1. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 CS 695 Topics in Virtualization and Cloud Computing More Introduction + Processor Virtualization (source for all images: “Virtual Machines: Versatile Platforms for Systems and Processes” Morgan Kaufmann; 1 st edition (June 3, 2005)

2. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 Process vs. System view of “machine” ● ABI – application binary interface ● ISA – instruction set architecture

3. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 Process Virtual Machine

4. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 System Virtual Machine

5. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 Virtual Machine Applications

6. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 System VM benefits ● Single application containers---reliability, isolation, security ● Mixed OS environments (legacy apps) ● Multi-platform application development ● Software testing and debugging ● Version transitioning ● Event monitoring and checkpointing ● Record-replay, migration of machines ● IaaS

7. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 Key VMM responsibilities ● State management – Switch VMs ● Resource control – VM has access to resources when scheduled ● cpu, memory region etc. – VMM owns & controls all resources

8. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 The interval time example ● interval timer ● OS (privileged) resource ● Set value to timer (register) when process scheduled ● Timer ticks to zero (time to deschedule process) ● Interrupt on regs value zero ● OS handles interrupt, schedules (new) process ● How to manage interval timer with VMs? ● Should OS of VM be able to read/write interval timer? ● Write ● Read

9. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 Processor Virtualization ● Different ISAs of guest and host – Emulation – Binary translation ● Same ISAs of guest and host – Direct native execution – In all cases?

10. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 Modes of execution ● User mode – Guest OS – VMM ● Privileged mode (System mode) – VMM

11. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 Types of instructions ● Privileged instructions – Reduced functionality or no-permissions in user mode – Generate trap when executed in user mode – E.g., – LPSW (load processor status word from memory location) ● Set CPU mode, PC etc. – SPT (set cpu timer) – LRA (load real address) – POPF (pop stack into eflags register)

12. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 Types of instructions ● What should be condition on guest VMs?

13. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 Virtualizability properties ● Popek & Goldberg (1974) – VMM should satisfy following properties 1. Efficiency ● Innocous instrucions natively executed 2. Resource control ● No direct control on physical resources for guest 3. Equivalence ● Identical behavior on native and virtual environments ● Performance and resource availability exceptions

14. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 Does this satisfy G&P conditions?

15. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 Does this satisfy G&P conditions? ● Theorem 1: – VMM can be constructed if, sensitive subset of priviliged ● Theorem 2: – VMM is virtualizable – VMM w/o timing dependencies

16. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 What about problem cases? ● Sensitive but unprivileged instructions ● Critical instructions – 1. popf, pushf ● no-op for interrupt enable/disable in user mode ● sensitive instruction – 2. %cs register ● Expose CPL to process (Guest OS in ring 3) – 3. lar, lsl ● Load access rights, load segment limits ● Answer depends on privilege level ● Guest OS is at ring 3! ● Instruction execution depends on mode/ring# and do not trap on execution

17. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 Handling Criticial instructions ● Scan and patch ● Paravirtualization – Replace criticial instructions with new 'safe' versions – New ISA exported by VMM – Guest OS needs to re-implement/re-compile ● Hardware-assisted virtualization ● AMD-V, VT-X ● Root and non-root modes ● Configure exit conditions ● (more on this in the kvm discussion)

18. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 Resource virtualization - Memory ● What do Guest VMs expect? – A linear memory address space – “Real” addressable area, staring from 0x00000000 ● Memory for processes – Virtual memory (and paging)

19. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 Paging on Native Systems ● cr3 ● page directory ● page table ● page

20. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 Paging on Native Systems source: Understanding the Linux kernel, O'Reilly Publication

21. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 Resource virtualization - Memory ● What do Guest VMs expect? – A linear memory address space – “Real” addressable area, staring from 0x00000000 ● Memory for processes – Virtual memory (and paging) ● How to virtualize memory to meet these requirements?

22. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 Terminology ● guest virtual address – gfn : guest frame number ● pseudo-physical address – pfn : physical frame number ● machine address – mfn : machine frame number

23. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 (Two-level) translation ● Virtual address of process in guest VM needs a real physical address Pseudo-physical address Guest virtual address Machine address v2p p2m Guest OSVM M

24. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 Direct Mapping source: Selective Hardware/Software Memory Virtualization, VEE 2011

25. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 Shadow Paging source: Selective Hardware/Software Memory Virtualization, VEE 2011

26. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 Hardware-assisted source: Selective Hardware/Software Memory Virtualization, VEE 2011

27. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 What about the TLB? ● Translation lookaside buffer ● v2m mapping in cache ● When is TLB flushed? ● Virtualizing the TLB

28. CS 695 Topics in Virtualization and Cloud Computing, Autumn 2012 Next class ● [kvm] – Review due on 1 st August, Wednesday before class ● Next week – [kvm] – [xen]