Lecture 11 - Virtual Machines

Question 1

What is the fundamental idea between virtual machines

Answer 1

Fundamental idea – abstract hardware of a single computer into several different execution environments

Similar to layered approach
But layers create virtual system (virtual machine, or VM) on which operating systems or applications can run

Question 2

What are the 3 components of virtual machines?

Answer 2

1. Host – underlying hardware system
2. Virtual machine manager (VMM) or hypervisor – creates and runs virtual machines by providing interface that is identical to the host
   (Except in the case of paravirtualization)
3. Guest – process provided with virtual copy of the host
   Usually an operating system

Question 3

What are the three types of hypervisors?

Answer 3

Type 0 hypervisors - Hardware-based solutions that provide support for virtual machine creation and management via firmware
IBM LPARs and Oracle LDOMs are examples

Type 1 hypervisors - Operating-system-like software built to provide virtualization
Including VMware ESX, Joyent SmartOS, and Citrix XenServer

Type 1 hypervisors – Also includes general-purpose operating systems that provide standard functions as well as VMM functions
Including Microsoft Windows Server with HyperV and RedHat Linux with KVM

Type 2 hypervisors - Applications that run on standard operating systems but provide VMM features to guest operating systems
Including VMware Workstation and Fusion, Parallels Desktop, and Oracle VirtualBox

Question 4

Define paravirtualization

Answer 4

Technique in which the guest operating system is modified to work in cooperation with the VMM to optimize performance

Question 5

Define Programming-environment virtualization

Answer 5

VMMs do not virtualize real hardware but instead create an optimized virtual system
Used by Oracle Java and Microsoft.Net

Question 6

Define Emulators

Answer 6

Allow applications written for one hardware environment to run on a very different hardware environment, such as a different type of CPU

Question 7

Define Application containment

Answer 7

Not virtualization at all but rather provides virtualization-like features by segregating applications from the operating system, making them more secure, manageable

Question 8

Name 6 benefits of VMs

Answer 8

1. Host system protected from VMs, VMs protected from each other
   I.e. A virus less likely to spread
   Sharing is provided though via shared file system volume, network communication
2. Freeze, suspend, running VM
   Then can move or copy somewhere else and resume
   Snapshot of a given state, able to restore back to that state
   Some VMMs allow multiple snapshots per VM
3. Clone by creating copy and running both original and copy
   Great for OS research, better system development efficiency
4. Run multiple, different OSes on a single machine
   Consolidation, app dev, …
5. Templating – create an OS + application VM, provide it to customers, use it to create multiple instances of that combination
6. Live migration – move a running VM from one host to another!
   No interruption of user access

Question 9

Most VMMs implement ___ to represent state of CPU per guest as guest believes it to be

Answer 9

virtual CPU (VCPU)

Question 10

When guest context switched onto CPU by VMM, information from VCPU __ and __

Answer 10

loaded and stored

Question 11

What are Control-sensitive instructions?

Answer 11

Control-sensitive instructions

• > affect the allocation of resources available to the virtual machine
• > change processor mode without causing a trap

Ex: Status register

Question 12

What are Behavior-sensitive instructions

Answer 12

Behavior-sensitive instructions

-> effect of execution depends upon location in real memory or on processor mode

Question 13

What is the essential requirement for virtual machines?

Answer 13

A virtual machine is an efficient, isolated duplicate of real machine

Question 14

When do privileged instructions cause faults?

When can they be ran?

Answer 14

Cause a fault in user mode

Work fine in privileged mode

Question 15

What is the Popek and Goldberg theorem?

Answer 15

For any conventional third-generation computer, a virtual machine monitor may be constructed if the set of sensitive instructions for that computer is a subset of the set of privileged instructions.

Question 16

Where do the virtual user mode and virtual kernel mode reside?

Answer 16

in real user mode

Question 17

In vms, actions in guest that usually cause switch to kernel mode must cause switch to ___

Answer 17

virtual kernel mode

Question 18

What usually happens when a user runs a sensitive instruction?

Answer 18

It gets TRAPed and runs in kernel

Question 19

How does switch from virtual user mode to virtual kernel mode occur?

Answer 19

Attempting a privileged instruction in user mode causes an error -> trap
VMM gains control, analyzes error, executes operation as attempted by guest
Returns control to guest in user mode
Known as trap-and-emulate
Most virtualization products use this at least in part

Question 20

But kernel mode privilege mode code runs ___ due to trap-and-emulate

Answer 20

slower

Question 21

In the (Real) 360 architecture, what are the execution modes?

Answer 21

supervisor and problem (user)

Question 22

In the (Real) 360 architecture
all sensitive instructions are \_\_\_ and traps to \_\_\_

Answer 22

privileged instructions

kernel

Question 23

Explain what happens in each case for both User mode and Priviledged mode in Virtual 360.

(1) non-sensitive instruction
(2) errant instruction
(3) sensitive instruction

Answer 23

User mode
(1) non-sensitive instruction
executes fine
(2) errant instruction
traps to VMM; VMM causes trap to occur on guest OS
(3) sensitive instruction
traps to VMM; VMM causes trap to occur on guest OS

Priviledged mode
(1) non-sensitive instruction
executes fine
(2) errant instruction
traps to VMM; VMM causes trap to occur on guest OS
(3) sensitive instruction
traps to VMM; VMM verifies and emulates instruction

Question 24

What is the problem with Intelx86 VMs?

Answer 24

Not all sensitive instructions are privileged instructions

Question 25

Why was popf a problem in Intelx86 VMs?

Answer 25

The behavior in the guest kernel mode was not the same as the behavior in hardware kernel

pops word off stack, setting processor flags according to word’s content
-> sets all flags if in ring 0
including interrupt-disable flag
-> just some of them if in other rings
ignores interrupt-disable flag

Question 26

How can we solve the popf problem with Binary rewriting?

Answer 26

Privilege-mode code run via binary translator
-> replaces sensitive instructions with hypercalls
-> translated code is cached
->usually translated just once
VMWare
U.S. patent 6,397,242

Question 27

What are hypercalls used for?

Answer 27

Hypercalls are used to replace the sensitive such that the overall behaviour is the same as what we got the real hardware.

Question 28

How does binary translation work in binary rewriting?

Answer 28

• > Code reads native instructions dynamically from guest, on demand, generates native binary code that executes in place of original code
• > Performance of this method would be poor without optimizations

Question 29

How does intel vanderpool technology work?

Answer 29

-> new processor mode
“ring -1”
root mode
other modes are non-root
-> non-VMM OSes must not be written to use root mode!

Question 30

How does paravirtualization work?

Answer 30

–> We modify the guest kernel to change all Sensitive instructions replaced with hypervisor calls

–> Virtual machine provides higher-level device interface
guest machine has no device drivers

–> This is much faster

Question 31

Consider a virtual memory
LA - 32 bits
2048 bytes pages
Page table is 8 bytes
How many levels needed in the paging table?

Answer 31

4

[ 1 | 8 | 8 | 8 | 11 ]

Question 32

Logical memory that uses segmentation logical address is 32 bits long. Segment selector is 6 bits long. What is the largest segment size

Answer 32

[ 6 | 26 ]

2^26 is the largest segment size