27. Full Virtualization Flashcards

1
Q

What does it mean for an operating system to run on a physical machine?

A

Real hardware resources that the operating system has exclusive access to through hardware interfaces
(instructions set architectures, device I/O ports, etc)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a guest OS?

A

An operating system running inside a virtual machine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How do virtual machines differ from physical machines?

A

They do not provide the guest OS with exclusive access to the underlying physical machine

Equivalently, the do not provide the guest OS with privileged (or fully-privileged access to the physical machine)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the virtual machine monitor (VMM)?

A

A piece of software running on an operating system (the host OS) that can allow another operating system (the guest OS) to be run as an application alongside other applications.

When we said that the operating system was really just another program, we weren’t kidding!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are four problems with coupling hardware resources with operating systems?

A
  1. Hard to run multiple operating systems on the same machine.
  2. Difficult to transfer software setups to another machine, unless it has identical or nearly identical hardware
  3. Messy to adjust hardware resources to system needs. Requires sticking your hand in the box and mucking around
  4. Requires static, up-front provision of machine resources
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are four issues that operating systems create around “isolation”?

A
  1. Operating systems “leak” a lot of information between processes through the file system and other channels
  2. Multiple applications may require specific (and conflicting) software packages to run
  3. Certain applications may have very specific operating systems configuration and tuning requirements
  4. In some cases, software vendors will not provide support if you are running their precious application alongside anything else
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are three reasons why we use virtualization?

A
  1. We can package and distribute an entire software development environment which can be used and discarded
  2. We can dynamically divide up one large machine into multiple smaller machines, each running a different operating system and applications.
  3. We can easily replicate an entire machine image in order to duplicate or move it
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the three approaches to virtualization discussed in class?

A

Full virtualization, paravirtualization, and container virtualization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is full virtualization?

A

Should be able to run an unmodified guest OS.

Example: VirtualBox

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is paravirtualization?

A

Includes small changes to the guest OS to improve interaction with the virtual machine monitor.

Examples: Xen, Amazon EC2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is container virtualization?

A

Namespace and other isolation techniques performed by the OS to isolate sets of applications from each other

Ex: Docker (with augmentations)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the goal of full virtualization?

A

Run an unmodified OS and applications in a VM which is itself running on a host OS and potentially next to other VMs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Why is VMware special?

A

They are the best-known provider of full virtualization software solutions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Why is it hard to achieve full virtualization (unmodified running of an OS on a VM alongside other VMs)?

A

Two issues:

  1. How do we handle traps by applications running in the guest OS?
  2. Guest OS will try to execute privileged instructions!
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What happens if we run a guest OS with kernel privileges?

A

Privileged instructions work as expected, but guest has access to the entire machine! (this violates safety)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What happens if we run the Guest OS with user privileges?

A

Now we need to figure out how to deal with privileged kernel instructions…

17
Q

Ideally, when privileged instructions are run by the guest OS at user privilege level, these three things happen:

A
  1. The CPU traps the instruction due to a privilege violation
  2. The trap is handled by the VMM
  3. Assuming the guest OS is doing something legitimate, the VMM adjusts the VM state and continues the guest OS

This approach is referred to as trap and emulate

18
Q

What does the VMM do with traps that occur within the virtual machine?

A

If the trap is caused by an application, pass the trap to the guest OS

If the trap is caused by the guest OS, handle the trap by adjusting the state of the virtual machine

19
Q

What happens when an application running inside the virtual machine makes a system call?

A
  1. syscall: host OS vectors trap to VMM
  2. VMM inspects trap, identifies it as a system call, and passes control and arguments to the guest OS trap handling code
  3. rfe: when the guest OS is done, it will also tra back to the VMM by executing a privileged instruction
  4. VMM will pass arguments back to the process that originated the system call
20
Q

What happens when a process inside the virtual machine creates a TLB fault?

A
  1. Trap to the host OS
  2. Hand trap to the VMM
  3. VMM inspects trap, sees that it was generated by the application, passes control to the guest OS
  4. Guest OS begins handling the TLB fault, tries to load an entry into the TLB
  5. Trap to the host OS
  6. Hand trap to the VMM
  7. VMM inspects trap, sees that it was generated by the guest OS, adjusts the state of the virtual machine appropriately
21
Q

What is actually being virtualized in hardware virtualization?

A

The hardware interface

22
Q

What is the hardware interface?

A

Load and store

23
Q

How do we ensure safety when dealing with the hardware interface?

A

Translate every unprivileged memory access

24
Q

How do we get good performance when translating unprivileged memory accesses?

A

Cache translations in the TLB

25
Q

What is the interface for full hardware virtualization?

A

All instructions executed on the processor that modify the state of the machine

26
Q

How do we ensure safety when dealing with full hardware interface?

A

Intercept or rewrite unsafe instructions that could “pierce” the VM

27
Q

How do we get good performance when intercepting or rewriting unsafe instructions in full hardware virtualization?

A

Allow safe instructions to run directly on the physical hardware (or “bare metal”)

28
Q

Why is the x86 architecture not (or was not) classically virtualizable?

A

Some instructions did not trap correctly, and others had different side effects when run in kernel or user mode.

29
Q

What was VMware’s solution to x86 not being classically virtualizable?

A

Binary translation:

During guest OS execution, scan code pages for non-virtualizable instructions and rewrite them to safe instruction sequences.

Also, cache translations to improve performance