virtual_machines by shimeiyan3

VIEWS: 26 PAGES: 19

									     Virtual Machines




                         Fred Kuhns
        (fredk@arl.wustl.edu, http://www.arl.wustl.edu/~fredk)

Department of Computer Science and Engineering
      Washington University in St. Louis




                          Washington
                     WASHINGTON UNIVERSITY IN ST LOUIS
                          Layers of Abstraction
• Abstraction
   –   used to manage complexity
   –   typically defined in layers
   –   each layer has a well defined interface
   –   lowest layers implemented in hardware
   –   higher layers implemented in software
• Hardware/software boundary
   – abstraction layer where software directly manipulates hardware
     components
• Machine: denotes the system on which software is
  executed.
   – to an operating system this is generally the physical system
   – to an application program a machine is defined by the conbination
     of hardware and OS implemented abstractions

 Fred Kuhns (2/18/2010)     CSE522– Advanced Operating Systems     2
                          Traditional systems
• Interfaces
   – Abstraction layers have well defined interfaces
   – A processors instruction set defines such an interface: IA-32,
     IBM PowerPC, ARM
   – A platform’s ABI defines another: SVR4 Application Binary
     Interface and it’s i386 specialization.
• Assume one operating system instance controls all
  resources
• Hardware implementation affects OS abstractions
• Physical resources managed by a single entity (OS or
  executive) and shared amongst all users




 Fred Kuhns (2/18/2010)    CSE522– Advanced Operating Systems     3
                             Virtualization
• Virtualization: defines an isomorphism that maps a virtual
  guest system to a physical host
   – Virtualization is not the same as abstraction since it does not
     necessarily simplify interfaces or hide information.
• Adds another degree of freedom by enabling multiple
  resource managers and controlled sharing.
   – Adds a level of indirection
• Can virtualize a single resource (DRAM, Disks) or an
  entire system (machine).
   – may create one or more virtual objects.
• Virtual Machine: Add virtualization layer which
  transforms the physical machine into the desired virtual
  architecture.


 Fred Kuhns (2/18/2010)   CSE522– Advanced Operating Systems           4
                         Virtual Machines
  • Multiple virtual machine instances on a single
    physical host
        – fault tolerance
        – isolated OS instances
        – virtual servers
  • Use emulation to support different instruction set
    architectures such as Intel IA-32, PowerPC etc
  • Support novel architectures
  • Support for high-level language virtual machines
    (Java)




Fred Kuhns (2/18/2010)   CSE522– Advanced Operating Systems   5
                          Computer Architecture
• Defined by a specification
    – interface
    – behavior
• An architecture may have many implementations
    – low power consumption
    – high performance
• Abstraction levels correspond to hardware and software
  implementation layers, each with its own specification
    – software: run-time system libraries, OS system calls
    – hardware: device controllers, I/O devices, memory architecture,
      system bus, ISA
• Hardware/software boundary is defined by the Instruction Set
  Architecture (ISA)
    – user ISA: portion of architecture visible to an application program
    – system ISA: portion of architecture visible to the supervisor software


 Fred Kuhns (2/18/2010)     CSE522– Advanced Operating Systems            6
                          Programming Interfaces
• Application Binary Interface (ABI): defines program
  interface to the hardware resources and services
   – set of all user instructions
         • system instructions are not included in the ABI
         • user instructions allow program direct access to hardware
   – system call interface
         • indirect interface for accessing shared system resources and
           services
         • implemented by the system software
• Application Programming Interface
   – defined in terms of a high-level language (HHL)
   – typically implemented as a system library and defined at the
     source level (for example libc which is linked into program’s
     address space)
   – specifies operations available by system which are implemented
     by the operating system or other system software


 Fred Kuhns (2/18/2010)      CSE522– Advanced Operating Systems           7
                          Virtual Machine Basics
• Process perspective: The system ABI defines the interface
  between the process and machine
    – user-level hardware access: logical memory space, user-level registers
      and instructions
    – OS mediated: Machine I/O or any shared resource or operations
      requiring system privilege.
• Operating system perspective: ISA defines the interface between
  OS and machine
    – system is defined by the underlying machine
    – direct access to all resources
    – manage sharing
• Virtual machine executes software (process or operating system) in
  the same manner as target machine
    – Implemented with both hardware and software
    – VM resources may differ from that of the physical machine
    – Generally not necessary for VM to have equivalent performace

 Fred Kuhns (2/18/2010)     CSE522– Advanced Operating Systems            8
                                   Virtual Machines
•   Virtualization
      – Representing the virtual machine’s resources
            • mapping of virtual resources or state to the real resources of the underlying machine
      – Emulate the virtual machine’s ABI or ISA
            • implement virtual instructions or system calls with the underlying real machine
              instructions or operating system calls.
•   Process virtual machine: supports an individual process
      – Emulates user-level instructions and operating system calls
      – Virtualizing software placed at the ABI layer
•   System Virtual Machines: emulates the target hardware ISA
      – guest and host environment may use the same ISA
•   Terminology
      –   Host: underlying hosting system
      –   Guest: software running in the virtualized environment
      –   Native: The virtual machine’s corresponding real machine
      –   runtime: virtualizing software in process-oriented VMs.
      –   virtual machine monitor: virtualizing software in system virtual machines
•   Virtual machines can provide emulation, optimization and replication
      – emulation: cross platform compatibility
      – optimization: by considering implementation specific information
      – replication: making a single resource or platform appear as many


    Fred Kuhns (2/18/2010)         CSE522– Advanced Operating Systems                             9
                        System Virtual Machines
•   Early example: early time-sharing systems which multiplexed programs on
    the computer system
      – basic process virtual machine
      – each application program ran as a process in it's own virtualized environment
•   System virtual machines apply similar techniques to provide a complete
    virtual system
      – each virtual system runs its own operating system
      – each OS instance is presented with a complete virtual system
      – OS instance manages assigned virtual resources as through they are physical
        devices/systems.
•   Host platform runs a layer of software which create the virtual resources
    and manages sharing for guest VMs
•   VMM owns the real resources and manages shared access
      – physical resources are shared in time or space
      – emulate if no matching physical resource
•   Without loss in generality we will assume the host and guest ISA are the
    same.
      – If not then additional work must be performed to emulate instruction set and
        resources.


    Fred Kuhns (2/18/2010)     CSE522– Advanced Operating Systems                       10
                                       Uses
• Implement multiprogramming: multiple single-user virtual machine
  instances. IBM System/370 used this approach to provide time-
  sharing behavior with each VM running a simple single-user OS
  (Conversational Monitor System or CMS)
• Multiple single-application VMs: Dedicates a VM for each application
  program, uses a general purpose OS.
• Multiple secure environments: VM creates sandbox to isolate
  environments and security domains.
• Manage application environment: Install core applications in one VM
  then create per user VMs for them to load their own apps.
• Mixed-OS environments: Single hardware platform can support
  multiple Operating System environments.
• Legacy applications: Dedicate VMs for legacy applications.
• Multiplatform applications development: One hardware platform
  with VMs providing emulation of alternative hardware.
• New system transition: Staged or gradual migration (opposite of
  legacy support).

  Fred Kuhns (2/18/2010)   CSE522– Advanced Operating Systems      11
                                      Uses
• System software development: For testing or developing
  new system software in a protected environment.
• Operating system training: Run OS instance in a VM so
  parameter or configuration adjustments do not affect
  rest of system
• Help desk support: Use VM to replicate user environment
• Operating system instrumentation: Can monitor hardware
  access or low level software abstractions
• Event monitoring: execution traces, machine state dumps
  and replaying of traces
• System encapsulation: Check pointing system state and
  restarting on same or different machine.


 Fred Kuhns (2/18/2010)   CSE522– Advanced Operating Systems   12
                  Maintaining Control of Hardware
• Each VM has associated hardware state, similar to how a process
  has associated hardware state
    – VMM switches context between VMs by “swapping” the hardware
      context state
• A VMM has two mechanisms for gaining control of the processor
  (and thus of the hardware resources)
    – use interval timer: permits time-sharing of processor (or other
      resources) among the VM instances
    – emulate all privileged ISA instructions: enables isolation between VMs
      and provides mechanism for VMM when resources are manipulated
• Note, this implies that the VMM must also emulate the interval
  timer
    – must not allow VM direct access for writing or reading
    – responsible for the notion of virtual time and how warping
• VMM attempts to be fair across all VMs may ultimately cause it to
  be unfair to individual VM instances
    – for example, a VM requests a timer interrupt every 1 ms but the VMM
      changes this to at worst every 500 ms (when it may get 500 updates).

  Fred Kuhns (2/18/2010)   CSE522– Advanced Operating Systems              13
                                VM Systems
• Native VM System
   – Some part of the VMM must run at the highest privilege level of the
     system
         • Each guest VM’s kernel (the trusted system software) “perceives” itself as
           running with the highest privilege level.
         • The VMM runs with the highest “real” privilege level so that it may manage
           the resources and ensure isolation
         • So the VMM runs in system-mode and the guest OS runs either in the user-
           mode or a reduced system privilege level (platform dependent)
   – The VMM must emulate the system-mode privilege level for the quest
     OS
• Hosted VM system
   – VMM is installed within an operating system already running on a
     hardware platform
   – VMM manages resources using the existing OS
• User-mode VM system:
   – VMM implemented entirely at the user-level
• Dual-mode VM system
   – Part of the VMM functionality implemented at user level
   – leverage existing mechanisms to extend OS functionality to run
     portions of the VMM within the host OS (for example using kernel
     divers)
 Fred Kuhns (2/18/2010)     CSE522– Advanced Operating Systems                     14
             Resource Virtualization - Processors
• Conditions for ISA Virtualization
  G. J. Popek, R. P. Goldberg, “Formal Requirements for Virtualizable Third-
  Generation Architectures”, Communications of the ACM (July), pp 412-421,
  1974
   – Defined for Native Systems with VMM operting in system mode
      (most privileged)
   – VMM must keep track of the “virtual” mode (virtual user-mode,
      virtual system-mode) but must set actual mode of guest software
      to user-mode.
• Assumptions (may be extended to include I/O):
   1) Single processor and uniform memory access
   2) Processor has two operational modes (user and system mode)
   3) Subset of instructions are only available in system mode.
   4) Memory addressing is relative to relocation registers (paged
      memory satisfies this assumption).

 Fred Kuhns (2/18/2010)   CSE522– Advanced Operating Systems             15
                             Processor Virtualization
•   Virtual machine modeled as the 4-tuple S = <E, M, P, R>
      –   E - executable storage
      –   M - operational mode
      –   P - Program counter
      –   R - memory relocation registers (base and bounds)
•   Memory trap occurs if program accesses memory outside of R (specified
    bounds)
      – trap automatically saves machine state: M, P, R
      – The copies new machine state into M, P and R
•   Privileged instructions also cause a trap if executed in user mode
      – It is not sufficient that an instruction have different behaviors in system and
        user modes. A trap must result if in user mode.
      – Guest operating systems and their applications must both operate in user mode
•   Categorizing Instructions
      – Control sensitive - instructions which may change the configuration of system
        resources (e.g., the current page table register)
      – Behavior sensitive - instructions whose behavior or results depend on the
        configuration of resources or operational mode (e.g., load instruction which
        depends on the page table in use)
      – Innocuous - all remaining instructions.

    Fred Kuhns (2/18/2010)      CSE522– Advanced Operating Systems                      16
                          Functions of a VMM
• Dispatcher - system interrupts/traps are first
  processed by the dispatcher module. It in turn
  “dispatches” or demuxes the event to the appropriate
  handler
• Allocator - Invoked by the dispatcher when the event
  requires system resource configuration changes.
   – Control sensitive operations which change resource allocations
     are directed to allocator
   – Implements the resource allocation and sharing policies of the
     VMM
• Interpreter routines - emulates privilege instructions not
  affecting current allocations
   – emulates privileged instructions operating on virtual resources.



 Fred Kuhns (2/18/2010)    CSE522– Advanced Operating Systems         17
                   Properties of an Efficient VMM
• Efficiency : Innocuous instructions must be executed natively
  (directly) on the hardware.
• Resource control : Guest VM must not be able to directly change the
  configuration of system resources (only the virtual resources
  assigned to it)
• Equivalence : Any program executing on a VM must behave identically
  to the way it would behave running natively on a dedicated hardware
  platform.
    – There are a few exception to this rule:
          • Reduced performance due to emulation is OK
          • May be a limitation on total available resources
          • Differences in timing relationships are OK
• Theorem: For any conventional third-generation computer, a virtual
  machine monitor may be constructed if the set of sensitive
  instructions is a subset of the set of privileged instructions
    – VMM must interpret sensitive instructions in terms of the current
      Virtual Machine’s state (i.e. the Guest VM’s state and virtual
      user/system mode)
    – If a privileged instruction is executed by a VM operating in virtual user-
      mode then a virtual trap is sent to the guest VM’s OS.


  Fred Kuhns (2/18/2010)      CSE522– Advanced Operating Systems             18
                          Theorem Not Satisfied
• There are sensitive instructions which are not also
  privileged
   – Intel IA-32 POPF instructions behaves differently when
     executed in system mode versus user mode. It is not a privileged
     instruction
   – IA-32 has 17 critical instructions
• VMM must use interpretation or emulation to detect and
  handle these critical instructions (sensitive but not
  privileged)
• VMM may scan object code and just replace these
  critical instructions with a trap to the VMM (aka
  patching)
   – similar operation as dynamic binary translation



 Fred Kuhns (2/18/2010)     CSE522– Advanced Operating Systems    19

								
To top