[Virtualization] Background and Virtualization Basics

Typical OS Structure

OS Functionalities vs Virtualized Functionalities

OS FunctionalitiesVirtualized Functionalities
– Process management
– Virtual memory system
– File and storage system

– Networking
– Other I/O systems
– Command-interpreter system
– Virtualize sensitive instructions
– Virtualized physical memory
– Virtual disk

– Virtual network interface
– Other virtualized I/O systems
– Command-interpreter system

Dual-Mode Operation

  • OS manages shared resources
  • OS protects programs from other programs (OS needs to be “privileged”)
  • Dual-mode operation of hardware
    – Kernel mode – can run privileged instructions
    – User mode – can only run non-privileged instructions

Different OS Structures

Transition between User/Kernel Modes

Interrupt

  • A mechanism for coordination between concurrently operating units of a computer system (e.g. CPU and I/O devices) to respond to specific conditions within a computer
  • Results in transfer of control (to interrupt handler in the OS), forced by hardware
  • Hardware interrupts
    – I/O devices: NIC, keyboard, etc.
    – Timer
  • Software interrupts
    – Exception: a software error (e.g., divided by zero)
    – System call

Handling Interrupts

  • Incoming interrupts are disabled (at this and lower priority levels) while the interrupt is being processed to prevent a lost interrupt
  • Interrupt architecture must save the address of the interrupted instruction
  • Interrupt transfers control to the interrupt service routine
    – generally, through the interrupt vector, which contains the addressed of all the service routines
  • If interrupt routine modifies process state (register values)
    – save the current state of the CPU (registers and the program counter) on the system stack
    – restore state before returning
  • Interrupts are re-enabled after servicing current interrupt
  • Resume the interrupted instruction

Interaction between Different Layers

Design Space (Level vs. ISA)

Type 1 and Type 2 Hypervisor (VMM)

Virtualization Principles

Popek and Goldberg’s virtualization principles in 1974:

  • Fidelity: Software on the VMM executes identically to its execution on hardware, barring timing effects
  • Performance: An overwhelming majority of guest instructions are executed by the hardware without the intervention of the VMM
  • Safety: The VMM manages all hardware resources

Possible implementation: Full Emulation / Hosted Interpretation

  • VMM implements the complete hardware architecture in software
  • VMM steps through VM’s instructions and update emulated hardware as needed
  • Pros:
    – Easy to handle all types of instructions (can enforce policy when doing so)
    – Provides complete isolation (no guest instructions runs directly on hardware)
    – Can debug low-level code in the guest
  • Cons:
    – Emulating a modern processor is difficult
    – Violated performance requirement (VERY SLOW)

Protection Rings

  • More privileged rings can access memory of less privileged ones
  • Calling across rings can only happen with hardware enforcement
  • Only Ring 0 can execute privileged instructions (CENTER)
  • Rings 1, 2, and 3 trap when executing privileged instructions
  • Usually, the OS executes in Ring 0 and applications execute in Ring 3

Improving Performance over Full Emulation

  • Idea: execute most guest instructions natively on hardware (assuming guest OS runs on the same architecture as real hardware)
  • Applications run in ring 3
  • Cannot allow guest OS to run sensitive instructions directly!
  • Guest OS runs in ring 1
  • When guest OS executes a privileged instruction, will trap into VMM (IN RING 0)
  • When guest applications generates a software interrupt, will trap into VMM (IN RING 0)
  • Goldberg (1974) two classes of instructions
    – privileged instructions: those that trap when in user mode
    – sensitive instructions: those that modify or depends on hardware configurations

Trap-and-Emulate

  • Hand off sensitive operations to the hypervisor
  • VMM emulates the effect of these operations on virtual hardware provided to the guest OS
    – VMM controls how the VM interacts with physical hardware
    – VMM fools the guest OS into thinking that it runs at the highest privilege level
  • Performance implications
    – Almost no overhead for non-sensitive instructions
    – Large overhead for sensitive instructions

System Calls with Virtualization

x86 Difficulties

  • Popek and Goldberg’s Theorem (1974): A machine can be virtualized (using trap-and-emulate) if every sensitive instruction is privileged
  • Not all sensitive instructions are privileged with x86
  • These instructions do not trap and behave differently in kernel and user mode
  • Example: popf

Possible Solutions

  • Emulate: interpret each instruction, super slow (e.g., Virtual PC on Mac)
  • Binary translation: rewrite non-virtualizable instructions (e.g., VMware)
  • Para-virtualization: modify guest OS to avoid non-virtualizable instructions (e.g., Xen)
  • Change hardware: add new CPU mode, extend page table, and other hardware assistance (e.g., Intel VT-x, EPT, VT-d, AMD-V)

Regular Virtual Memory System

TODO

Software-controlled TLB

TODO

Hardware-controlled TLB

TODO

Virtualizing Memory

TODO

I/O Virtualization

TODO

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.