CS 695 Topics in Virtualization and Cloud Computing. More Introduction + Processor Virtualization

CS 695 Topics in Virtualization and Cloud Computing More Introduction

Process vs. System view of “machine”

●

ABI – application binary interface

Process Virtual Machine

System Virtual Machine

Virtual Machine Applications

System VM benefits

● Single application containers---reliability, isolation, security

● Mixed OS environments (legacy apps)

● Multi-platform application development

● Software testing and debugging

● Version transitioning

● Event monitoring and checkpointing

● Record-replay, migration of machines

● IaaS

Scope of course (revisited)

●

How to provide system-level virtualization?

● Common problems/approaches

● Specific techniques/optimizations

●

Assuming VMs exist (and can be flexed) ...

● How to exploit/use them to meet IaaS requirements?

Key VMM responsibilities

●

State management

– Switch VMs

●

Resource control

– VM has access to resources when scheduled

● cpu, memory region etc.

– VMM owns & controls all resources

●

VMM is required to control/arbitrate

hardware resources

Ex.1 : Process virtual memory example

VA to RA conversion

●

Each process provided with a (virtual) linear address space

● Translation via a system call

●

Number of page tables?

●

When process switches what happens?

Ex.2 : The interval time

●

interval timer

● OS (privileged) resource

● Set value to timer (register) when process scheduled

● Timer ticks to zero (time to deschedule process)

● Interrupt on regs value zero

● OS handles interrupt, schedules (new) process

●

How to manage interval timer with VMs?

● Should OS of VM be able to read/write interval timer?

● Write

● Read

Processor Virtualization

●

Different ISAs of guest and host

– Emulation

– Binary translation

●

Same ISAs of guest and host

– Direct native execution

– In all cases?

Virtualizability properties

●

Popek & Goldberg (1974)

– VMM should satisfy following properties

1. Efficiency

● Innocuous instructions natively executed 2. Resource control

● No direct control on physical resources for guest 3. Equivalence

● Identical behavior on native and virtual environments

● Performance and resource availability exceptions

Modes of execution

●

User mode

– Guest OS

– VMM

●

Privileged mode (System mode)

– VMM

Types of instructions

●

Privileged instructions

– Reduced functionality or no-permissions in user mode

– Generate trap when executed in user mode

– E.g.,

– LPSW (load processor status word from memory location)

● Set CPU mode, PC etc.

– SPT (set cpu timer)

Types of instructions

●

What should be condition on guest VMs?

Does this satisfy G&P conditions?

Does this satisfy G&P conditions?

●

Theorem 1:

– VMM can be constructed if, sensitive subset of priviliged

●

Theorem 2:

– VMM is virtualizable

What about problem cases?

●

Sensitive but unprivileged instructions

● Critical instructions

– 1. popf, pushf

● no-op for interrupt enable/disable in user mode

● sensitive instruction

– 2. %cs register

● Expose CPL to process (Guest OS in ring 3)

– 3. lar, lsl

● Load access rights, load segment limits

● Answer depends on privilege level

● Guest OS is at ring 3!

Handling Criticial instructions

●

Scan and patch

●

Paravirtualization

– Replace criticial instructions with new 'safe' versions

– New ISA exported by VMM

– Guest OS needs to re-implement/re-compile

●

Hardware-assisted virtualization

● AMD-V, VT-X

● Root and non-root modes

● Configure exit conditions

Resource virtualization - Memory

● What do Guest VMs expect?

– A linear memory address space

– “Real” addressable area, staring from 0x00000000

● Memory for processes

– Virtual memory (and paging)

Paging on Native Systems

●

cr3

●

page directory

●

page table

●

page

Paging on Native Systems

Resource virtualization - Memory

● What do Guest VMs expect?

– A linear memory address space

– “Real” addressable area, staring from 0x00000000

● Memory for processes

– Virtual memory (and paging)

● How to virtualize memory to meet these requirements?

Terminology

●

guest virtual address

– gfn : guest frame number

●

pseudo-physical address

– pfn : physical frame number

●

machine address

– mfn : machine frame number

(Two-level) translation

●

Virtual address of process in guest VM needs a real physical address

Pseudo-physical address

Guest virtual

address Machine

address

v2p p2m

Guest OS VMM

Direct Mapping

Shadow Paging

Hardware-assisted

Memory virtualization performance (1)

Memory virtualization performance (2)

What about the TLB?

●

Translation lookaside buffer

● v2m mapping in cache

●

When is TLB flushed?

●

Virtualizing the TLB

Next class

●

[kvm]

●

Next week

– [kvm]

– [xen]