Embed Size (px)
Citation preview
VirtualMachines
Background
• IBMsoldexpensivemainframestolargeorganiza<ons
• SomewantedtorundifferentOSesatthesame<me(becauseapplica<onsweredevelopedonoldOSes)
• Solu<on:IBMdevelopedvirtualmachinemonitor(VMM)orhypervisor(circa1974)
• MonitorsitsbetweenoneormoreOSesandHW
• GivestheillusionthateachOScontrolstheHW
• Monitormul<plexesrunningOSes
• Alevelofindirec<on:appsassumeseparateCPU,unlimitedmemory;nowanotherlayertoprovidesimilarillusiontoOS
Today’s“VMs"
Today’sVMs
• WhyVMMsnow?AretherenewreasonsforusingVMMs?
• Whichdeploymentmodelsareappropriateforwhichuses?
• Whatarethekeychallenges/issuesinbuildingVMMs?
ResurgenceinVMs
• SparkedbyworkonDisco(systemfromStanford/Rosenblum)
• ResultedinVMware--nowamarketleaderinvirtualiza<on
VMObserva<ons
• Instruc<on-setarchitecturesisoneofthefewwell-documentedcomplexinterfaces
• interfaceincludesmeaningofinterruptnumbers,etc.
• Anythingthatimplementstheinterfacecanexecutetheso]wareforthepla^orm
• Virtualmachineisaso]wareimplementa<onofthisinterface
Outline
• Discoproject
• Designspaceforvirtualiza<on
• Xenproject
Whatisamachine?
• Thehardwarearchitecturedefinesthefollowing:
• instruc<ons
• specialinstruc<ons(systemcalls,sebngtraphandlers,etc.)
• memorymanagement(pagetables,TLB)
• deviceinterface(I/O-memorymappedloads/stores)
• Howdowebuilda“virtualmachine”thatconformstoanarchitecturespecifica<on?
Tradi<onalProcess-OSModel
• Processesruninusermode
• Processes“trap”intoOS
• whentheywantservicesfromtheOS
• orwhentheyhave“faults”
• OSrunsinprivileged(kernel)mode
• canexecuteinstruc<onstosetup/updateTLBorpaging
• canexecuteinstruc<onstoinstalltraphandlers
VirtualizingCPU
• Basictechnique:limiteddirectexecu<on
• Idealcase:
• VMMjumpstofirstinstruc<onoftheOSandletstheOSrun
• Generalizeacontextswitchonprocessestomachineswitch
• savetheen<remachinestateofoneOSincludingregisters,PC,andprivilegedhardwarestate
• restorethetargetOSstate
• GuestOScannotrunprivilegedinstruc<ons(likeTLBops);VMMmustintercepttheseopsandemulatethem
SystemCallPrimer
• Consider:open(char*path,intflags,mode_tmode)
open: push dword mode // args push dword flags push dword path mov eax, 5 // system call number push eax int 80h // trap
• Processcode,hardware,andOScooperatetoimplementtheinterface
• Trap:switchestokernelmode,jumpstoOStraphandler;traphandlersregisteredbyOSatstartup
VirtualizedPla^orm
• TraphandlerisinsidetheVMM;executedinkernelmode
• WhatshouldtheVMMdo?
• doesnotknowthedetailsoftheguestOSes
• butknowswheretheOS’straphandleris
• whentheguestOSafemptedtoinstalltraphandlers,VMMinterceptsandrecordstheinforma<on
• sojumpintoOS;whichexecutestheactualhandler,performsanotherprivilegedinstr(iretonx86),bouncesbackintoVMM
• VMMperformsarealreturnfromtrapandreturnstoapp
Execu<onPrivileges
• OScannotbeinkernelmode
• Discoproject:MIPShardwarehadasupervisormode
• kernel>supervisor>user
• supervisorcanaccessliflemorememorythanuser,butcannotexecuteprivilegedinstruc<ons
• Noextramode:
• runOSinusermodeandusememoryprotec<on(pagetablesandTLBs)toprotectOSdatastructuresappropriately
• x86has4protec<onrings,soextramodeisavailable
VirtualMemoryPrimer
• TLB:fastcacheusedineveryinstruc<on
• TLBmisshandledbyOSinsomeprocessors(so]wareTLB)
• Inothercases,hardwarefillsTLBusingapagetable
• OSmanagesthepagetable
• Hardwareisaconsumerofthepagetable
• Ques<on:whatissuesarisewithvirtualmachines?
• Howdowetacklesuchissues?
VirtualizingMemory
• Normally:
• eachprogramhasaprivateaddressspace,OSvirtualizesmemoryforitsprocesses
• Now:
• mul<pleOSescansharetheactualphysicalmemory
• Sowehavevirtualmemory(VM),physicalmemory(PM),andmachinememory(MM)
• OSmapsvirtualtophysicaladdressesviaitsper-processpagetables
• VMMmapsthephysicaladdresstomachinememoryviaitsper-OSpagetables
2-LevelTransla<on
• Letusconsiderso]waremanagedTLB
• Inavirtualizedsystem:
• Applica<ontrapsintoVMM;VMMjumpstoOStraphandler
• OStriestoinstall(VM,PM)inTLB,butthistraps
• VMMinstalls(VM,MM),returnstoOSandthenApp
• VMMmaintains(PM,MM)mappingsandevendoespaging
Informa<onGap
• VMMo]endoesn’tknowwhattheOSisdoing
• Forexample,ifOShasnothingelsetorun:
• gointoanidleloopandspinwai<ngforthenextinterrupt
• Anotherexample:
• mostOSeszeropagesbeforegivingtoprocessesforsecurity
• VMMalsohastothedothesame,resul<ngindoublework!
• Oneop<onisinferenceofOSbehavior,anotherisparavirtualiza<on
DesignSpace
App is not modified App is modified
OS is not modified Disco(VMWare) ---
OS is modified Xen Denali
Xen
• Keyidea:changethemachine-OSinterfacetomakeVMssimplerandhigherperformance
• Pros:
• beferperformanceonx86
• somesimplifica<onsinVMimplementa<on
• OSmightwanttoknowthatitisvirtualized
• Cons:mustmodifytheguestOS
Xen&Paravirtualiza<on
• VM-stylevirtualiza<ononanuncoopera8vearchitecture
• OSesareportedtoanew“x86-xeno”architecture
• calltoXenforprivilegedopera<ons
• por<ngrequiressourcecode
• Retaincompa<bilitywithOSAPI
• Mustvirtualizeapplica<onvisiblearchitecturefeatures
FullyvirtualizingHardwareTLB
• Constraints:
• NotagsonTLB
• Useshadowpagetables
• GuestOSmaintains“virtualtophysicalmem”map
• VMMmaintains“virtualtomachinemem”map
• Guestreadsofpagetableisfree
• GuestwritesneedswitchingtoVMM
• Accessed/dirtybitsrequireupcallsintoOS
ParavirtualizingHardwareTLB
• Paravirtualiza<onobviatestheneedforshadows
• modifytheguestOStohandlesparsememorymaps
• GuestOSesallocateandmanagetheirownPTs
• mapXenintotop64MBinalladdressspaces
• PagetableupdatespassedtoXenforvalida<on(usebatching)
• Valida<onrules:
• onlymapapageifownedbythereques<ngguestOS
• onlymapapagecontainingPTEsforread-onlyaccess
• Xentrackspageownershipandcurrentuse
MemoryBenchmarks
• BodyLevelOne
• BodyLevelTwo
• BodyLevelThree
• BodyLevelFour
• BodyLevelFive
OtherNiceIdeas
• Domain0:
• runtheVMMmanagementatuserlevel
• easiertodebug
• Networkanddiskarevirtualdevices
• virtualblockdevices:similartoSCSIdisks
• modeleachguestOShasavirtualnetworkinterfaceconnectedtoavirtualfirewallrouter
