OS Virtualization

Based on Tanenbaum 8.3 Outline

• Background • What is Virtualization? • Why would we want it? • Why is it hard? • How do we do it? • Choices

2 MicroKernel What is Virtualization?

• OS virtualization – Create a platform that emulates a hardware platform and allow multiple instances of an OS to use that platform, as though they have full and exclusive access to the underlying hardware

4 What is Virtualization?

Applications Applications Applications Applications

OS 1 OS 2 OS 3 OS 4

Virtualization Platform

Hardware

5 Virtualization – Why?

• Server Consolidation – Often many servers support 1 major application – Strong isolation between VMs – Virtualization saves on hardware & energy • Disaster Recovery • High Availability • Testing and Deployment

6 Virtualization – Why?

• Desktop Consolidation – Support for legacy applications – Software Development – Training

7 The Problem

• OS uses kernel mode / user mode to protect the OS. – System calls (privileged instructions) generate a trap (software interrupt) that forces a switch to kernel mode – These calls trigger sensitive instructions (I/O, MMU control, etc.) that must only be executed by the kernel

8 The Problem

• If our VM now runs in user space, we cannot run sensitive instructions in it, since those must trap to kernel space. • Solved in 2005 with new CPUs – Intel Core 2 – VT (Virtualization Technology) – AMD Pacific – SVM (Secure Virtual Machine) – Provides new instructions that allow VM to capture traps

9 Implementation

• Type 1 Hypervisor • Type 2 Hypervisor • Paravirtualization

10 Type 1 Hypervisor

• Runs on “bare metal” • Virtual machines run in user mode – VM runs the guest OS (which thinks it is running in kernel mode) – Virtual kernel Mode – If guest OS calls sensitive instructions, hypervisor will trap and execute the instructions. – If application on guest OS calls sensitive instructions (system calls), hypervisor traps to guest OS.

11 Type 1 Hypervisors

Figure 8-26. When the operating system in a virtual machine executes a kernel-only instruction, it traps to the hypervisor if virtualization technology is present.

• Runs from within a OS. • Supports guest OSs above it. – Boot from CD to load new OS – Read in code, looking for basic blocks – Then inspect basic block to find sensitive instructions. If found, replace with VM call (process called binary translation) – Then, cache block and execute. – Eventually all basic blocks will be modified and cached, and will run at near native speed.

13 Type 2 Hypervisor

Applications Applications Applications

OS 1 OS 2 OS 3

Virtualization Platform Applications

Base Operating System

Hardware

14 Paravirtualization

• Modify Guest OS so that all calls to sensitive instructions are changed to hypervisor calls. • Much easier (and more efficient) to modify source code than to emulate hardware instructions (as in binary translation). • In effect, turns the hypervisor into a microkernel.

15 Paravirtualization (1)

Figure 8-27. A hypervisor supporting both true virtualization and paravirtualization.

16 Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639 Problems with Paravirtualization • Paravirtualized systems won’t run on native hardware • There are many different paravirtualization systems that use different commands, etc. – VMware, Xen, etc. • Proposed solution: – Modify the OS kernel so that it calls a special set of procedures to execute sensitive instructions (Virtual Machine Interface ) • Bare metal – link to library that implement code • On VM – link to VM specific library 17 Paravirtualization (2)

Figure 8-28. VMI Linux running on (a) the bare hardware (b) VMware (c) Xen.

• Microsoft – Virtual PC, Hyper-V • QEMU – Processor Emulation & VM • Sun Microsystems – xVM, VirtualBox • VMware – ESX Server, Workstation, Fusion, Player, Server • Xen – Xen • VirtualIron

19 Memory Virtualization

• OS tracks mapping of virtual memory pages to physical memory pages. • Builds page tables, then update paging register (trap). • Allow hypervisor to manage page mapping, and use shadow page tables for the VMs

20 Shadow Page Table Memory Virtualization

• Changes to page tables do NOT trap! – One solution: Mark shadow page tables as read only. Then when VM tries to write to table, page fault traps to hypervisor. – Paravirtualized OS: Since OS has been modified to account for hypervisor, page table updates can be followed by call to hypervisor about changes.

22 Memory Virtualization • VMM creates and manages page tables that map virtual pages directly to machine pages – These tables are loaded into the MMU on a context switch – VMM page tables are the shadow page tables • VMM needs to keep its Virtual-Map tables consistent with changes made by OS to its Virtual-Physical tables – VMM maps OS page tables as read only – When OS writes to page tables, trap to VMM – VMM applies write to shadow table and OS table,

23 I/O Virtualization

• Each guest OS holds its own “partition”. – Typically implemented as a file or region on disk – Hypervisor must convert guest OS address (block #) into physical address in region – May convert between storage types. – Must deal with DMA requests

24 VM on Multi-core CPUs

• Each core can be configured for multiple virtual machines. – A Quad-core CPU could be configured as a 32 node multi-computer – Limiting factor is often memory. Each guest OS has its own requirements (512 MB?)

25 Summary

• Virtualization provides a way to consolidate OS installations onto fewer hardware platforms • 3 basic approaches – type 1 hypervisor – type 2 hypervisor – Paravirtualization • Must also account for virtual access to shared resources (memory, I/O) cs431-cotter 26 References

• Virtual Machine Interface – http://vmi.ncsa.uiuc.edu/ • VirtualBox – https://www.virtualbox.org • Xen Hypervisor (Red Hat Linux) – http://www.xen.org/ • Virtual PC 2007 – http://www.microsoft.com cs431-cotter 27