System Virtualization 1
Download
Report
Transcript System Virtualization 1
System Virtualization 1
Learning Objective:
– To understand the implementation choices
and details of System Virtualization
COMP25212
1
Aims and Definitions
Application
Applications
Applications
Operating System
Guest A
Operating System
Guest B
Operating System
Hardware
Virtual Machine Monitor/Hypervisor
Host Hardware
Unvirtualized
Virtualized
Host:
Guest:
COMP25212
2
Hosted Virtualization
Application
Applications
Applications
Guest A
Operating System
Guest B
Operating System
Virtual Machine Monitor/Hypervisor
Host Operating System
Host Hardware
Advantages?
Disadvantages?
COMP25212
3
Xen Guest 0
Virtualization
Application
Applications
Applications
Guest 0
Operating System
Guest A
Operating System
Guest B
Operating System
Virtual Machine Monitor/Hypervisor
Host Hardware
Advantages?
Disadvantages?
COMP25212
4
Revision: OS
Protection/Privilege
OS handles physical
resources:
– Privileged
Application
Operating System
• Application isolated
from resources:
Hardware
– Non-privileged
Unvirtualized
COMP25212
5
Virtualization:
Protection/Privilege
• VMM handles
physical resources:
– Privileged
• Guest OS isolated
from resources
Applications
Applications
Guest A
Operating System
Guest B
Operating System
Virtual Machine Monitor/Hypervisor
Host Hardware
– non- (less)privileged
Virtualized
VMM gets control on every guest OS access to
physical resource
COMP25212
6
What Physical Resources
are Guarded?
• Timers
• CPU registers:
– Interrupt Enable
– Page Table Base
• Device Control Registers
– Programmed I/O?
– Interrupt I/O?
– DMA I/O?
• Interrupts (may be for different Guest?)
• Memory Mapping (page tables)
COMP25212
7
How does Guest Cause
VMM Entry?
• VMM designers are (a bit) lucky:
– Many Guest accesses to physical resources
cause trap in non-privileged mode
– So, running the OS in non-privileged mode
suffices
• BUT some instructions behave differently
(without trapping) in privileged and nonpriv mode
• e.g. Intel “Store into Flags”
COMP25212
8
Memory Accessing in
Virtualization
Virtual Address
OS Page Tables
(+ TLBs for
efficiency)
Physical Address
Unvirtualized
Virtual
Address
OS Page
Tables
VMMPage
Tables
Physical Address
TLBs ??
Virtualized
COMP25212
9
Interfacing Guest OS
and VMM
• Three solutions today:
a) Software (static)
b) Software (dynamic)
c) Hardware (dynamic)
COMP25212
10
ParaVirtualization
Modify Guest OS to be Virtualization-aware:
a)call VMM for all privileged operations
b)cooperate with VMM over shared page
tables
c)call VMM for input-output
Advantages? Disadvantages?
COMP25212
11
Detect and Fix
Interfaces in VMM
• Detection:
– Write-protect Guest OS page tables
– Code-scan (Dynamic Binary Translation?)
Guest OS for unsafe instructions – plant traps
• Fixing:
– Use write-error trap to detect guest page-table
writes
– Provide “shadow page tables” for hardware
TLBs
– Use “illegal instruction” and “trap” traps
COMP25212
12
Detect and Fix Interfaces
in Hardware
• Requirement:
– VMM runs more-privileged than Guest OS
• Hardware provides Application/OS and VMM
modes
• When Virtualization is active, all OS accesses
to physical resources trap to VMM
Advantages? Disadvantages?
COMP25212
13
The Manchester
Solution
• … watch this space
• … or help make it happen!
COMP25212
14