OS Virtualization

Tanenbaum 8.3

See references

cs431-cottercs431-cotter 22

Outline

• What is Virtualization?

• Why would we want it?

• Why is it hard?

• How do we do it?

• Choices

cs431-cottercs431-cotter 33

What is Virtualization?

• OS virtualization– Create a platform that emulates a hardware

platform and allow multiple instances of an OS to use that platform, as though they have full and exclusive access to the underlying hardware

cs431-cottercs431-cotter 44

What is Virtualization?

Hardware

Virtualization Platform

OS 3OS 1 OS 2 OS 4

ApplicationsApplications Applications Applications

cs431-cottercs431-cotter 55

Virtualization – Why?

• Server Consolidation– Often many servers support 1 major application– Strong isolation between VMs– Virtualization saves on hardware & energy

• Disaster Recovery

• High Availability

• Testing and Deployment

cs431-cottercs431-cotter 66

Virtualization – Why?

• Desktop Consolidation– Support for legacy applications– Software Development– Training

cs431-cottercs431-cotter 77

The Problem

• OS uses kernel mode / user mode to protect the OS. – System calls (privileged instructions) generate

a trap (software interrupt) that forces a switch to kernel mode

– These calls trigger sensitive instructions (I/O, MMU control, etc.) that must only be executed by the kernel

cs431-cottercs431-cotter 88

The Problem

• If our VM now runs in user space, we cannot run sensitive instructions in it, since those must trap to kernel space.

• Solved in 2005 with new CPUs– Intel Core 2 – VT (Virtualization Technology)– AMD Pacific – SVM (Secure Virtual Machine)– Provides new instructions that allow VM to

capture traps

cs431-cottercs431-cotter 99

Implementation

• Type 1 Hypervisor

• Type 2 Hypervisor

• Paravirtualization

cs431-cottercs431-cotter 1010

Type 1 Hypervisor

• Runs on “bare metal”• Virtual machines run in user mode

– VM runs the guest OS (which thinks it is running in kernel mode) – Virtual kernel Mode

– If guest OS calls sensitive instructions, hypervisor will trap and execute the instructions.

– If application on guest OS calls sensitive instructions (system calls), hypervisor traps to guest OS.

cs431-cottercs431-cotter 1111

Figure 8-26. When the operating system in a virtual machine executes a kernel-only instruction, it traps to the hypervisor if virtualization technology is present.

Type 1 Hypervisors

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639

cs431-cottercs431-cotter 1212

Type 2 Hypervisor

• Runs from within a OS. • Supports guest OSs above it.

– Boot from CD to load new OS– Read in code, looking for basic blocks– Then inspect basic block to find sensitive instructions.

If found, replace with VM call (process called binary translation)

– Then, cache block and execute. – Eventually all basic blocks will be modified and

cached, and will run at near native speed.

cs431-cottercs431-cotter 1313

Type 2 Hypervisor

Hardware

Virtualization Platform

OS 3OS 1 OS 2

ApplicationsApplications Applications

Applications

Base Operating System

cs431-cottercs431-cotter 1414

Paravirtualization

• Modify Guest OS so that all calls to sensitive instructions are changed to hypervisor calls.

• Much easier (and more efficient) to modify source code than to emulate hardware instructions (as in binary translation).

• In effect, turns the hypervisor into a microkernel.

cs431-cottercs431-cotter 1515

Figure 8-27. A hypervisor supporting both true virtualization and paravirtualization.

Paravirtualization (1)

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639

cs431-cottercs431-cotter 1616

Problems with Paravirtualization• Paravirtualized systems won’t run on

native hardware• There are many different paravirtualization

systems that use different commands, etc.– VMware, Xen, etc.

• Proposed solution: – Modify the OS kernel so that it calls a special

set of procedures to execute sensitive instructions (Virtual Machine Interface )

• Bare metal – link to library that implement code• On VM – link to VM specific library

cs431-cottercs431-cotter 1717

Figure 8-28. VMI Linux running on (a) the bare hardware (b) VMware (c) Xen.

Paravirtualization (2)

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639

cs431-cottercs431-cotter 1818

Products (partial List)

• Microsoft – Virtual PC, Hyper-V

• QEMU – Processor Emulation & VM

• Sun Microsystems – xVM, VirtualBox

• VMware – ESX Server, Workstation, Fusion, Player, Server

• Xen – Xen

• VirtualIron

cs431-cottercs431-cotter 1919

Memory Virtualization

• OS tracks mapping of virtual memory pages to physical memory pages.

• Builds page tables, then update paging register (trap).

• Allow hypervisor to manage page mapping, and use shadow page tables for the VMs

Memory Virtualization

• Changes to page tables do NOT trap!– One solution: Mark shadow page tables as

read only. Then when VM tries to write to table, page fault traps to hypervisor.

– Paravirtualized OS: Since OS has been modified to account for hypervisor, page table updates can be followed by call to hypervisor about changes.

cs431-cottercs431-cotter 2020

cs431-cottercs431-cotter 2121

I/O Virtualization

• Each guest OS holds its own “partition”.– Typically implemented as a file or region on

disk– Hypervisor must convert guest OS address

(block #) into physical address in region– May convert between storage types.– Must deal with DMA requests

cs431-cottercs431-cotter 2222

VM on Multi-core CPUs

• Each core can be configured for multiple virtual machines. – A Quad-core CPU could be configured as a

32 node multi-computer– Limiting factor is often memory. Each guest

OS has its own requirements (512 MB?)

Installing a Virtual machine

• Will first install VirtualBox as hypervisor

• Base OS is Windows 7

• Guest OS will be Ubuntu 12.04.1

cs431-cotter 23

Installing VirtualBox

cs431-cotter 24

Installing VirtualBox

cs431-cotter 25

Installing VirtualBox

cs431-cotter 26

Installing VirtualBox

cs431-cotter 27

Installing Ubuntu VM

cs431-cotter 28

Installing Ubuntu VM

cs431-cotter 29

Installing Ubuntu VM

cs431-cotter 30

Installing Ubuntu VM

cs431-cotter 31

Installing Ubuntu

VM

cs431-cotter 32

Installing Ubuntu VM

cs431-cotter 33

Installing Ubuntu VM

cs431-cotter 34

Installing Ubuntu VM

cs431-cotter 35

cs431-cottercs431-cotter 3636

Summary

• Virtualization provides a way to consolidate OS installations onto fewer hardware platforms

• 3 basic approaches– type 1 hypervisor– type 2 hypervisor– Paravirtualization

• Must also account for virtual access to shared resources (memory, I/O)

cs431-cottercs431-cotter 3737

References

• Virtual Machine Interface– http://vmi.ncsa.uiuc.edu/

• VirtualBox– https://www.virtualbox.org

• Xen Hypervisor (Red Hat Linux)– http://www.xen.org/

• Virtual PC 2007– http://www.microsoft.com

cs431-cottercs431-cotter 3838

Questions

• In terms of resource allocation does a type 1 hypervisor leave more or less space for guest OSs than a type 2 hypervisor? Why?

• In terms of a access to a guest OS, what is the difference between a bridged interface and a NAT interface?

• What changes are needed to convert a guest OS into a paravirtualized OS?

• Why has virtualization not been available on PCs until recently (2005)?