1

Lecture 12 Virtualization Overview

Dec. 1, 2015Prof. Kyu Ho Park

“Understanding Full Virtualization, Paravirtualization, and Hardware Assist”,White paper, VMware.

2

Physical Hardware Processors, memory,

chipset, I/O bus and de-vices, etc.

Software Tightly coupled to hardware Single active OS image OS controls hardware

Starting Point : A Physical Machine

3

Hardware-level Abstraction Virtual Hardware : processors,

memory, chipset, I/O devices, etc.

Virtualization Software Extra level of indirection decou-

ples hardware and OS Multiplexes physical hardware

across multiple “guest” VMs Strong isolation between VMs Manages physical resources, im-

proves utilization

Virtual Machine“An efficient, isolated, duplicate of the real machine”

4

Consolidation High resource utilization

Isolation Performance isolation Fault containment

Live migration Easy management & deployment

Why Virtualization?

5

Virtual machines abstracted using a layer at dif-ferent places

System Virtualization alter-natives

6

Classical Techniques Instruction : Trap & Emulate Memory : Shadow Page Table

Full-virtualization Interpretation & code patching Binary Translation

Para-virtualization Hardware-assisted x86 VMM

Processor/Memory Virtualization Overview

7

CPU implements 4 privilege levels or “rings” 0 through 3

Two CPU execution modes divided into supervisor (0) and user mode (3)

Privilege - x86 Protection Ring

8

Native Execution Privileged kernels calls run in ring 0 Applications / userspace run in ring 3

Part of the CPU ISA only accessible by “supervi-sor” code

Virtualizing the x86 Archi-tecture

9

Virtualized Execution Hypervisor must run in ring 0 Virtual machines run in ring 3

Problem: The operating system kernel tries to run privileged “ring

0” instructions. This will cause a machine fault

Virtualizing the x86 Archi-tecture

Full Virtualization using Binary Translation

OS Assisted Virtualization or Paravirtualization

Hardware Assisted Virtualiza-tion

13

Creates entire virtual machines with emulated H/W Appears to the operating system to be generic hardware Includes virtual BIOS, Network cards, Storage controllers,

etc. No modifications to guest OS Requires “Ring compression” or “de-privileging”

Advantages “Guest” unaware of virtualization – runs unmodified OS

Disadvantages Performance - using software to emulate hardware com-

ponents Complexity – Support and maintenance issues

Examples: VMware ESX, ESXi

Full virtualization – software based

14

Interpretation Problem – too inefficient x86 decoding slow

Code Patching Problem – not transparent Guest can inspect its own code

Binary Translation (BT) Approach pioneered by VMware Run any unmodified x86 OS in VM

Methods to virtualize x86

15

Interpret all instructions

Example

Interpretation

While(1) { inst = mem[PC]; // fetch if(inst == add) { // decode // execute reg[inst.reg1]=reg[inst.reg2] + reg[inst.reg3]; PC++; }} // repeat

16

1. Scan Guest OS2. find problem instructions3. Replace with jump to VMM

Code Patching

17

“Binary translate” all guest kernel code, run it unprivileged Since x86 has non-virtualizable instructions, proactively

transfer control to the VMM (no need for traps) Safe instructions are emitted without change For “unsafe” instructions, emit a controlled emulation

sequence Use VMM translation cache for good performance

Binary Translation

18

For each translator invocation Consume a basic block (BB) Produce a compiled code frag-

ment (CCF)

Store CCF in Translation Cache Future reuse Capture working set of guest

kernel Amortize translation costs Not “patching in place”

Binary Translation mecha-nism

19

Binary Translation Example

20

1. Scan guest OS2. “translate” into code cache3. Find problem instructions4. Replace with jump to VMM

Binary Translation – Code caching

21

Modifies the guest operating system to be “virtu-alization aware”

Replaces privileged instructions in guest kernel Guest operating system “cooperates” with hypervisor Operating systems “talks” to the hypervisor directly in-

stead of emulation layer

Para-virtualization

22

Advantages High performance – near native speeds Cooperating with hypervisor leads to improved IO and

resource scheduling

Disadvantages Requires changes to the guest operating system that

only the OS vendor can perform Run a different kernel for virtual machines

Para-virtualization

23

Known as hardware virtualization x86 extension to support virtualization Enables classical trap-and-emulate VMMs while avoiding BT Intel VT-x, aka “Vanderpool Technology” AMD AMD-V, aka “Pacifica”

Case Study : Intel VT-x New VMX mode

Two privilege levels : root and non-root Root level

Similar to conventional x86 Add new VMX instructions VMM runs in root level

Non-root level Limited control of resources Including when in ring 0 Guest OS + apps runs in non-root level

Hardware-assisted VMM

24

VT-x Capabilities Root mode eliminates need to run all guest code in user

mode VMM runs in root mode For code regions with no critical instructions, HW is as effi-

cient as normal machine VM-x HW maps state-holding data elements directly to

native structures during VM execution VMCS (virtual machine control structure) encapsulates VM

state HW implementation can take over loading and unloading

state No need for VMM to perform load/stores of state info.

Eliminates the need for para-virtualization Allows standard versions of OSes to be used as guests The vmcall instruction can be used to pass hints and data

to the VMM if desired

Hardware-assisted VMM

25

Summary of virtualization technique