P3L6. Virtualization Flashcards
What is virtualization?
Virtualization allows concurrent execution of multiple operating systems (and their applications) on the same physical machine.
What are virtual resources?
Each OS thinks it “owns” hardware resources
What is a virtual machine (VM)?
OS + applications + virtual resources (called guest domain)
What is a virtualization layer?
management of physical hardware (virtual machine monitor, hypervisor)
What are the goals of a virtual machine monitor (VMM)?
- Fidelity: provide an environment that is essentially identical to the original machine 2. Performance: programs show at worst only minor decrease in speed 3. Safety & Isolation: VMM is in complete control of system resources
What are the benefits of virtualization?
+ consolidation: decrease cost, increase manageability + migration: availability, reliability + security + debugging + support for legacy operating systems
What are the two main virtualization models?
- Bare-metal or Hypervisor-based (type 1)
- VHH (hypervisor) manages all hardware resources and supports execution of VMs
- privilaged, service VM to deal with devices (and other configuration and management tasks)
- Hosted (type 2)
- host OS owns all hardware
- special VMM module provdes hardware interfaces to VMs and deals with VM context switching
Explain how processor virtualization (trap and emulate works).
What happens when the guest OS issues an instruction that’s non-privilaged? Privilaged?
Guest instructions are executed directly by hardware. The virtual machine monitor does not interfere with every instruction that’s issued by the guest OS or its applications.
Similarly, the hypervisor doesn’t interfere with non-privilaged operations. This allows instructions to execute at hardware speed, which is efficient.
For privilaged operations: trap to hypervisor
- if illegal operation: terminate VM
- if legal operation: emulate the behavior the guest OS was expecting from the hardware
What were the problems with virtualizing x86?
x86 pre 2005
- 4 rings, no root/non-root modes yet
- hypervisor in ring 0, guest OS in ring 1
BUT: 17 privilaged instructions no not trap! fail silently!
e.g., interrupt enable/disable bit in privilaged register; POPF/PUSHF instructions that access it from ring fail silently
hypervisor doesn’t know, so it doesn’t try to change settings
OS doesn’t know, so it assumes change was successful
What is binary translation?
Rewrite the VM vinary to never use specific instructions that fail silently rather than cause a trap to the hypervisor. Pioneered by VMWare.
What is paravirtualization?
Modify guest OS so that:
- it knows it’s running virtualized
- it makes explicit calls to the hypervirson (hypercalls)
- hypercall (~system call)
How does memory virtualization work?
Full Virtualization
- all guests expect contiguous physical memory starting at 0
- virtual vs physical vs machine addresses and page frame numbers
Option 1:
- guest page table: VA => PA
- hypervisor: PA => MA
- too expensive!
Option 2:
- guest page table: VA => PA
- hypervisor shadow page table: VA => MA
- hypervisor maintains consitency (e.g., invalidate on context switch, write protect to guest PT to track new mappings)
Paravirtualization
- guest aware of virtualization
- no longer strict requirement on contiguous physical memory starting at 0
- explicitly registers page tables with hypervisor
- can “batch” page table updates to reduce VM exist
What is the pass-through model of device virtualization?
Pros/Cons?
VMM-level driver configures device access permissions
Pros
+ VM provided with exclusive access to the device
+ VM can directly access the device (VMM-bypass)
Cons
- device sharing difficult
- VMM must have exact type of device as what VM expects
- VM migration tricky
What is the hypervisor-direct model of device virtualization?
VMM intercepts all device accsses and emulates device operation:
- translate to generic I/O operation
- traverse VMM-resident I/O stack
- invoke VMM-resident driver
Pros
+ VM decoupled from physical device
+ sharing, migration, dealing with specific devices
Cons
- latency of device operations
- device driver ecosystem adds complexity to hypervisor
What is the split device driver model of device virtualization?
Pros/Cons?
Device access control split between front-end driver in guest VM (device API) and back-end driver in service VM (or host). Requires modified guest drivers so it’s limited to paravirtualized guests.
Pros
+ eliminate emulation overhead
+ allow for better management fo shared devices
Cons
-
