P3L6 - Virtualization

Question 1

What is virtualization?

Answer 1

A solution created to allow a user to concurrently run diverse workloads on the same physical hardware without requiring that a single operating system be used

Question 2

T/F: With virtualization, each of the operating systems are deployed on the same physical platform

Answer 2

True

Question 3

Each operating system plus its applications and virtual resources are known as _____

Answer 3

Virtual Machine (VM)

Question 4

What is responsible for supporting the coexistence of multiple VMs on a single physical machine

Answer 4

The Virtualization Layer (VMM or hypervisor)

Question 5

A virtual machine is ____, _____ _____ of a real machine

Answer 5

efficient, isolated duplicate

Question 6

What are the 3 responsibilities of the VMM

Answer 6

1. Must provide an environment that is essentially identical to the original machine
2. Programs that run in the VM must show at worst only minor decreases in speed
3. Provides safety and isolated among the VMs

Question 7

What are the benefits of virtualization?

Answer 7

1. Virtualization enables consolidation (ability to run multiple VMs on a single platform)
2. Makes migration easier
3. Helps address availability and reliability

Question 8

Describe the Bare Metal Virtualization Model

Answer 8

Also known as hypervisor based or type 1 virtualization, VMM manages all the hardware resources and support execution of VMs

Question 9

What is an issue with the Bare Metal Virtualization Model?

Answer 9

Hypervisor must manage all possible devices

Question 10

How can the hypervisor battle managing all the possible devices in the Bare Metal Virtualization Model?

Answer 10

It integrates a special virtual machine known as a service VM that runs a standardized OS with full hardware access privileges

Question 11

Describe the Hosted Virtualization Model

Answer 11

Hosted or type 2 model involves a full fledged host OS that manages all the hardware resources and integrates a VMM which is responsible for providing the VMs with their virtual platform interface

Question 12

What is one benefit of the hosted virtualization model

Answer 12

It can leverage all of the services and mechanisms that are already developed for the host operating system

Question 13

How many protection levels are within x86 architecture?

Answer 13

Four known as rings

Question 14

Describe the rings (protection levels) of x86 architecture

Answer 14

Ring 0 - Hypervisor - Highest priority can access all resources and execute all hardware-supported instructions
Ring 1 - OS
Ring 3 - Applications

Question 15

Most recent x86 architectures introduce two different protection modes ___ and ____

Answer 15

root and non-root

Question 16

T/F: Within each protection mode of x86, 4 rings exist

Answer 16

True!

Question 17

Attempts by the guest OS to perform privileged operations cause traps known as _____

Answer 17

VMExits

Question 18

What happens when a VMExit occurs?

Answer 18

Trigger switch to root mode, passing control to the hypervisor

Question 19

T/F: Guest instructions are executed directly by the hardware

Answer 19

True

Question 20

What happens when a PRIVILEGED instruction is issued by a guest?

Answer 20

Trap to the hypervisor!

Question 21

How many hardware instructions were privileged but did not cause a trap in early x86 platforms?

Answer 21

17!

Question 22

What was one way that the problematic hardware instructions were handled?

Answer 22

Write the VM binary such that it never executes those instructions – binary translation

Question 23

When the guest OS is not modified, this type of virtualization is called ____ ____

Answer 23

full virtualization

Question 24

An approach which gives up on unmodified guests and instead focuses on performance is known as ______

Answer 24

paravirtualization

Question 25

Describe paravirtualization

Answer 25

Guest now knows that is running in virtualized environment on top of a hypervisor as opposed native physical resources

Question 26

A paravirtualized guest OS may not directly try to perform operations that is knows will fail but will instead make explicit calls to the _____ known as ____

Answer 26

hypervisor

hypercalls

Question 27

In full virtualization, describe the three types of addresses

Answer 27

1. Virtual Addresses - Used by applications in the Guest
2. Physical Addresses - used by the kernel of the guest
3. Machine Address - Corresponding to the actual physical address on the underlying physical platform

Question 28

How many page tables are there in full virtualization?

Answer 28

Two - One maintained by the guest OS and one maintained by the hypervisor

Question 29

Describe the passthrough model

Answer 29

The VMM-level driver is responsible for configuring access to a device. Guest VM has exclusive access to a device

Question 30

T/F: In the passthrough model the VM can directly access the device without interacting with the VMM

Answer 30

True

Question 31

What are the problems with passthrough?

Answer 31

Makes sharing devices across VMs difficult!

Breaks the decoupling of VM from hardware

Question 32

In the passthrough model who operations on and controls the device

Answer 32

The Guest VM and the device driver in the guest VM

Question 33

What is a benefit of virtualization

Answer 33

The guest VMs are decoupled from the physical hardware

Question 34

Describe the hypervisor direct model

Answer 34

The hypervisor intercepts every device access request

Question 35

What is a benefit of the hypervisor direct model

Answer 35

VM remains decoupled from the physical platform/device

Question 36

What is a downside of the hypervisor direct model

Answer 36

Device emulation step adds latency to device access

Question 37

Describe the Split Device Driver Model

Answer 37

All device accesses are controlled in a way that involves a component that resides in a guest VM and a component that resides in a hypervisor layer

Question 38

Why must the virtualization have the Guest OS and Applications at different protection levels?

Answer 38

“We don’t want a single application, when it crashes, to take down the guest OS”

Question 39

Why must the virtualization have the VMM and Guest OS at different protection levels?

Answer 39

“We don’t want a single faulty or malicious guest OS to bring down the hyperviso r in the entire machine”

Question 40

Where processor virtualization is concerned, how are privileged and non-privileged operations handled differently and why?

Answer 40

Non Privileged:
The VMM does not interfere. The instructions operate at hardware speed.

Privileged:
The processor causes a trap.
The VMM/Hypervisor takes over and decided whether to allow the instruction or not.

Why?: For safety

Question 41

Where processor virtualization is concerned, how are privileged and non-privileged operations handled similarly?

Answer 41

• All guest instructions are executed directly on the hardware.

Question 42

How does paravirtualization help avoid the “cursed 17 calls” or issues like it?

Answer 42

In para, the Guest OS is aware that it is virtual. It will not make any of the “cursed 17” calls because it knows they will fail.

Instead, it makes alternative calls directly to the hypervisor.

Question 43

Which of the following will cause a trap and exit to the hypervisor (for both binary translation and paravirtualized)

• Access a page that’s swapped
• Update to page table entry

Answer 43

• Access a page that’s swapped

This will always cause a trap because swapping a page will require the hardware MMU to get involved.

Updating a page table entry may or may not cause a trap, depending on if the Guest OS has been given write permissions.