VirtualMachines

Background

• IBMsoldexpensivemainframestolargeorganiza<ons

• SomewantedtorundifferentOSesatthesame<me(becauseapplica<onsweredevelopedonoldOSes)

• Solu<on:IBMdevelopedvirtualmachinemonitor(VMM)orhypervisor(circa1974)

• MonitorsitsbetweenoneormoreOSesandHW

• GivestheillusionthateachOScontrolstheHW

• Monitormul<plexesrunningOSes

• Alevelofindirec<on:appsassumeseparateCPU,unlimitedmemory;nowanotherlayertoprovidesimilarillusiontoOS

Today’sWorld

• WhyVMMsnow?AretherenewreasonsforusingVMMs?

• Whatarethekeychallenges/issuesinbuildingVMMs?

ResurgenceinVMs

• SparkedbyworkonDisco(systemfromStanford/Rosenblum)

• ResultedinVMware--nowamarketleaderinvirtualiza<on

VMObserva<ons

• Instruc<on-setarchitecturesisoneofthefewwell-documentedcomplexinterfaces

• interfaceincludesmeaningofinterruptnumbers,etc.

• Anythingthatimplementstheinterfacecanexecutetheso[wareforthepla\orm

• Virtualmachineisaso[wareimplementa<onofthisinterface

Outline

• Discoproject

• Designspaceforvirtualiza<on

• Xenproject

Tradi<onalProcess-OSModel

• Processesruninusermode

• Processes“trap”intoOS

• whentheywantservicesfromtheOS

• orwhentheyhave“faults”

• OSrunsinprivileged(kernel)mode

• canexecuteinstruc<onstosetup/updateTLB

• canexecuteinstruc<onstoinstalltraphandlers

VirtualizingCPU

• Basictechnique:limiteddirectexecu<on

• Idealcase:

• VMMjumpstofirstinstruc<onoftheOSandletstheOSrun

• Generalizeacontextswitchonprocessestomachineswitch

• savetheen<remachinestateofoneOSincludingregisters,PC,andprivilegedhardwarestate

• restorethetargetOSstate

• GuestOScannotrunprivilegedinstruc<ons(likeTLBops);VMMmustintercepttheseopsandemulatethem

SystemCallPrimer

• Consider:open(char*path,intflags,mode_tmode)

open: push dword mode push dword flags push dword path mov eax, 5 push eax int 80h

• Processcode,hardware,andOScooperatetoimplementtheinterface

• Trap:switchestokernelmode,jumpstoOStraphandler;traphandlersregisteredbyOSatstartup

VirtualizedPla\orm

• Applica<onremainsthesame

• TraphandlerisinsidetheVMM;executedinkernelmode

• WhatshouldtheVMMdo?

• doesnotknowthedetailsoftheguestOSes

• butknowswheretheOS’straphandleris

• (whentheguestOSademptedtoinstalltraphandlers,VMMinterceptsthecallandrecordstheinforma<on)

• sojumpintoOS;whichexecutestheactualhandler,performsanotherprivilegedinstruc<on(iretonx86),bouncesbackintoVMM

• VMMperformsarealreturnfromtrapandreturnstoapp

Execu<onPrivileges

• OScannotbeinkernelmode

• Discoproject:MIPShardwarehadasupervisormode

• kernel>supervisor>user

• supervisorcanaccesslidlemorememorythanuser,butcannotexecuteprivilegedinstruc<ons

• Noextramode:

• runOSinusermodeandusememoryprotec<on(pagetablesandTLBs)toprotectOSdatastructuresappropriately

• x86has4protec<onrings,soextramodeisavailable

VirtualMemoryPrimer

• TLB:fastcacheusedineveryinstruc<on

• TLBmisshandledbyOSinsomecases(so[wareTLB)

• Insomeothercases,hardwarefillsTLBusingapagetable

• OSmanagesthepagetable

• Hardwareisaconsumerofthepagetable

• Ques<on:whatissuesarisewithvirtualmachines?

• Howdowetacklesuchissues?

VirtualizingMemory

• Normally:

• eachprogramhasaprivateaddressspace

• OSvirtualizesmemoryforitsprocesses

• Now:

• mul<pleOSescansharetheactualphysicalmemoryandmustdosotransparently

• Sowehavevirtualmemory(VM),physicalmemory(PM),andmachinememory(MM)

• OSmapsvirtualtophysicaladdressesviaitsper-processpagetables,VMMmapstheresul<ngphysicaladdresstomachinememoryviaitsper-OSpagetables

2-LevelTransla<on

• Letusconsiderso[waremanagedTLB

• Inavirtualizedsystem:

• Applica<ontrapsintoVMM;VMMjumpstoOStraphandler

• OStriestoinstall(VM,PM)inTLB,butthistraps

• VMMinstalls(VM,MM),returnstoOSandthenApp

• VMMmaintains(PM,MM)mappingsandevendoespaging

Informa<onGap

• VMMo[endoesn’tknowwhattheOSisdoing

• Forexample,ifOShasnothingelsetorun:

• gointoanidleloopandspinwai<ngforthenextinterrupt

• Anotherexample:

• mostOSeszeropagesbeforegivingtoprocessesforsecurity

• VMMalsohastothedothesame,resul<ngindoublework!

• Oneop<onisinferenceofOSbehavior,anotherisparavirtualiza<on

DesignSpace

App is not modified App is modified

OS is not modified Disco(VMWare) ---

OS is modified Xen Denali

Xen

• Keyidea:changethemachine-OSinterfacetomakeVMssimplerandhigherperformance

• Pros:

• bederperformanceonx86

• somesimplifica<onsinVMimplementa<on

• OSmightwanttoknowthatitisvirtualized

• Cons:mustmodifytheguestOS

• Aimsforperformanceisola<on

Xen&Paravirtualiza<on

• VM-stylevirtualiza<ononanuncoopera7vearchitecture

• Supportfull-featuredmul<-usermul<-applica<onOSes

• contrastwithDenali:thinOSesforlightweightservices

• OSesareportedtoanew“x86-xeno”architecture

• calltoXenforprivilegedopera<ons

• por<ngrequiressourcecode

• Retaincompa<bilitywithOSAPI

• Mustvirtualizeapplica<onvisiblearchitecturefeatures

FullyvirtualizingtheMMU

• Constraints:

• Hardware-basedTLB

• NotagsonTLB

• Useshadowpagetables

• GuestOSmaintains“virtualtophysicalmem”map

• VMMmaintains“virtualtomachinemem”map

• Guestreadsofpagetableisfree

• GuestwritesneedswitchingtoVMM

• Accessed/dirtybitsrequireupcallsintoOS

ParavirtualizingtheMMU

• Paravirtualiza<onobviatestheneedforshadows

• modifytheguestOStohandlesparsememorymaps

• GuestOSesallocateandmanagetheirownPTs

• mapXenintotop64MBinalladdressspaces

• UpdatestopagetablesmustbepassedtoXenforvalida<on(usebatching)

• Valida<onrules:

• onlymapapageifownedbythereques<ngguestOS

• onlymapapagecontainingPTEsforread-onlyaccess

• Xentrackspageownershipandcurrentuse

MemoryBenchmarks

• BodyLevelOne

• BodyLevelTwo

• BodyLevelThree

• BodyLevelFour

• BodyLevelFive

OtherNiceIdeas

• Domain0:

• runtheVMMmanagementatuserlevel

• easiertodebug

• Networkanddiskarevirtualdevices

• virtualblockdevices:similartoSCSIdisks

• modeleachguestOShasavirtualnetworkinterfaceconnectedtoavirtualfirewallrouter