Memory Virtualization • Virtual Memory in a VM • Each guest OS maintains own set of page tables. • Guest OS translates virtual memory locations to real memory locations (“physical memory” of VM.) • Guest OS has swap space on virtual disk. • VMM • Translates real memory to physical memory using MMU. • Doubles number of page faults. • VMM has swap space on physical disk. CSC 660: Advanced Operating Systems

  23. Shadow Page Tables • VMM maintains shadow page tables • Map virtual->physical instead of real->physical. • VMM validates guest page table updates. • Replicates guest changes in shadow page table. • Virtualize page table pointer register. • VMM manages real page table pointer. • Updates page table ptr when switching VMs. CSC 660: Advanced Operating Systems

  24. guest reads Guest Page Table guest writes Accessed & Updates dirty bits Shadow Page Table VMM Shadow Page Tables Guest OS MMU Hardware CSC 660: Advanced Operating Systems

  25. I/O Virtualization • VMM must intercept all guest I/O ops. • PC: privileged IN and OUT instructions. • I/O operation may consist of many INs/OUTs. • Problem: huge array of diverse hardware • Native VMM needs driver for each device. • Hosted VMM uses host drivers w/ perf penalty. CSC 660: Advanced Operating Systems

  26. Virtualizing Devices • Dedicated Devices • VM has sole control of device. • Partitioned Devices • VM has dedicated slice of device, treats as full. • VMM translates virtual full dev parameters to parameters for underlying physical device. • Shared Devices • VMM can multiplex devices. • Each VM may have own virtual device state. • Nonexistent Devices • Virtual software devices with no physical counterpart. CSC 660: Advanced Operating Systems

  27. Virtualizing a Network Card CSC 660: Advanced Operating Systems

  28. VM Performance Why is VM slower than physical hardware? Emulation: Sensitive instructions must be emulated. Interrupt Handling: VMM must handle interrupts, even if eventually passed to guest. Context Switches: VMM must save VM state when controlled transferred to VMM. Bookkeeping: VMM has to do work to simulate behavior of real machine, such as keeping track of time for VMs. Memory: Memory accesses may require access to both shadow and local page tables. CSC 660: Advanced Operating Systems

  29. VT-x Technology • New CPU modes: VMX root/non-root • VMM runs in VMX root. • Guest VMs run in VMX non-root. • Each mode has rings 0..3. • Virtual Machine Control Structure (VMCS) • Guest Area, Host Area. • Transitions • VM Entry: root to non-root transition. • Load processor state from VMCS guest area. • VM Exit: non-root to root transition. • Save state to VMCS guest area, load state from host area. CSC 660: Advanced Operating Systems

  30. VT-x Technology • Instructions • Some sensitive instructions operate on non-root VMX state; others produce a VM exit. • VMM controls which instructions VM exit. • Interrupts • External interrupts cause VM exits. • VMM controls which exceptions VM exit. CSC 660: Advanced Operating Systems

  31. Paravirtualization: Xen • Provide VM abstraction similar to hardware. • Modifies guest OS to use Xen/x86 architecture. • Memory • Guest has read access to hardware page tables. • Updates batched and validated by Xen VMM. • CPU • Guest OS installs direct system call handler. • Sensitive instructions replaced with Xen calls. • I/O • Event mechanism replaces hardware interrupts. CSC 660: Advanced Operating Systems

  32. Xen 1.2 Architecture CSC 660: Advanced Operating Systems

  33. 4GB S Xen Kernel S 3GB ring 0 ring 1 User ring 3 U 0GB Xen VMM • VMM resides in top 64MB. • Protected by segmentation, not page tbl for perf. CSC 660: Advanced Operating Systems

  34. 1.1 1.0 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0.0 L X V U L X V U L X V U L X V U SPEC INT2000 (score) Linux build time (s) OSDB-OLTP (tup/s) SPEC WEB99 (score) Benchmark suite running on Linux (L), Xen (X), VMware Workstation (V), and UML (U) Xen System Performance CSC 660: Advanced Operating Systems

  35. References • Paul Barham et. al., “Xen and the Art of Virtualization,” 19th ACM Symposium on Operating Systems Principles, Oct. 19-22 2003. • Ian Pratt, “Xen 3.0 and the Art of Virtualization,” Ottawa Linux Symposium 2005. • John Scott Robin and Cynthia E. Irvine, “Analysis of the Intel Pentium’s Ability to Support a Secure Virtual Machine Monitor,” Proceedings of the 9th USENIX Security Symposium, Aug 14-17 2000. • Mendel Rosenblum and Tal Garfinkel, “Virtual Machine Monitors: Current Technology and Future Trends,” IEEE Computer, May 2005. • James E. Smith and Ravi Nair, Virtual Machines, Elsevier, 2005. • Abraham Silberschatz, Peter Baer Galvin, and Greg Gagne, Operating System Concepts, 6th edition, Wiley, 2003. • Jeremy Sugerman, et. al., “Virtualizing I/O Devices on VMware Workstation’s Hosted Virtual Machine Monitor,” Proceedings of the 2001 USENIX Annual Technical Conference, 2001. • Rich Uhlig et. al., “Intel Virtualization Technology,” IEEE Computer, May 2005. CSC 660: Advanced Operating Systems

More Related