A Comparison of Software and Hardware Techniques for x86

  • View
    736

  • Download
    2

Embed Size (px)

DESCRIPTION

 

Text of A Comparison of Software and Hardware Techniques for x86

  • 1. A Comparison of Software and Hardware Techniques for x86 Virtualization Paper by Keith Adams & Ole Agesen (VMWare) Presentation by Jason Agron
  • 2. Presentation Overview
    • What is virtualization?
    • Traditional virtualization techniques.
    • Overview of Software VMM.
    • Overview of Hardware VMM.
    • Evaluation of VMMs.
    • Conclusions
    • Questions
  • 3. Virtualization
    • Defined by Popek & Goldberg in 1974.
    • Establishes 3 essential characteristics of a VMM:
      • Fidelity
        • Running on VMM == Running directly on HW.
      • Performance
        • Performance on VMM == Performance on HW.
      • Safety
        • VMM manages all hardware resources (correctly?).
  • 4. Is This Definition Correct?
    • Yes, but its scope should be taken into account.
    • It assumes the traditional trap-and-emulate style of full virtualization.
      • This was extremely popular circa 1974.
      • Completely transparent.
    • It does not account for
      • Paravirtualization.
        • Not transparent.
        • Guest software is modified.
  • 5. Full Virtualization
    • Full == Transparent
    • Must be able to detect when VMM must intervene.
    • Definitions:
      • Sensitive Instruction:
        • Accesses and/or modifies privileged state.
      • Privileged Instruction:
        • Traps when run in an unprivileged mode.
  • 6. Traditional Techniques
    • De-privileging
      • Run guest programs in a reduced privilege level so that privileged instructions trap.
      • VMM intercepts the trap and emulates the functionality of the original call.
      • Very similar to the way programs transfer control to the OS kernel during a system call.
  • 7. Traditional Techniques
    • Primary & Shadow Structures
      • Each virtual systems privileged state differs from that of the underlying HW.
      • Therefore, the VMM must provide the correct environment to meet the guests expectations.
    • Guest-level primary structures reflect the state that a guest sees.
    • VMM-level shadow structures are copies of primary structures.
      • Kept coherent via memory traces.
  • 8. Traditional Techniques
    • Memory traces
      • Traps occur when on-chip privileged state is accessed/modified.
      • What about off-chip privileged state?
        • i.e. page tables.
          • They can be accessed by LOADs/STOREs.
            • Either by CPU or DMA-capable devices.
    • HW page protection schemes are employed to detect when this happens.
  • 9. Refinements to Classical Virtualization
    • Traps are expensive!
    • Improve the Guest/VMM interface:
      • AKA Paravirtualization.
      • Allows for higher-level information to be passed to the VMM.
      • Can provide features beyond the baseline of classic virtualization.
    • Improve the VMM/HW interface:
      • IBMs System 370 - Interpretive Execution Mode.
      • Guests allowed safe and direct access to certain pieces of privileged information w/o trapping.
  • 10. Software VMM
    • x86 - not classically virtualizable.
      • Visibility of privileged state.
        • i.e. Guest can observe its privilege level via un-protected %cs register.
      • Not all sensitive instructions trap.
        • i.e. Privileged execution of popf (pop flags) instruction modifies on-chip privileged state.
        • Unprivileged execution must trap so that VMM can emulate its effects.
        • Unfortunately, no trap occurs, instead a NO-OP.
  • 11. Software VMM
    • How can x86s faults be overcome?
    • What if guests execute on an interpreter?
    • The interpreter can
      • Prevent leakage of privileged state.
      • Ensure that all sensitive instructions are correctly detected.
    • Therefore it can provide
      • Fidelity
      • Safety
      • Performance??
  • 12. Interpreter-Based Software VMM
    • Authors Statement:
      • An interpreter-based VMM will not provide adequate performance.
        • A single native x86 instruction will take N instructions to interpret.
    • Question:
      • Is this necessarily true?
    • Authors Solution:
      • Binary Translation.
  • 13. Properties of This BT
    • Dynamic and On-Demand
      • Run-time translation interleaved with code execution.
      • Code is translated only when about to execute.
      • Laziness avoids problem of distinguishing code & data.
    • System-level
      • All translation rules are set by the x86 ISA.
    • Subsetting
      • Input is x86 ISA binary
      • Output is a safe subset of the ISA.
        • Mostly user-mode instructions.
    • Adaptive
      • Can optimize generated code over time
  • 14. BT Process
      • Input a TU (Translation Unit)
        • Stopping at either:
          • 12 instructions.
          • Terminating instruction (usually control flow).
      • Translate the TU into a CCF (Compiled Code Fragment).
      • Place generated CCF into the TC (Translation Cache).
  • 15. BT Process
      • CCFs must be chained together to form a complete program.
      • Each CCF ends in a continuation that acts as a link.
      • Continuations are evaluated at run-time
        • Can be translated into jumps
        • Can be removed (code merely falls through to next CCF).
      • If a continuation is never hit
        • Then it is never transformed.
        • Thus, the BT acts like a just-in-time compiler.
      • Software