Operating System Support for Virtual Machines Samuel T
Total Page:16
File Type:pdf, Size:1020Kb
Proceedings of the 2003 USENIX Technical Conference Operating System Support for Virtual Machines Samuel T. King, George W. Dunlap, Peter M. Chen Computer Science and Engineering Division Department of Electrical Engineering and Computer Science University of Michigan http://www.eecs.umich.edu/CoVirt Abstract: A virtual-machine monitor (VMM) is a use- VMM is called a virtual machine. The hardware emu- ful technique for adding functionality below existing lated by the VMM typically is similar or identical to the operating system and application software. One class of hardware on which the VMM is running. VMMs (called Type II VMMs) builds on the abstrac- tions provided by a host operating system. Type II Virtual machines were first developed and used in VMMs are elegant and convenient, but their perfor- the 1960s, with the best-known example being IBM’s mance is currently an order of magnitude slower than VM/370 [Goldberg74]. Several properties of virtual that achieved when running outside a virtual machine (a machines have made them helpful for a wide variety of standalone system). In this paper, we examine the rea- uses. First, they can create the illusion of multiple vir- sons for this large overhead for Type II VMMs. We find tual machines on a single physical machine. These mul- that a few simple extensions to a host operating system tiple virtual machines can be used to run applications on can make it a much faster platform for running a VMM. different operating systems, to allow students to experi- Taking advantage of these extensions reduces virtualiza- ment conveniently with building their own operating tion overhead for a Type II VMM to 14-35% overhead, system [Nieh00], to enable existing operating systems to even for workloads that exercise the virtual machine run on shared-memory multiprocessors [Bugnion97], intensively. and to simulate a network of independent computers. Second, virtual machines can provide a software envi- ronment for debugging operating systems that is more 1. Introduction convenient than using a physical machine. Third, virtual machines provide a convenient interface for adding A virtual-machine monitor (VMM) is a layer of functionality, such as fault injection [Buchacker01], pri- software that emulates the hardware of a complete com- mary-backup replication [Bressoud96], and undoable puter system (Figure 1). The abstraction created by the disks. Finally, a VMM provides strong isolation guest guest guest application application application guest guest guest application application application guest operating system guest operating system virtual-machine monitor (VMM) virtual-machine monitor (VMM) host operating system host hardware host hardware Type I VMM Type II VMM Figure 1: Virtual-machine structures. A virtual-machine monitor is a software layer that runs on a host platform and provides an abstraction of a complete computer system to higher-level software. The host platform may be the bare hardware (Type I VMM) or a host operating system (Type II VMM). The software running above the virtual-machine abstraction is called guest software (operating system and applications). between virtual-machine instances. This isolation achieved by each host OS extension. Section 6 describes allows a single server to run multiple, untrusted applica- related work, and Section 7 concludes. tions safely [Whitaker02, Meushaw00] and to provide security services such as monitoring systems for intru- 2. Virtual machines sions [Chen01, Dunlap02, Barnett02]. Virtual-machine monitors can be classified along As a layer of software, VMMs build on a lower- many dimensions. This section classifies VMMs along level hardware or software platform and provide an two dimensions: the higher-level interface they provide interface to higher-level software (Figure 1). In this and the lower-level platform they build upon. paper, we are concerned with the lower-level platform The first way we can classify VMMs is according that supports the VMM. This platform may be the bare to how closely the higher-level interface they provide hardware, or it may be a host operating system. Building matches the interface of the physical hardware. VMMs the VMM directly on the hardware lowers overhead by such as VM/370 [Goldberg74] for IBM mainframes and reducing the number of software layers and enabling the VMware ESX Server [Waldspurger02] and VMware VMM to take full advantage of the hardware capabili- Workstation [Sugerman01] for x86 processors provide ties. On the other hand, building the VMM on a host an abstraction that is identical to the hardware under- operating system simplifies the VMM by allowing it to neath the VMM. Simulators such as Bochs [Boc] and use the host operating system’s abstractions. Virtutech Simics [Magnusson95] also provide an abstraction that is identical to physical hardware, Our goal for this paper is to examine and reduce although the hardware they simulate may differ from the the performance overhead associated with running a hardware on which they are running. VMM on a host operating system. Building it on a stan- dard Linux host operating system leads to an order of Several aspects of virtualization make it difficult or magnitude performance degradation compared to run- slow for a VMM to provide an interface that is identical ning outside a virtual machine (a standalone system). to the physical hardware. Some architectures include However, we find that a few simple extensions to the instructions whose behavior depends on whether the host operating system reduces virtualization overhead to CPU is running in privileged or user mode (sensitive 14-35% overhead, which is comparable to the speed of instructions), yet which can execute in user mode with- virtual machines that run directly on the hardware. out causing a trap to the VMM [Robin00]. Virtualizing these sensitive-but-unprivileged instructions generally The speed of a virtual machine plays a large part in requires binary instrumentation, which adds significant determining the domains for which virtual machines can complexity and may add significant overhead. In addi- be used. Using virtual machines for debugging, student tion, emulating I/O devices at the low-level hardware projects, and fault-injection experiments can be done interface (e.g. memory-mapped I/O) causes execution to even if virtualization overhead is quite high (e.g. 10x switch frequently between the guest operating system slowdown). However, using virtual machine in produc- accessing the device and the VMM code emulating the tion environments requires virtualization overhead to be device. To avoid the overhead associated with emulating much lower. Our CoVirt project on computer security a low-level device interface, most VMMs encourage or depends on running all applications inside a virtual require the user to run a modified version of the guest machine [Chen01]. To keep the system usable in a pro- operating system. For example, the VAX VMM security duction environment, we would like the speed of our kernel [Karger91], VMware Workstation’s guest tools virtual machine to be within a factor of 2 of a standalone [Sugerman01], and Disco [Bugnion97] all add special system. drivers in the guest operating system to accelerate the virtualization of some devices. VMMs built on host The paper is organized as follows. Section 2 operating systems often require additional modifications describes two ways to classify virtual machines, focus- to the guest operating system. For example, the original ing on the higher-level interface provided by the VMM version of SimOS adds special signal handlers to sup- and the lower-level platform upon which the VMM is port virtual interrupts and requires relinking the guest built. Section 3 describes UMLinux, which is the VMM operating system into a different range of addresses we use in this paper. Section 4 describes a series of [Rosenblum95]; similar changes are needed by User- extensions to the host operating system that enable vir- Mode Linux [Dike00] and UMLinux [Buchacker01]. tual machines built on the host operating system to approach the speed of those that run directly on the Other virtualization strategies make the higher- hardware. Section 5 evaluates the performance benefits level interface further different from the underlying hardware. The Denali isolation kernel does not support long as compiling it directly on a Linux host operating instructions that are sensitive but unprivileged, adds sev- system. VMMs that run directly on the bare hardware eral virtual instructions and registers, and changes the achieve much lower performance overhead. For exam- memory management model [Whitaker02]. Microker- ple, VMware Workstation 3.1 compiles the Linux 2.4.18 nels provide higher-level services above the hardware to kernel with only a 30% overhead relative to running support abstractions such as threads and inter-process directly on the host operating system. communication [Golub90]. The Java virtual machine defines a virtual architecture that is completely indepen- The goal of this paper is to examine and reduce the dent from the underlying hardware. order-of-magnitude performance overhead associated with running a VMM on a host operating system. We A second way to classify VMMs is according to find that a few simple extensions to a host operating sys- the platform upon which they are built [Goldberg73]. tem can make it a much faster platform for running a Type I VMMs such as IBM’s VM/370, Disco, and VMM, while preserving the conceptual elegance of the VMware’s ESX Server are implemented directly on the Type II approach. physical hardware. Type II VMMs are built completely on top of a host operating system. SimOS, User-Mode 3. UMLinux Linux, and UMLinux are all implemented completely on top of a host operating system. Other VMMs are a To conduct our study, we use a Type II VMM hybrid between Type I and II: they operate mostly on the called UMLinux [Buchacker01]. UMLinux was devel- physical hardware but use the host OS to perform I/O.