• No results found

Virtual Machines. COMP 3361: Operating Systems I Winter

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Virtual Machines. COMP 3361: Operating Systems I Winter"

Copied!
22
0
0

Loading.... (view fulltext now)

Download now ( 22 Page )

Full text

(1)

COMP 3361: Operating Systems I

Winter 2015 http://www.cs.du.edu/3361

Virtual Machines

(2)

1 Virtualization

! 

Create illusion of multiple machines on the same physical hardware

! 

Single computer hosts multiple virtual machines (computers)

! 

Virtualization software is also called hypervisors

! 

Each virtual machine is managed by a Virtual Machine Monitor (VMM)

! 

Host: the OS that runs the hypervisor, or the hypervisor itself

! 

Guest: the OS that runs in the virtual machine

ne

(3)

2 Why Virtualization?

! 

Isolation: failure of one guest does not bring down the entire system

! 

Cost: fewer physical machines mean less money to maintain hardware, or pay for running costs (e.g.

electricity)

! 

Migration: moving a system is equivalent to moving the memory and disk images (files) in software

! 

Legacy support: run legacy applications without the need for legacy hardware

! 

Software development: test software written for different operating systems in a single machine

! 

Class assignments!

l Machine

(4)

3 Requirements for Virtualization

! 

Safety: hypervisor should have full control of virtualized resources

! 

Fidelity: behavior of a program on a virtual machine should be identical to same program running on bare hardware

! 

Efficiency: much of the code in a virtual machine should run without intervention by the hypervisor

ne

(5)

4 Trap-and-Emulate

l Machine

`

Hypervisor

Guest processes

Guest OS

Virtualized Hardware

Virtual machine 1 Virtual machine 2 Virtual machine 3

Guest processes

Guest OS

Virtualized Hardware

Guest processes

Guest OS

Virtualized Hardware

Hardware .

.

run regular operations directly on hardware

catch (trap) operations that try to change hardware

emulate caught operations

(6)

5 Instruction Types

! 

Sensitive: instruction works differently in kernel mode and in user mode

!  e.g. POPF, SGDT, SIDT, …

! 

Privileged: instruction that is only allowed in kernel mode

!  e.g. CLI, MOV to CR3, …

!  executing a privileged instruction in user mode will result in an exception

ne

(7)

6 Type 1 Hypervisors

l Machine

Windows Linux Control Domain

Type 1 Hypervisor

Hardware

(CPU, disk, network, interrupts, etc.) Windows process Linux process

(8)

7 Type 2 Hypervisors

ne

Windows Linux

OSX

Hardware

(CPU, disk, network, interrupts, etc.) Windows process Linux process

Guest OS OSX process

Type 2 Hypervisor Host OS

(9)

8 Virtualizing Sensitive Instructions

l Machine

Guest OS

Type 1 Hypervisor

Hardware

ring 0 ring 1

ring 3

user modes

kernel mode

privileged instructions will trap to ring 0

•  Privileged instruction in user modes

•  from ring 1: emulate the instruction

•  from ring 3: transfer to exception handler in guest OS

What happens for sensitive operations performed in guest OS?

(10)

9 Full Virtualization With Binary Translation

! 

Hardware will run sensitive instructions in guest OS processes as they should be since they are issued from ring 3

! 

Sensitive instructions executed in guest OS should be run as if they are issued in kernel mode

!  ring 1 is not kernel mode: hardware will not do this by default

! 

Binary translation: sensitive instructions in kernel code are converted to calls into hypervisor code

!  hypervisor code emulates the instruction as if it is executed in kernel mode

! 

Converted code fragments are cached

ne

(11)

10 Para-Virtualization

! 

Guest OS is modified so that it makes a system call to the hypervisor when privileged operations are to be performed

!  these calls are also called hypercalls

! 

Poor portability, but easier than full virtualization

l Machine

(12)

11 Hardware Assisted Virtualization

ne

Guest OS

Type 1 Hypervisor

Hardware with Virtualization Support Technology: Intel VT-X, AMD-V

ring 0P ring 0D

ring 3

virtual kernel mode user mode

program in guest OS tries to run sensitive or privileged instruction

guest OS tries to run sensitive or privileged instruction

(13)

12 Type 2 Hypervisors

! 

Type 2 hypervisors run as user processes

! 

Must perform binary translation of all sensitive and privileged code that run in the hypervisor

! 

Or, install a module in ring 0 that takes care of loading virtual machines

!  set up to run similar to full virtualization in type 1 hypervisors

!  ring 0 module must take care to “clean” the CPU state when other host OS processes are running

l Machine

(14)

13 Memory in Virtual Machines

ne

Pages

0 4GB

Virtual Address Space

Virtual RAM

0 2GB

Physical Address Space

Physical RAM

0 8GB

Machine Address Space

virtual machine with 2GB RAM

physical machine with 8GB RAM

(15)

14 Memory Virtualization

! 

Efficiency: the lesser we involve the hypervisor, the faster the code runs

! 

Consider that the guest page tables map page x to frame y, and we use these page tables directly in hardware for efficiency

! 

Could be problematic:

!  frame y could be in use by the hypervisor or the host

!  frame y could be in use by another guest

l Machine

(16)

15 Shadow Page Tables

! 

Hypervisor maintains another set of page tables for each virtual machine

!  shadow page tables: the actual mapping between pages and frames

! 

When guest OS tries to load page tables, it traps to the hypervisor

!  loading page tables is a privileged operation

! 

Hypervisor makes MMU use the shadow page tables instead of the guest page tables

ne

(17)

16 Issue with Shadow Page Tables

! 

Guest OS removes an existing mapping

!  guest OS needs to invalidate the entry in the TLB

!  invalidating TLB is a privileged operation

!  hypervisor will know and update the shadow page table as well

! 

Guest OS remaps a page to a different frame

!  TLB invalidation should be performed here too

! 

Guest OS maps a new page to a frame

!  a simple update in memory that belongs to the guest OS

!  no sensitive/privileged operation is necessary to do this

l Machine

(18)

17 Shadow Page Table Syncing

! 

Solution 1: For the guest OS, hypervisor marks the pages containing the page directory/tables as read only in the shadow page table

!  hardware will generate an exception when attempting to write to the page directory/tables

!  exception will be handled by the hypervisor

! 

Solution 2: Delay syncing till problem occurs

!  guest OS creates new entry in its page tables

!  guest OS tries to access newly added page

!  no mapping will be found by the hardware for the page

!  since it is using the out-of-sync shadow page tables

!  an exception will be generated

hypervisor handles exception by syncing the page tables ne

(19)

18 Hardware Based Memory Virtualization

! 

Shadow page tables work by transferring control to the hypervisor via exceptions

!  too expensive!

! 

Hardware support for memory virtualization

!  AMD Nested Page Tables

!  Intel Extended Page Tables

l Machine

(20)

19 Nested Page Tables

ne

Guest Page Table Nested Page Table guest

virtual address

guest physical address

machine physical address

no mapping

no mapping

exception forwarded to guest OS

exception forwarded to hypervisor

MMU hardware

(21)

20 I/O Virtualization

! 

I/O operations are sensitive

!  hypervisor gets control when they are performed by guest OS and handles it

! 

Disk I/O: can read/write to a file instead of an actual disk

! 

Interrupts: hypervisor receives actual interrupts and propogates them to guest OS by calling the guest handler

! 

DMA transfers: hypervisor loads IOMMU with mappings such that data is transferred to frames dedicated to

guest OS

! 

Hardware support: separate buffers, registers, queues,

etc. for virtual machines

l Machi

ne

(22)

21 References

! 

Chapter 7.1-7.7, Modern Operating Systems, A.

Tanenbaum and H. Bos, 4

th

Edition.

ne

References

Download now ( PDF - 22 Page - 236.38 KB )

Related documents

Should I Practice in the Cloud? Steve McEvoy March 6 th, 2015 Beverly Hills, CA

In-House Server Firewall Server Databases Files/Images Backups Office Network.?. Hosted Computing Office Network Firewall

MEDIUM TERM FINANCIAL PLAN

[r]

Risk Factors for Early Preterm Birth at King Salman Armed Force Hospital in 2010

Factors such as maternal age, booking status, parity, multiple gestation, mode of delivery, sex of the babies and maternal disease in the current pregnancy and other

Social work education : critical imperatives for social change.

These include reviewing extant theory to contribute to a framework of knowledge and practice constitutive of social change, conducting a politically engaged, critical thematic

STEEL BUILDINGS IN EUROPE. Multi-Storey Steel Buildings Part 1: Architect s Guide

It gives the bases of good practice in order to achieve maximum benefit in using steel, in terms of structural behaviour of steel frames, the building envelope, acoustic and

Operational Risk, Business Continuity & Crisis Management

Crisis management plans to manage the crisis Business continuity plans to maintain airport. operations during

Index. American River, 326, 329, 344 American Tin Cannery Factory Premium Outlets (Pacific Grove), 376 Amoeba Records (San Francisco),

and mountain biking Mountain climbing, Mount..

Europe and the Yugoslav crisis, 1991

Eastern Europe, including the Soviet Union (When discussing what occurred after the recognition of Slovenia and Croatia, I will only refer to Russia due to its