Outline for Today
• Announcements– 1st programming assignment coming soon.
• Objective of the lecture– OS and Virtual Machines
Shells?
Producer/Consumer Pipes
outputinput
char inbuffer[1024];char outbuffer[1024];
while (inbytes != 0) { inbytes = read(stdin, inbuffer, 1024); outbytes = process data from inbuffer to outbuffer; write(stdout, outbuffer, outbytes);}
Pipes support a simple form of parallelism with built-in flow control.
e.g.: sort <grades | grep Dan | mail justin
Shell = Command Line Interpreter
• Not GUI• Application-level program (not part of OS)• Loops
– Prompting for input– Reads and parses input on command line– Invokes program specified with arguments supplied– Waits (or not – “&”) for completion
• Allows hooking up of multiple programs via pipes (“|”) and redirection of stdin and stdout (“<“ and “>”).
• Reads shell scripts.
Introduction to Virtual Machine Monitors
Traditional Multiprogrammed OS
• Multiple applications running with the abstraction of dedicated machine provided by OS
• Pass through of non-privileged instructions
• ISA – instruction set architecture
• ABI – application binary interface
HW
OS
Application(s)
ISA
ABI Syscalls
instr
Traditional Multiprogrammed OS
HW
OS
Application(s)
• Multiple applications running with the abstraction of dedicated machine provided by OS
• Pass through of non-privileged instructions
• ISA – instruction set architecture
• ABI – application binary interface
ISA
ABI Syscalls instr
©James Smith, U.Wisc
Virtualization Layer
©James Smith, U.Wisc
Variations on the Theme
©James Smith, U.Wisc
Virtual Machines
• History: invented by IBM in 1960’s
• Fully protected and isolated copy of the physical machine providing the abstraction of a dedicated machine
• Layer: Virtual Machine Monitor (VMM)
• Replicating machine for multiple OSs
• Security Isolation
©James Smith, U.Wisc
Virtual Machine Monitor
©J. Sugarman, USENIX01
Issues
• Hardware must be fully virtualizable – all sensitive (privileged) instructions must trap to VMM– X86 is not fully virtualizable
• In traditional model, all devices need drivers in VMM– PCs have lots of possible devices – leverage the
host OS for its drivers => hosted model
VMware Hosted Model
©J. Sugarman, USENIX01
Hosting Implications• World switch – heavier weight than normal context switch• VMM runs with full privileges (e.g., kernel mode)• I/O operations involve
– Interception by VMM– Switch to host world via Vmdriver– Issuing I/O operation to host OS via Vmapp
• Interrupts handled by host OS– VMM yields control to host OS– Reasserts interrupts to Guest OS
• Host OS does scheduling and can also pageout memory of a virtual machine
VMware Hosted Model
Xen 2.0 Features
• Secure isolation between VMs
• Resource control and QoS
• Only guest kernel needs to be ported– All user-level apps and libraries run unmodified– Linux 2.4/2.6, NetBSD, FreeBSD, Plan9
• Execution performance is close to native
• Supports the same hardware as Linux x86
• Live Relocation of VMs between Xen nodes
Xen 2.0 Architecture
Event Channel Virtual MMUVirtual CPU Control IF
Hardware (SMP, MMU, physical memory, Ethernet, SCSI/IDE)
NativeDeviceDriver
GuestOS(XenLinux)
Device Manager & Control s/w
VM0
NativeDeviceDriver
GuestOS(XenLinux)
UnmodifiedUser
Software
VM1
Front-EndDevice Drivers
GuestOS(XenLinux)
UnmodifiedUser
Software
VM2
Front-EndDevice Drivers
GuestOS(XenBSD)
UnmodifiedUser
Software
VM3
Safe HW IF
Xen Virtual Machine Monitor
Back-End Back-End
Para-Virtualization in Xen
• Arch xen_x86 : like x86, but Xen hypercalls required for privileged operations– Avoids binary rewriting– Minimize number of privilege transitions into Xen– Modifications relatively simple and self-contained
• Modify kernel to understand virtualised env.– Wall-clock time vs. virtual processor time
• Xen provides both types of alarm timer
– Expose real resource availability• Enables OS to optimise behaviour
x86 CPU virtualization
• Xen runs in ring 0 (most privileged)• Ring 1/2 for guest OS, 3 for user-space
– GPF if guest attempts to use privileged instr
• Xen lives in top 64MB of linear addr space– Segmentation used to protect Xen as switching page
tables too slow on standard x86
• Hypercalls jump to Xen in ring 0• Guest OS may install ‘fast trap’ handler
– Direct user-space to guest OS system calls
• MMU virtualisation: shadow vs. direct-mode
Para-Virtualizing the MMU
• Guest OSes allocate and manage own PTs– Hypercall to change PT base
• Xen must validate PT updates before use– Allows incremental updates, avoids revalidation
• Validation rules applied to each PTE:1. Guest may only map pages it owns*
2. Pagetable pages may only be mapped RO
• Xen traps PTE updates and emulates, or ‘unhooks’ PTE page for bulk updates
I/O Architecture• Xen IO-Spaces delegate guest OSes protected access
to specified h/w devices– Virtual PCI configuration space– Virtual interrupts
• Devices are virtualised and exported to other VMs via Device Channels– Safe asynchronous shared memory transport– ‘Backend’ drivers export to ‘frontend’ drivers– Net: use normal bridging, routing, iptables– Block: export any blk dev e.g. sda4,loop0,vg3