1 / 35

Introduction to Virtual Machines

Introduction to Virtual Machines. Scott Devine Principal Engineer, Co-Founder VMware, Inc. Outline. What is virtualization? How-to virtualize CPU Memory I/O. What is Virtualization. Linux. Linux (devel). XP. Vista. MacOS. Virtual Machine Monitor. Hardware. Isomorphism.

ziven
Download Presentation

Introduction to Virtual Machines

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Introduction to Virtual Machines Scott Devine Principal Engineer, Co-Founder VMware, Inc.

  2. Outline • What is virtualization? • How-to virtualize • CPU • Memory • I/O

  3. What is Virtualization Linux Linux (devel) XP Vista MacOS Virtual Machine Monitor Hardware

  4. Isomorphism Formally, virtualization involves the construction of an isomorphism from guest state to host state. Guest Si Si’ e(Si) Sj Sj’ V(Si) V(Sj) Host e’(Si’)

  5. Virtualization Properties • Isolation • Encapsulation • Interposition

  6. Types of Virtualization • Process Virtualization • Language construction • Cross-ISA emulation • Apple’s 68000-PowerPC-Intel Transition • Device Virtualization • RAID • System Virtualization • VMware • Xen • Microsoft’s Hyper-V

  7. System Virtualization Applications • Server Consolidation • Data Center Management • VMotion • High Availability • Automatic Restart • Disaster Recovery • Fault Tolerance • Test and Development • Application Flexibility

  8. CPU Virtualization • Trap and Emulate • Binary Translation

  9. Privileged State State of the processor is privileged if • access to that state breaks the virtual machine’s isolation boundaries • if it is needed by the monitor to implement virtualization

  10. Trap and Emulate Guest OS + Applications Unprivileged Page Fault Undef Instr vIRQ Virtual Machine Monitor Privileged MMU Emulation CPU Emulation I/O Emulation

  11. “Strictly Virtualizable” A processor or mode of a processor is strictly virtualizable if, when executed in a lesser privileged mode: • all instructions that access privileged state trap • all instructions either trap or execute identically • …

  12. Issues with Trap and Emulate • Not all architectures support it • Trap costs may be high • Monitor uses a privilege level • Need to virtualize the protection levels

  13. Binary Translation Guest Code Translation Cache vEPC movebx, eax movebx, eax start cli mov [VIF], 0 and ebx, ~0xfff and ebx, ~0xfff movebx, cr3 mov [CO_ARG], ebx sti call HANDLE_CR3 ret mov [VIF], 1 test [INT_PEND], 1 jne call HANDLE_INTS jmp HANDLE_RET

  14. Controlling Control Flow Guest Code Translation Cache vEPC test eax, 1 test eax, 1 start jeq jeq add ebx, 18 call END_BB movecx, [ebx] vEPC mov [ecx], eax call END_BB ret vEPC

  15. Controlling Control Flow Guest Code Translation Cache test eax, 1 test eax, 1 jeq jeq vEPC add ebx, 18 call END_BB find next movecx, [ebx] vEPC mov [ecx], eax call END_BB ret vEPC add ebx, 18 movecx, [ebx] mov [ecx], eax call HANDLE_RET eax == 0

  16. Controlling Control Flow Guest Code Translation Cache test eax, 1 test eax, 1 jeq jeq vEPC add ebx, 18 jmp movecx, [ebx] mov [ecx], eax call END_BB ret vEPC add ebx, 18 movecx, [ebx] mov [ecx], eax call HANDLE_RET eax == 0

  17. Controlling Control Flow Guest Code Translation Cache test eax, 1 test eax, 1 jeq jeq add ebx, 18 jmp movecx, [ebx] vEPC mov [ecx], eax call END_BB find next ret vEPC add ebx, 18 movecx, [ebx] mov [ecx], eax call HANDLE_RET eax == 1 mov [ecx], eax call HANDLE_RET

  18. Controlling Control Flow Guest Code Translation Cache test eax, 1 test eax, 1 jeq jeq add ebx, 18 jmp movecx, [ebx] vEPC mov [ecx], eax jmp ret add ebx, 18 movecx, [ebx] mov [ecx], eax call HANDLE_RET eax == 1 mov [ecx], eax call HANDLE_RET

  19. Issues with Binary Translation • Translation cache index data structure • PC Synchronization on interrupts • Self-modifying code • Notified on writes to translated guest code

  20. Other Uses for Binary Translation • Cross ISA translators • Digital FX!32 • Optimizing translators • H.P. Dynamo • High level language byte code translators • Java • .NET/CLI

  21. New Hardware Support for CPU Virtualization • New guest mode • Guest control block • Specifies guest state • New operations • VM enter • VM exit

  22. Memory Virtualization • Shadow Page Tables • Nested Page Tables

  23. Traditional Address Spaces 0 4GB Virtual Address Space 0 4GB Physical Address Space

  24. Traditional Address Translation TLB Virtual Address Physical Address 1 4 2 5 3 Operating System’s Page Fault Handler Process Page Table 2

  25. Virtualized Address Spaces 0 4GB Virtual Address Space Guest Page Table 0 4GB Physical Address Space VMM PhysMap 0 4GB Machine Address Space

  26. Virtualized Address Spacesw/ Shadow Page Tables 0 4GB Virtual Address Space Shadow Page Table Guest Page Table 0 4GB Physical Address Space VMM PhysMap 0 4GB Machine Address Space

  27. Virtualized Address Translationw/ Shadow Page Tables TLB Virtual Address Machine Address 4 1 5 2 6 3 Shadow Page Table Guest Page Table PMap 3 2 A

  28. Issues with Shadow Page Tables • Guest page table consistency • Rely on Guest’s need to invalidate TLB • Performance considerations • Aggressive shadow page table caching necessary • Need to trace writes to cached page tables

  29. Virtualized Address Spacesw/ Nested Page Tables 0 4GB Virtual Address Space Guest Page Table 0 4GB Physical Address Space VMM PhysMap 0 4GB Machine Address Space

  30. Virtualized Address Translationw/ Nested Page Tables TLB Virtual Address Machine Address 3 1 2 Guest Page Table PhysMap By VMM 2 3

  31. Issues with Nested Page Tables • Positives • Simplifies monitor design • No need for page protection calculus • Negatives • Guest page table is in physical address space • Need to walk PhysMap multiple times • Need physical to machine mapping to walk guest page table • Need physical to machine mapping for original virtual address • Other Memory Virtualization Hardware Assists • Monitor Mode has its own address space • No need to hide the monitor

  32. Interposition with Memory VirtualizationPage Sharing VM1 VM2 Virtual Virtual Physical Physical Machine Read-Only Copy-on-wrte

  33. I/O Virtualization Guest Virtual Device Driver Virtual Device Driver Virtual Device Driver Virtual Device Model Virtual Device Model Virtual Device Model Abstract Device Model Device Interposition Compression Bandwidth Control Record / Replay Overshadow Page Sharing Copy-on-Write Disks Encryption Intrusion Detection Attestation Device Back-ends Remote Access Cross-device Emulation Disconnected Operation Multiplexing Device Sharing Scheduling Resource Management H.W. Device Driver H.W. Device Driver Hardware

  34. Issues with I/O Virtualization • Need physical memory address translation • need to copy • need translation • need IO MMU • Need way to dispatch incoming requests

  35. Additional Reading • www.vmware.com/pdf/asplos235_adams.pdf • govirtual.org

More Related