Lecture 11 - Virtual Machines Flashcards
What is the fundamental idea between virtual machines
Fundamental idea – abstract hardware of a single computer into several different execution environments
Similar to layered approach
But layers create virtual system (virtual machine, or VM) on which operating systems or applications can run
What are the 3 components of virtual machines?
- Host – underlying hardware system
- Virtual machine manager (VMM) or hypervisor – creates and runs virtual machines by providing interface that is identical to the host
(Except in the case of paravirtualization) - Guest – process provided with virtual copy of the host
Usually an operating system
What are the three types of hypervisors?
Type 0 hypervisors - Hardware-based solutions that provide support for virtual machine creation and management via firmware
IBM LPARs and Oracle LDOMs are examples
Type 1 hypervisors - Operating-system-like software built to provide virtualization
Including VMware ESX, Joyent SmartOS, and Citrix XenServer
Type 1 hypervisors – Also includes general-purpose operating systems that provide standard functions as well as VMM functions
Including Microsoft Windows Server with HyperV and RedHat Linux with KVM
Type 2 hypervisors - Applications that run on standard operating systems but provide VMM features to guest operating systems
Including VMware Workstation and Fusion, Parallels Desktop, and Oracle VirtualBox
Define paravirtualization
Technique in which the guest operating system is modified to work in cooperation with the VMM to optimize performance
Define Programming-environment virtualization
VMMs do not virtualize real hardware but instead create an optimized virtual system
Used by Oracle Java and Microsoft.Net
Define Emulators
Allow applications written for one hardware environment to run on a very different hardware environment, such as a different type of CPU
Define Application containment
Not virtualization at all but rather provides virtualization-like features by segregating applications from the operating system, making them more secure, manageable
Name 6 benefits of VMs
- Host system protected from VMs, VMs protected from each other
I.e. A virus less likely to spread
Sharing is provided though via shared file system volume, network communication - Freeze, suspend, running VM
Then can move or copy somewhere else and resume
Snapshot of a given state, able to restore back to that state
Some VMMs allow multiple snapshots per VM - Clone by creating copy and running both original and copy
Great for OS research, better system development efficiency - Run multiple, different OSes on a single machine
Consolidation, app dev, … - Templating – create an OS + application VM, provide it to customers, use it to create multiple instances of that combination
- Live migration – move a running VM from one host to another!
No interruption of user access
Most VMMs implement ___ to represent state of CPU per guest as guest believes it to be
virtual CPU (VCPU)
When guest context switched onto CPU by VMM, information from VCPU __ and __
loaded and stored
What are Control-sensitive instructions?
Control-sensitive instructions
- > affect the allocation of resources available to the virtual machine
- > change processor mode without causing a trap
Ex: Status register
What are Behavior-sensitive instructions
Behavior-sensitive instructions
-> effect of execution depends upon location in real memory or on processor mode
What is the essential requirement for virtual machines?
A virtual machine is an efficient, isolated duplicate of real machine
When do privileged instructions cause faults?
When can they be ran?
Cause a fault in user mode
Work fine in privileged mode
What is the Popek and Goldberg theorem?
For any conventional third-generation computer, a virtual machine monitor may be constructed if the set of sensitive instructions for that computer is a subset of the set of privileged instructions.
Where do the virtual user mode and virtual kernel mode reside?
in real user mode
In vms, actions in guest that usually cause switch to kernel mode must cause switch to ___
virtual kernel mode
What usually happens when a user runs a sensitive instruction?
It gets TRAPed and runs in kernel
How does switch from virtual user mode to virtual kernel mode occur?
Attempting a privileged instruction in user mode causes an error -> trap
VMM gains control, analyzes error, executes operation as attempted by guest
Returns control to guest in user mode
Known as trap-and-emulate
Most virtualization products use this at least in part
But kernel mode privilege mode code runs ___ due to trap-and-emulate
slower
In the (Real) 360 architecture, what are the execution modes?
supervisor and problem (user)
In the (Real) 360 architecture all sensitive instructions are \_\_\_ and traps to \_\_\_
privileged instructions
kernel
Explain what happens in each case for both User mode and Priviledged mode in Virtual 360.
(1) non-sensitive instruction
(2) errant instruction
(3) sensitive instruction
User mode
(1) non-sensitive instruction
executes fine
(2) errant instruction
traps to VMM; VMM causes trap to occur on guest OS
(3) sensitive instruction
traps to VMM; VMM causes trap to occur on guest OS
Priviledged mode
(1) non-sensitive instruction
executes fine
(2) errant instruction
traps to VMM; VMM causes trap to occur on guest OS
(3) sensitive instruction
traps to VMM; VMM verifies and emulates instruction
What is the problem with Intelx86 VMs?
Not all sensitive instructions are privileged instructions
Why was popf a problem in Intelx86 VMs?
The behavior in the guest kernel mode was not the same as the behavior in hardware kernel
pops word off stack, setting processor flags according to word’s content -> sets all flags if in ring 0 including interrupt-disable flag -> just some of them if in other rings ignores interrupt-disable flag
How can we solve the popf problem with Binary rewriting?
Privilege-mode code run via binary translator
-> replaces sensitive instructions with hypercalls
-> translated code is cached
->usually translated just once
VMWare
U.S. patent 6,397,242
What are hypercalls used for?
Hypercalls are used to replace the sensitive such that the overall behaviour is the same as what we got the real hardware.
How does binary translation work in binary rewriting?
- > Code reads native instructions dynamically from guest, on demand, generates native binary code that executes in place of original code
- > Performance of this method would be poor without optimizations
How does intel vanderpool technology work?
-> new processor mode “ring -1” root mode other modes are non-root -> non-VMM OSes must not be written to use root mode!
How does paravirtualization work?
–> We modify the guest kernel to change all Sensitive instructions replaced with hypervisor calls
–> Virtual machine provides higher-level device interface
guest machine has no device drivers
–> This is much faster
Consider a virtual memory LA - 32 bits 2048 bytes pages Page table is 8 bytes How many levels needed in the paging table?
4
[ 1 | 8 | 8 | 8 | 11 ]
Logical memory that uses segmentation logical address is 32 bits long. Segment selector is 6 bits long. What is the largest segment size
[ 6 | 26 ]
2^26 is the largest segment size
