Transcript SC PE

Virtualization Technology
An Introduction
李哲榮、鍾葉青
Outline
•
•
•
•
•
What is virtualization?
Classification of virtualization
Classification of hypervisor implementations
ARM introduction
Introduction of QEMU/KVM
WHAT IS VIRTUALIZATION?
What Is Virtualization?
• In computing, virtualization means to create a
virtual version of a device or resource, such as
a server, storage device, network or even an
operating system where the framework
divides the resource into one or more
execution environments.
Multiple VMs in One Machine
History of Virtualization
Traditional-virtualization
1964 IBM
CP-40
1972 IBM
VM/370
Mainframe
Virtualization
Time Sharing
Virtual Memory
1997
Virtual PC
Para-virtualization
HW-assist
1999
VMware
Desktop
Virtualization
2003
Xen
Server
Virtualization
2005
Intel VT
2006
AMD VT
Cloud
Computing
Mobile
Virtualization
2007
KVM-X86
2012
Xen-ARM
KVMARM
Example: Server Virtualization
http://www.energystar.gov/index.cfm?c=power_mgt.datacenter_efficiency_virtualization
Benefits of Server Virtualization
• Virtualization can reduce data center energy
expenses by 10%–40%
• Virtualization also improves scalability,
reduces downtime, and enables faster
deployments.
• Reduce the data center footprint
Example: Mobile Virtualization
Gartner predict that by 2012, more
than 50% of new smart phones
shipped will be virtualized.
VMware MVP
ARM Cortex-A15 enables efficient
handling of the complex software
environments including full hardware
virtualization.
Benefits of Mobile Virtualization
• Portability
• Multiple OSes on a single chip
• Security
• Dynamic Update of System
Software
• Legacy Code re-use
• IP Protection
• Mobile Manageability
Reference : http://en.wikipedia.org/wiki/Embedded_Hypervisor
Linux
RTOS
Embedded
Hypervisor
P1
P2
multiple operating systems
Linux
Security
Embedded
Hypervisor
P1
P2
security environment
Virtualization Applications
•
•
•
•
•
•
•
Server Consolidation
Data Center Management
High Availability
Disaster Recovery
Fault Tolerance
Test and Development
Application Flexibility
VIRTUALIZATION CLASSIFICATION
Types of Virtualization
• Process virtual machine:
– Which is designed to run a single program, which
means that it supports a single process.
• Device Virtualization
– Which provides a virtual device for OS.
• System virtual machine:
– Which provides a complete system platform which
supports the execution of a complete operating
system (OS).
Examples
• Process Virtualization
– Language construction (Java, .NET)
– Cross-ISA emulation (68000-PowerPC-Intel Transition)
– Application virtualization (Sandboxing, mobility)
• Device Virtualization
– RAID for disk virtualization
– Software Defined Network for network virtualization
• System Virtualization
– Vmware, Xen, KVM
System Virtual Machine
• System virtual machines are capable of
virtualizing a full set of hardware resources,
including CPU, memory, storage, and
peripheral devices.
– Allow multiple OS environments.
– Examples:
Android
•
•
•
•
•
IBM VM/360,
Vmware,
Xen,
KVM,
OKL4
App
App
App
App
Windows Phone
App
Linux kernel
App
App
Windows Phone 8’s kernel
Virtual Machine Monitor
Hardware
App
Hypervisor
• System VM is supported by a hypervisor, or
called a Virtual Machine Monitor (VMM)
– Hypervisor manages hardware resources so they
can be shared among different virtual machines.
Functions of Hypervisor
• CPU Virtualization
– Handle all sensitive instructions by emulation
• Memory Virtualization
– Allocate guest physical memory
– Translate guest virtual address to host virtual
address
• I/O Virtualization
– Emulate I/O devices for guest
– Ex: Keyboard, UART, Storage and Network
Types of Hypervisors
• In their 1974 article "Formal Requirements for
Virtualizable Third Generation Architectures"
Gerald J. Popek and Robert P. Goldberg
classified two types of hypervisor:
– Type 1 hypervisor : bare metal type
– Type 2 hypervisor : hosted type
Two Types of Hypervisors
Type 1 (or native, bare metal) hypervisors
http://en.wikipedia.org/wiki/Hypervisor
Type 2 (or hosted) hypervisors
Comparisons
Virtual
Machine
Applications
Virtual
Machine
VMM
Virtual
Machine
VMM
OS
VMM
Host OS
Host OS
Hardware
Hardware
Hardware
Hardware
Traditional
uniprocessor
system
Native
VM system
User-mode
Hosted
VM system
Dual-mode
Hosted
VM system
Non-privileged
modes
Privileged
Mode
HYPERVISOR IMPLEMENTATIONS
Hypervisor Implementations
• Full Virtualization
– The guest OS is not aware it is being virtualized
and requires no modification.
• Para-Virtualization
– The guest OS is modified to replace the nonvirtualizable instructions with hypercalls that
communicate directly with the hypervisor
• Hardware Assisted Virtualization
– aka. Accelerated virtualization
Hardware Assisted Virtualization
• Some hardware components provide
functionalities to support virtualization and
improve the performance of virtualization
• Examples
– Intel VT-x
– Intel Extended Page Table (EPT)
– ARM virtualization extension
– PCIe SR-IOV and MR-IOV
Intel VT-x
• New CPU Operating Mode
– VMX Root Operation
– Non-Root Operation
• New Transitions
– VM entry to Guest
– VM exit to VMM
• VM Control Structure
– Configured by VMM
software
ARM Virtualization Extension
• New non-secure of privilege to hold hypervisor
– Hypervisor mode applies to normal world
– Guest OS given same kernel/user privilege structure
as for a non virtualized environment
Single-Root I/O Virtualization
• PCI-SIG specifies
multiple functional
elements addressing
performance and
security aspects of I/O
virtualization
• PCIe devices will have
multiple virtual
functions (VF’s)
Multi-Root I/O Virtualization
• Multiple hardware
domains utilizing
same IO endpoints
• Virtual functions
are dedicated to
virtual machines
ARM INTRODUCTION
ARM architecture
• ARM is a well-known CPU architecture in
embedded system, mobile devices, and lowpower consumption devices.
• ARM doesn’t produce and ship their own chip.
ARM license their IP to other SoC design
house and let them to combine ARM CPU
Core with their other chips.
– ARM also allow SoC design house to change CPU’s
ISA in their chips.
Roadmap of ARM’s CPUs
• ARMv4
– ARM7: Without MMU
• ARMv5
– ARM9: With MMU
• ARMv6
– ARM11: With MPCore support
Roadmap of ARM’s CPUs
• ARMv7
– With security extension, but no virtualization
extension
• Cortex-A8/Cortex-A9 / Cortex-A5
– With security & virtualization extension, with LPAE
• Cortex-A15 / Cortex-A7 (with big-LITTLE support)
• ARMv8
– 64-bit support
• Cortex-A57 / Cortex-A53 (aka. Cortex-A50 series)
Traditional ARM architecture
• Privilege Level 0:
– User mode
• Privilege Level 1:
– System mode
– IRQ mode
– FIQ mode
– Undefined mode
– Supervisor mode
– Abort mode
Privilege Level 0
Privilege Level 1
ARM 11 (ARMv6)
Security Extension
Non-Secure State
Normal
App
Normal
App
Normal
App
Secure State
Phone
SMS
Secure OS
(ex: RTOS)
Non-Secure OS
(ex: Linux)
Monitor
ARM Cortex-A8 and beyond
Security Extension
• Security Extension, a.k.a. Trust-Zone, is a systemwide approach to security on high performance
computing platforms for a huge array of applications
including secure payment, digital rights management
(DRM), enterprise and web-based services.
• Security extension can make trusted application
running on secure state and non-trusted application
running on non-secure state.
• When in the Non-Secure State, you cannot access
the memory which is allocated for Secure State
Privilege Level of Security Extension
• Secured apps and secured OS runs on secure
state
– Monitor runs on monitor mode which is on
Privilege Level 1 of Secure State(Secure State PL1).
– Secured OS runs on Privilege Level 1 of Secure
State(Secure State PL1).
– Secured apps run on Privilege Level 0 of Secure
State(Secure State PL0).
Privilege Level of Security Extension
• Normal apps and normal OS runs on nonsecure state
– Normal apps(e.g. Angry-Bird, Browser, …) run on
Privilege Level 0 of Non-Secure State(Non-Secure
PL0).
– Normal OS(e.g. Linux) runs on Privilege Level 1 of
Non-Secure State(Non-Secure PL1).
Virtualization Extension
Non-Secure State
Privilege Level 0 of Non-Secure
State
Secure State
Privilege Level 0 of Secure State
Privilege Level 1 of Non-Secure
State
Privilege Level 1 of Secure State
Privilege Level 2 of Non-Secure State
Monitor mode
ARM Cortex-A15 and beyond
ARM Virtualization Extension
• We can consider that virtualization extension
extends security extension for virtualization.
• Virtualization extension includes three major
parts:
– CPU virtualization extension
– Memory virtualization extension
– I/O virtualization extension
INTRODUCTION TO QEMU/KVM
QEMU
• QEMU (short for "Quick EMUlator") is a
hosted hypervisor for hardware virtualization
– It emulates CPU through dynamic binary
translation and provides a set of device models,
– Can run a variety of unmodified guest OSs
– It also provides an accelerated mode for
supporting a mixture of binary translation (for
kernel code) and native execution (for user code)
Operating Modes of QEMU
• User-mode emulation
– QEMU runs single programs that were compiled
for a different instruction set.
• System emulation
– QEMU emulates a full computer system, including
peripherals.
• KVM Hosting
– QEMU deals with the setting up and migration of
KVM images. KVM executes the guest OSs.
Kernel-based Virtual Machine
• KVM is a full virtualization solution for Linux
on x86 hardware containing virtualization
extensions (Intel VT or AMD-V).
– KVM requires a modified QEMU for IO
virtualization framework.
– Improve IO performance by virtio paravirtualization framework.
• Linux host OS: The kernel component of KVM
is included in mainline Linux, as of 2.6.20.
KVM Full Virtualization
User space
Kernel space
Guest Mode
1. VM initialization
2. Return to QEMU
3. Run VM
4. Enter Guest
5. Exit Guest
Lightweight trap
Enter Guest
Heavyweight trap
Exit Guest
Return to QEMU
Run VM
Enter Guest
QEMU
KVM
Guest OS
KVM
• It consists of a loadable kernel module
• kvm.ko
– provides the core virtualization infrastructure
• kvm-intel.ko / kvm-amd.ko
– processor specific modules
IO Device Model in KVM
• Original approach with full-virtualization
– Guest hardware accesses are
intercepted by KVM
– QEMU emulates hardware
behavior of common devices
• RTL 8139
• PIIX4 IDE
• Cirrus Logic VGA
IO Device Model in KVM
• New approach with para-virtualization
KVM with Vitio
References
• http://www.cs.nthu.edu.tw/~ychung/syllabus
/Virtualization.htm
• http://www.arm.com/files/pdf/System-MMUWhitepaper-v8.0.pdf
• http://systems.cs.columbia.edu/projects/kvmarm/
• http://www.futurechips.org/understandingchips/arm-virtualization-extensionsintroduction-part-1.html