logging in or signing up virtualization aSGuest93141 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 301 Category: Science & Tech.. License: All Rights Reserved Like it (3) Dislike it (0) Added: April 04, 2011 This Presentation is Public Favorites: 0 Presentation Description virtualization Comments Posting comment... Premium member Presentation Transcript Virtualization & Techniques: Virtualization & Techniques 1Outline: 2 Outline History of techniques Popek & Goldberg Classic Virtualization Trap-and-Emulate x86 architecture Hardware Virtualization Intel VT & AMD SVMDefinition of Virtualization: Definition of Virtualization The abstraction of computer resources A technique for hiding the physical characteristics of computing resources from the way in which other systems, applications, or end users interact with those resources 3 Purposes Abstraction - To simplify the use of the underlying resource Replication - To create multiple instances of the resource Isolation - To separate the uses which clients make of the underlying resourcesAbstraction: Abstraction Computer systems are built on levels of abstraction. 4 Higher level of abstraction hide details at lower levels. Ex) Files are an abstraction of a diskMachine (1/3): Machine (1/3) Different perspectives on what the machine is: OS developer 5 ISA Instruction Set Architecture Major division between hardware and software ISAMachine (2/3): Machine (2/3) Different perspectives on what the machine is: Compiler developer 6 ABI Application Binary Interface User ISA + OS calls ABIMachine (3/3): Different perspectives on what the machine is: Application programmer Machine (3/3) 7 API Application Program Interface User ISA + library calls API OS Vs VMM (1/6): OS Vs VMM (1/6) Virtual machine monitor (VMM) or hypervisor is software that supports VMs. VMM determines how to map virtual resources to physical ones. Physical resource may be time-shared, partitioned, or emulated in software. 8 OS Vs VMM (2/6): OS Vs VMM (2/6) By adding Virtualizing Software to a Machine , we can create a Virtual Machine (VM) Processes or operating systems can run on a VM Guest : The process or system that runs on a VM Host : The underlying platform that supports the VM 9VMM Types: VMM Types 10 Process: Provides API interface System: Provides ABI interface OS Vs VMM (3/6): OS Vs VMM (3/6) 11 OS sits between h/w and app OS hardware firefox iTunes emacs syscall h/w interface (intel manuals) Have total control of the system, which makes it impossible for two or more operating systems to be executing concurrently on the same platform. OS Vs VMM (4/6): OS Vs VMM (4/6) 12 VMM virtualizes hardware interface guest OS hardware firefox iTunes emacs syscall h/w interface guest OS firefox iTunes emacs syscall h/w interface h/w interface Virtual machine monitor total control’ is taken away from them by a new layer of control- software: the VMM OS Vs VMM (5/6): OS Vs VMM (5/6) 13 VMM hosted architecture Host OS hardware app syscall h/w interface (intel manuals) Guest OS app app app syscall h/w interface Virtual machine monitor Have no –control to Machine but can provide an execution environment (virtual hardware) for OS. OS Vs VMM (6/6): OS Vs VMM (6/6) OS provides a virtual execution environment for processes. VMM provides a virtual execution environment (virtual hardware) for OS. VMM much smaller than a traditional OS. 14Evolution Chain: Evolution Chain 15 Classic Virtualization (Popek & Goldberg) System Virtualization Trap-and-emulate VMM / Guest OS Interface Hardware / VMM Interface Enhancement Software Virtualization (VMware) Binary Translation New Approach Para-virtualization (Xen) … Hardware Support for Virtualization (Intel VT & AMD SVM) …Slide 16: Classic Virtualization Trap-and-Emulation Hardware Virtualization Intel VT & AMD SVM 16Popek and Goldberg: Popek and Goldberg “Formal Requirements for Virtualizible Third Generation Architectures” Communications of the ACM, Volume 17, Issue 7, July 1974. This paper puts forth a very simple principle that must be observed in order for a CPU to be capable of running in a Virtual machine. The most important result in computer science ever to be persistently ignored . (wait for few slide to know the reason) 17Popek and Goldberg – VMM: Popek and Goldberg – VMM Virtual Machine Monitor (VMM) An efficient, isolated duplicate of the real machine. Essential characteristics to be considered a VMM Equivalence Software on the VMM executes identically to its execution on hardware, barring timing effects. OR Running on VMM == Running directly on HW Performance Non – Privileged instructions can be executed directly by the real processor, with no software intervention by the VMM. OR Performance on VMM == Performance on HW Resource control The VMM must have complete control of the virtualized resources. 18 Hardware VM VMMPopek and Goldberg – Instruction Types: Popek and Goldberg – Instruction Types Instruction types Privileged Instructions (PI) Instructions that generate a trap when executed in any but most- privileged level. Example: LIDT (load interrupt descriptor table) Sensitive Instructions (SI) Instructions whose behavior depends on the current privilege level Example: POPF (pops the stack to EFLAGS) In user mode, the “Interrupt Enable” bit of the ELAGS register is not over-written In system mode, the value is blindly copied 19Popek and Goldberg TH-1 (1/2): Popek and Goldberg TH-1 (1/2) Theorem 1 . For any conventional third-generation computer, a VMM may be constructed if the set of sensitive instructions for that computer is a subset of the set of privileged instructions. 20 USER USER PI PI SI SI ISA is Virtualizable ISA is NOT VirtualizablePopek and Goldberg TH-1 (2/2): Popek and Goldberg TH-1 (2/2) To build a VMM it is sufficient that all instructions that could affect the correct functioning of the VMM (sensitive instructions) always trap and pass control to the VMM. Guarantees the resource control property.(VMM is in Ring 0) Non-privileged instructions must be executed without VMM intervention. (EX :ADD ,SUM) The holding of the equivalence property also follows.(output of the code is same in both cases because we are not changing the code) 21Popek and Goldberg: Popek and Goldberg Theorem 2 . A conventional third-generation computer is recursively virtualizable if 1) it is virtualizable and 2) a VMM without any timing dependencies can be constructed for it. performance of the VMM running on the real machine and under other VMMS will be in-distinguishable. (by TH-2 point 2) Resource bound limits the depth (number of nested VMMS) or recursion. 22Classic Virtualization: Classic Virtualization Important strategies from classical VMM implementation De-privileging Shadow structures Traces 23De-privileging (Ring Compression): De-privileging (Ring Compression) Run privileged guest OS code at user-level All privileged instructions can be made to trap when executed in an unprivileged context. Privileged instructions trap, and emulated by VMM The VMM intercepts traps from the de-privileged guest, and emulates the trapping instruction against the virtual machine state. 24 OS apps kernel mode user mode virtual machine monitor OS appsTrap and Emulate (1/3): Trap and Emulate (1/3) (OS –>privileged mode) (User Process->user mode) 25 Physical M/C Kernel (Privileged mode) User Process (User Mode) Non-Privileged Syscall /Exception Privileged TRAP Exception Handler InterpretTrap and Emulate (2/3): 26 26 Physical M/C Kernel (User- mode) User Process (User Mode) Privileged TRAP Virtual M/c Monitor (Privileged mode) Trap Handler (OS -> User mode) (VMM -> privileged mode) Trap and Emulate (2/3)Trap and Emulate (3/3): Trap and Emulate (3/3) Considered the only practical method for virtualization until a recent. Related to the processor virtualization Goal Process normal instructions as fast as possible Forward privileged instructions to emulation routines Handling Instructions Normal instructions run directly on processor. Privileged instructions trap into the VMM. The VMM emulates the effect of the privileged instructions for the guest OS. 27Trap and Emulate – Sequence: Trap and Emulate – Sequence Handling Privileged Instructions Instruction trap invokes VMM dispatcher. Dispatcher calls instruction routine. Changes mode to supervisor Emulates instruction Computes return target Restores mode to user Jumps to target 28Classic Virtualization: Classic Virtualization Important strategies from classical VMM implementation De-privileging Shadow structures Traces 29Primary and Shadow Structures: Primary and Shadow Structures Primary/shadow structures: VMM maintains “shadow” copies of critical structures whose “primary” versions are manipulated by the GuestOS . e.g., page tables Primary copies needed to insure correct environment visible to GuestOS 30 VMM OS OS Applications Applications User mode Kernel mode Primary Page table Shadow page table Shadow page tableMemory Traces(1/2): Memory Traces(1/2) How we can maintain coherency of shadow structures? Write-protect primary copies so that update operations cause page faults which can be caught, interpreted, and emulated. To maintain coherency of shadow structures, VMM typically use hardware page protection mechanisms to trap accesses to in-memory primary structures. EX ) Guest PTEs for which shadow PTEs have been constructed may be write-protected. This page-protection technique is known as tracing. 31Memory Traces(2/2): Memory Traces(2/2) Classical VMMs handle a trace fault similarly to a privileged instruction fault by: Decoding the faulting guest instruction. Emulating its effect in the primary structure. And propagating the change to the shadow structure. 32 VMM OS OS Applications Applications User mode Kernel mode Primary Page table Shadow page table Shadow page table PHYSICAL M/C TRAP PFH Updated UpdatedClassic Virtualization (1/2): Classic Virtualization (1/2) Architectural Obstacles Traps are expensive. (~3000 cycles) Many traps are unavoidable. (ex. Page faults) Not all architectures support the trap-and-emulate. (x86) This additional processing however makes this VMM less efficient in theory . (this is the reason why classic -virtu is not a best option till 2006) But hardware traps have non-negligible performance cost (used in Intel VT). 33Classic Virtualization (2/2): Classic Virtualization (2/2) Enhancements Exploits flexibility in the VMM/guest OS interface Reduce traps → Paravirtualization (Xen) Exploits flexibility in the hardware/VMM interface Hardware VM modes (IBM s370) Interpretive execution A hardware execution mode for running guest OSes → Intel VT & AMD SVM 34x86 architecture(1/4): x86 architecture(1/4) Can x86 Trap and Emulate? No Even with 4 execution modes! Key problem: Lack of traps when privileged instructions run at user-level(dual-purpose instructions don’t trap). 35 Level-0 Level-2 Level-1 Level-3 OS (Highest priv) OS services (device deriver) Application (Lowest priv)x86 architecture(2/4): x86 architecture(2/4) Classic Example: popf instruction Same instruction behaves differently depending on execution mode. User Mode : changes ALU flags Kernel Mode : changes ALU and system flags Does not generate a trap in user mode(acting as a non–priv instruction in user mode). 36x86 architecture(3/4): x86 architecture(3/4) Visibility of privileged state: The guest can observe that it has been deprivileged when it reads its code segment selector (%cs) since the current privilege level (CPL) is stored in the low two bits of %cs. 37 CPLx86 architecture(4/4): x86 architecture(4/4) Historically lacked hardware support for virtualization Until recently, the x86 architecture has not permitted classical trap-and-emulate virtualization. VMMs for x86 have instead used binary translation of the guest kernel code. The software VMMs, VMware Workstation and Virtual PC, use binary translation to fully virtualize x86. 38Slide 39: Classic Virtualization Trap-and-Emulation Hardware Virtualization Intel VT & AMD SVM 39Hardware Virtualization(1/2) : Hardware Virtualization(1/2) Hardware virtualization is a common name for two independent but very similar technologies by Intel and AMD which are aimed to improve the processor performance for common virtualization challenges like translating instructions and memory addresses. 40Hardware Virtualization(2/2) : Hardware Virtualization(2/2) AMD virtualization is called AMD-V , and Intel virtualization is known as Intel VT or IVT . permit classical virtualization of the x86. Reduce memory requirements (translated code , shadow tables). 41Slide 42: 42 You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
virtualization aSGuest93141 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 301 Category: Science & Tech.. License: All Rights Reserved Like it (3) Dislike it (0) Added: April 04, 2011 This Presentation is Public Favorites: 0 Presentation Description virtualization Comments Posting comment... Premium member Presentation Transcript Virtualization & Techniques: Virtualization & Techniques 1Outline: 2 Outline History of techniques Popek & Goldberg Classic Virtualization Trap-and-Emulate x86 architecture Hardware Virtualization Intel VT & AMD SVMDefinition of Virtualization: Definition of Virtualization The abstraction of computer resources A technique for hiding the physical characteristics of computing resources from the way in which other systems, applications, or end users interact with those resources 3 Purposes Abstraction - To simplify the use of the underlying resource Replication - To create multiple instances of the resource Isolation - To separate the uses which clients make of the underlying resourcesAbstraction: Abstraction Computer systems are built on levels of abstraction. 4 Higher level of abstraction hide details at lower levels. Ex) Files are an abstraction of a diskMachine (1/3): Machine (1/3) Different perspectives on what the machine is: OS developer 5 ISA Instruction Set Architecture Major division between hardware and software ISAMachine (2/3): Machine (2/3) Different perspectives on what the machine is: Compiler developer 6 ABI Application Binary Interface User ISA + OS calls ABIMachine (3/3): Different perspectives on what the machine is: Application programmer Machine (3/3) 7 API Application Program Interface User ISA + library calls API OS Vs VMM (1/6): OS Vs VMM (1/6) Virtual machine monitor (VMM) or hypervisor is software that supports VMs. VMM determines how to map virtual resources to physical ones. Physical resource may be time-shared, partitioned, or emulated in software. 8 OS Vs VMM (2/6): OS Vs VMM (2/6) By adding Virtualizing Software to a Machine , we can create a Virtual Machine (VM) Processes or operating systems can run on a VM Guest : The process or system that runs on a VM Host : The underlying platform that supports the VM 9VMM Types: VMM Types 10 Process: Provides API interface System: Provides ABI interface OS Vs VMM (3/6): OS Vs VMM (3/6) 11 OS sits between h/w and app OS hardware firefox iTunes emacs syscall h/w interface (intel manuals) Have total control of the system, which makes it impossible for two or more operating systems to be executing concurrently on the same platform. OS Vs VMM (4/6): OS Vs VMM (4/6) 12 VMM virtualizes hardware interface guest OS hardware firefox iTunes emacs syscall h/w interface guest OS firefox iTunes emacs syscall h/w interface h/w interface Virtual machine monitor total control’ is taken away from them by a new layer of control- software: the VMM OS Vs VMM (5/6): OS Vs VMM (5/6) 13 VMM hosted architecture Host OS hardware app syscall h/w interface (intel manuals) Guest OS app app app syscall h/w interface Virtual machine monitor Have no –control to Machine but can provide an execution environment (virtual hardware) for OS. OS Vs VMM (6/6): OS Vs VMM (6/6) OS provides a virtual execution environment for processes. VMM provides a virtual execution environment (virtual hardware) for OS. VMM much smaller than a traditional OS. 14Evolution Chain: Evolution Chain 15 Classic Virtualization (Popek & Goldberg) System Virtualization Trap-and-emulate VMM / Guest OS Interface Hardware / VMM Interface Enhancement Software Virtualization (VMware) Binary Translation New Approach Para-virtualization (Xen) … Hardware Support for Virtualization (Intel VT & AMD SVM) …Slide 16: Classic Virtualization Trap-and-Emulation Hardware Virtualization Intel VT & AMD SVM 16Popek and Goldberg: Popek and Goldberg “Formal Requirements for Virtualizible Third Generation Architectures” Communications of the ACM, Volume 17, Issue 7, July 1974. This paper puts forth a very simple principle that must be observed in order for a CPU to be capable of running in a Virtual machine. The most important result in computer science ever to be persistently ignored . (wait for few slide to know the reason) 17Popek and Goldberg – VMM: Popek and Goldberg – VMM Virtual Machine Monitor (VMM) An efficient, isolated duplicate of the real machine. Essential characteristics to be considered a VMM Equivalence Software on the VMM executes identically to its execution on hardware, barring timing effects. OR Running on VMM == Running directly on HW Performance Non – Privileged instructions can be executed directly by the real processor, with no software intervention by the VMM. OR Performance on VMM == Performance on HW Resource control The VMM must have complete control of the virtualized resources. 18 Hardware VM VMMPopek and Goldberg – Instruction Types: Popek and Goldberg – Instruction Types Instruction types Privileged Instructions (PI) Instructions that generate a trap when executed in any but most- privileged level. Example: LIDT (load interrupt descriptor table) Sensitive Instructions (SI) Instructions whose behavior depends on the current privilege level Example: POPF (pops the stack to EFLAGS) In user mode, the “Interrupt Enable” bit of the ELAGS register is not over-written In system mode, the value is blindly copied 19Popek and Goldberg TH-1 (1/2): Popek and Goldberg TH-1 (1/2) Theorem 1 . For any conventional third-generation computer, a VMM may be constructed if the set of sensitive instructions for that computer is a subset of the set of privileged instructions. 20 USER USER PI PI SI SI ISA is Virtualizable ISA is NOT VirtualizablePopek and Goldberg TH-1 (2/2): Popek and Goldberg TH-1 (2/2) To build a VMM it is sufficient that all instructions that could affect the correct functioning of the VMM (sensitive instructions) always trap and pass control to the VMM. Guarantees the resource control property.(VMM is in Ring 0) Non-privileged instructions must be executed without VMM intervention. (EX :ADD ,SUM) The holding of the equivalence property also follows.(output of the code is same in both cases because we are not changing the code) 21Popek and Goldberg: Popek and Goldberg Theorem 2 . A conventional third-generation computer is recursively virtualizable if 1) it is virtualizable and 2) a VMM without any timing dependencies can be constructed for it. performance of the VMM running on the real machine and under other VMMS will be in-distinguishable. (by TH-2 point 2) Resource bound limits the depth (number of nested VMMS) or recursion. 22Classic Virtualization: Classic Virtualization Important strategies from classical VMM implementation De-privileging Shadow structures Traces 23De-privileging (Ring Compression): De-privileging (Ring Compression) Run privileged guest OS code at user-level All privileged instructions can be made to trap when executed in an unprivileged context. Privileged instructions trap, and emulated by VMM The VMM intercepts traps from the de-privileged guest, and emulates the trapping instruction against the virtual machine state. 24 OS apps kernel mode user mode virtual machine monitor OS appsTrap and Emulate (1/3): Trap and Emulate (1/3) (OS –>privileged mode) (User Process->user mode) 25 Physical M/C Kernel (Privileged mode) User Process (User Mode) Non-Privileged Syscall /Exception Privileged TRAP Exception Handler InterpretTrap and Emulate (2/3): 26 26 Physical M/C Kernel (User- mode) User Process (User Mode) Privileged TRAP Virtual M/c Monitor (Privileged mode) Trap Handler (OS -> User mode) (VMM -> privileged mode) Trap and Emulate (2/3)Trap and Emulate (3/3): Trap and Emulate (3/3) Considered the only practical method for virtualization until a recent. Related to the processor virtualization Goal Process normal instructions as fast as possible Forward privileged instructions to emulation routines Handling Instructions Normal instructions run directly on processor. Privileged instructions trap into the VMM. The VMM emulates the effect of the privileged instructions for the guest OS. 27Trap and Emulate – Sequence: Trap and Emulate – Sequence Handling Privileged Instructions Instruction trap invokes VMM dispatcher. Dispatcher calls instruction routine. Changes mode to supervisor Emulates instruction Computes return target Restores mode to user Jumps to target 28Classic Virtualization: Classic Virtualization Important strategies from classical VMM implementation De-privileging Shadow structures Traces 29Primary and Shadow Structures: Primary and Shadow Structures Primary/shadow structures: VMM maintains “shadow” copies of critical structures whose “primary” versions are manipulated by the GuestOS . e.g., page tables Primary copies needed to insure correct environment visible to GuestOS 30 VMM OS OS Applications Applications User mode Kernel mode Primary Page table Shadow page table Shadow page tableMemory Traces(1/2): Memory Traces(1/2) How we can maintain coherency of shadow structures? Write-protect primary copies so that update operations cause page faults which can be caught, interpreted, and emulated. To maintain coherency of shadow structures, VMM typically use hardware page protection mechanisms to trap accesses to in-memory primary structures. EX ) Guest PTEs for which shadow PTEs have been constructed may be write-protected. This page-protection technique is known as tracing. 31Memory Traces(2/2): Memory Traces(2/2) Classical VMMs handle a trace fault similarly to a privileged instruction fault by: Decoding the faulting guest instruction. Emulating its effect in the primary structure. And propagating the change to the shadow structure. 32 VMM OS OS Applications Applications User mode Kernel mode Primary Page table Shadow page table Shadow page table PHYSICAL M/C TRAP PFH Updated UpdatedClassic Virtualization (1/2): Classic Virtualization (1/2) Architectural Obstacles Traps are expensive. (~3000 cycles) Many traps are unavoidable. (ex. Page faults) Not all architectures support the trap-and-emulate. (x86) This additional processing however makes this VMM less efficient in theory . (this is the reason why classic -virtu is not a best option till 2006) But hardware traps have non-negligible performance cost (used in Intel VT). 33Classic Virtualization (2/2): Classic Virtualization (2/2) Enhancements Exploits flexibility in the VMM/guest OS interface Reduce traps → Paravirtualization (Xen) Exploits flexibility in the hardware/VMM interface Hardware VM modes (IBM s370) Interpretive execution A hardware execution mode for running guest OSes → Intel VT & AMD SVM 34x86 architecture(1/4): x86 architecture(1/4) Can x86 Trap and Emulate? No Even with 4 execution modes! Key problem: Lack of traps when privileged instructions run at user-level(dual-purpose instructions don’t trap). 35 Level-0 Level-2 Level-1 Level-3 OS (Highest priv) OS services (device deriver) Application (Lowest priv)x86 architecture(2/4): x86 architecture(2/4) Classic Example: popf instruction Same instruction behaves differently depending on execution mode. User Mode : changes ALU flags Kernel Mode : changes ALU and system flags Does not generate a trap in user mode(acting as a non–priv instruction in user mode). 36x86 architecture(3/4): x86 architecture(3/4) Visibility of privileged state: The guest can observe that it has been deprivileged when it reads its code segment selector (%cs) since the current privilege level (CPL) is stored in the low two bits of %cs. 37 CPLx86 architecture(4/4): x86 architecture(4/4) Historically lacked hardware support for virtualization Until recently, the x86 architecture has not permitted classical trap-and-emulate virtualization. VMMs for x86 have instead used binary translation of the guest kernel code. The software VMMs, VMware Workstation and Virtual PC, use binary translation to fully virtualize x86. 38Slide 39: Classic Virtualization Trap-and-Emulation Hardware Virtualization Intel VT & AMD SVM 39Hardware Virtualization(1/2) : Hardware Virtualization(1/2) Hardware virtualization is a common name for two independent but very similar technologies by Intel and AMD which are aimed to improve the processor performance for common virtualization challenges like translating instructions and memory addresses. 40Hardware Virtualization(2/2) : Hardware Virtualization(2/2) AMD virtualization is called AMD-V , and Intel virtualization is known as Intel VT or IVT . permit classical virtualization of the x86. Reduce memory requirements (translated code , shadow tables). 41Slide 42: 42