DOCSLIB.ORG

Extending Xen* with Intel Virtualization Technology

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Extending Xen* with Intel Virtualization Technology Intel Technology Journal, Volume 10, Issue 3, 2006 Extending Xen* with Intel® Virtualization Technology Yaozu Dong, Core Software Division, Intel Corporation Shaofan Li, Core Software Division, Intel Corporation Asit Mallick, Core Software Division, Intel Corporation Jun Nakajima, Core Software Division, Intel Corporation Kun Tian, Core Software Division, Intel Corporation Xuefei Xu, Core Software Division, Intel Corporation Fred Yang, Core Software Division, Intel Corporation Wilfred Yu, Core Software Division, Intel Corporation Index words: Xen, Virtualization, Hypervisor, Intel® VT, virtual machine monitor ABSTRACT “paravirtualization,” and it delivers near native performance for the guest OS, only if the guest OSs Xen* is an open source virtual machine monitor (VMM) source code can be modified. developed at the University of Cambridge to support operating systems (OSs) that have been modified to run Xen versions 1.0 and 2.0 use paravirtualization * on top of the monitor. Intel has extended the Xen VMM techniques to support 32-bit platforms and Linux guests. ∆ to use Intel® Virtualization Technology (VT) to support They use the standard IA-32 protection and unmodified guest OSs also. This was done for IA-32 segmentation architecture for system resource Intel® Architecture processors as well as Itanium® virtualization. The hypervisor runs in the highest architecture processors. privilege level ring 0 and has full access to all memory on the system. Guest OSs use privilege levels 1, 2, and 3 In this paper we describe the changes that have been as they see fit. Segmentation is used to prevent the guest made to Xen to enable this support. We also highlight OS from accessing the Xen address space. the optimizations that have been made to date to deliver good virtualized performance. Xen 3.0 is the first open-source VMM that uses Intel Virtualization Technology (VT) to support unmodified INTRODUCTION guest OSs as well as paravirtualized guest OSs. Xen 3.0 also added support for 64-bit platforms and 64-bit guests Xen is an open source virtual machine monitor (VMM) [9]. Page-level protection is used to protect the 64-bit that allows the hardware resources of a machine to be hypervisor from the guest. virtualized and dynamically shared between OSs running on top of it [1]. Each virtual machine (VM) is called a In this paper, we begin with a brief overview of Intel VT Domain, in Xen terminology. Xen provides isolated and then we explain how we extended Xen to take execution for each domain, preventing failures or advantage of VT. We highlight key virtualization issues ® Φ malicious activities in one domain from impacting for IA-32, Intel EM64T , and Itanium processors and another domain. The Xen hypervisor and Domain0 explain how they are addressed in Xen 3.0. Finally, we (Dom0) are a required part of any Xen-based server. highlight some of the changes that have been made to the Multiple user domains, called DomainU in Xen hypervisor and the device models to improve terminology, can be created to run guest OSs. performance. Unlike the full virtualization solutions offered by the INTEL® VIRTUALIZATION IBM VM/370*, or VMware’s ESX* and Microsoft’s Virtual PC product*, Xen began life as a VMM for guest TECHNOLOGY OSs that have been modified to run on the Xen Intel VT is a collection of processor technologies that hypervisor. User applications within these OSs run as is, enables robust execution of unmodified guest OSs on i.e., unmodified. This technique is called Intel VT-enhanced VMMs [2]. VT-x defines the Extending Xen* with Intel® Virtualization Technology 193 Intel Technology Journal, Volume 10, Issue 3, 2006 extensions to the IA-32 Intel Architecture [3]. VT-i address bits are available. When the guest OS is running defines the extensions to the Intel Itanium architecture with PSR.vm = 1, the uppermost implemented virtual- [4]. address bit is made unavailable to the guest. Instruction or data fetches with any of these address bits set will VT-x augments IA-32 with two new forms of CPU trigger unimplemented data/instruction address faults or operation: virtual machine extensions (VMX) root unimplemented instruction address traps. This provides operations and VMX non-root operations. The transition the VMM a dedicated address space that guest software from VMX root operation to VMX non-root operation is cannot access. called a VM entry. The transition from a VMX non-root operation to VMX root operation is called a VM exit. VT-i also defines the processor abstraction layer (PAL) interfaces that can be used by the VMM to create and A virtual-machine control structure (VMCS) is defined manage VMs. A Virtual Processor Descriptor (VPD) is to manage VM entries and exits, and it controls the defined to represent the resources of a virtual processor. behavior of instructions in a non-root operation. The PAL procedures are defined to allow the VMM to VMCS is logically divided into sections, two of which configure logical processors for virtualization operations are the guest-state area and the host-state area. These and to suspend or resume virtual processors. PAL run- areas contain fields corresponding to different time services are defined to support performance-critical components of processor state. VM entries load VMM operations. processor state from the guest-state area. VM exits save processor state to the guest-state area and then load processor state from the host-state area. EXTENDING XEN* WITH INTEL VT Xen 3.0 architecture (Figure 1) has a small hypervisor The VMM runs in root operation while the guests run in kernel that deals with virtualizing the CPU, memory, and VMX non-root operation. Both forms of operation critical I/O resources, such as the interrupt controller. support all four privilege levels (i.e., rings 0, 1, 2, and Dom0 is a paravirtualized Linux that has privileged 3). The VM-execution control fields in the VMCS allow access to all I/O devices in the platform and is an the VMM to control the behavior of some instructions in integral part of any Xen-based system. Xen 3.0 also VMX non-root operation and the events that will cause includes a control panel that controls the sharing of the VM exits. Instructions like CPUID, MOV from CR3, processor, memory, network, and block devices. Access RDMSR, and WRMSR will trigger VM exits to the control interface is limited to Dom0. Multiple user unconditionally to allow the VMM to control the domains, called DomainU (DomU) can be created to run behavior of the guest. paravirtualized guest OSs. Dom0 and DomU OSs use VT-i expands the Itanium processor family (IPF) to hypercalls to request services from the Xen hypervisor. enable robust execution of VMs. A new processor status When Intel VT is used, fully virtualized domains can be register bit (PSR.vm) has been added to define a new created to run unmodified guest OSs. These fully operating mode for the processor. The VMM runs with virtualized domains are given the special name of HVMs this bit cleared while the guest OS runs with it set. (hardware-based virtual machines). Xen presents to each Privileged instructions, including non-privileged HVM guest a virtualized platform that resembles a instructions like thash, ttag and mov cupid that may classic PC/server platform with a keyboard, mouse, reveal the true operating state of the processor, trigger graphics display, disk, floppy, CD-ROM, etc. This virtualization faults when operating in this mode. virtualized platform support is provided by the Virtual The PSR.vm bit also controls the number of virtual- I/O Devices module. address bits that are available to software. When a VMM In the following sections we describe the extensions to is running with PSR.vm = 0, all implemented virtual- each of these Xen components. Extending Xen* with Intel® Virtualization Technology 194 Intel Technology Journal, Volume 10, Issue 3, 2006 Domain0: Para-Virtualization DomainU: Para-Virtualization HVM (Hardware Virtual Machine) Domain Domain Domain Virtual I/O Virtual I/O Control Devices App App App App App Panel FE Virtual Drivers Unmodified OS F Backend Backend Drivers Drivers Drivers Drivers Virtual Virtual ront en ront Device Device Virtual Virtual Native Native driver driver d Guest BIOS Xenlinux Xenlinux Virtual Platform Hypercall/Event VM Exit/Entry Xen Hypervisor Virtual I/O Devices Virtual MMU Virtual CPU Local IO APIC, PIT Platform with Hardware-Based Virtualization (e.g. Intel® Virtualization Technology on IA-32, EM64T, IPF, aka IA-64) Figure 1: Xen 3.0 architecture Control Panel (MADT). The BIOS and the early OS loader expect to run in real mode. To create the environment needed by We have extended the control panel to support creating, these codes, we use VMXAssist to configure the VT-x controlling, and destroying HVM domains. The user can guest to execute in virtual-8086 mode. Instructions that specify configuration parameters such as the guest cannot be executed in this mode are intercepted and memory map and size, the virtualized disk location, emulated with a software emulator. network configuration, etc. For VT-i, we developed a guest firmware using the The control panel loads the guest firmware into the Intel® Platform Innovation Framework for Extensible HVM domain and creates the device model thread Firmware Interface (EFI). This guest firmware provides (explained later) that will run in Dom0 to service all EFI boot services required by IPF guest OSs. It is input/output (I/O) requests from the HVM guest. The compatible with the Developer’s Interface Guide for 64- control panel also configures the virtual devices seen by bit Intel® Architecture-based Servers (DIG64) and the HVM guest, such as the interrupt binding and the provides the System Abstraction Layer (SAL), ACPI 2.0, PCI configuration.
Load more

Recommended publications
  • Effective Virtual CPU Configuration with QEMU and Libvirt
    Effective Virtual CPU Configuration with QEMU and libvirt Kashyap Chamarthy <[email protected]> Open Source Summit Edinburgh, 2018 1 / 38 Timeline of recent CPU flaws, 2018 (a) Jan 03 • Spectre v1: Bounds Check Bypass Jan 03 • Spectre v2: Branch Target Injection Jan 03 • Meltdown: Rogue Data Cache Load May 21 • Spectre-NG: Speculative Store Bypass Jun 21 • TLBleed: Side-channel attack over shared TLBs 2 / 38 Timeline of recent CPU flaws, 2018 (b) Jun 29 • NetSpectre: Side-channel attack over local network Jul 10 • Spectre-NG: Bounds Check Bypass Store Aug 14 • L1TF: "L1 Terminal Fault" ... • ? 3 / 38 Related talks in the ‘References’ section Out of scope: Internals of various side-channel attacks How to exploit Meltdown & Spectre variants Details of performance implications What this talk is not about 4 / 38 Related talks in the ‘References’ section What this talk is not about Out of scope: Internals of various side-channel attacks How to exploit Meltdown & Spectre variants Details of performance implications 4 / 38 What this talk is not about Out of scope: Internals of various side-channel attacks How to exploit Meltdown & Spectre variants Details of performance implications Related talks in the ‘References’ section 4 / 38 OpenStack, et al. libguestfs Virt Driver (guestfish) libvirtd QMP QMP QEMU QEMU VM1 VM2 Custom Disk1 Disk2 Appliance ioctl() KVM-based virtualization components Linux with KVM 5 / 38 OpenStack, et al. libguestfs Virt Driver (guestfish) libvirtd QMP QMP Custom Appliance KVM-based virtualization components QEMU QEMU VM1 VM2 Disk1 Disk2 ioctl() Linux with KVM 5 / 38 OpenStack, et al. libguestfs Virt Driver (guestfish) Custom Appliance KVM-based virtualization components libvirtd QMP QMP QEMU QEMU VM1 VM2 Disk1 Disk2 ioctl() Linux with KVM 5 / 38 libguestfs (guestfish) Custom Appliance KVM-based virtualization components OpenStack, et al.
    [Show full text]
  • A Virtual Machine Environment for Real Time Systems Laboratories
    AC 2007-904: A VIRTUAL MACHINE ENVIRONMENT FOR REAL-TIME SYSTEMS LABORATORIES Mukul Shirvaikar, University of Texas-Tyler MUKUL SHIRVAIKAR received the Ph.D. degree in Electrical and Computer Engineering from the University of Tennessee in 1993. He is currently an Associate Professor of Electrical Engineering at the University of Texas at Tyler. He has also held positions at Texas Instruments and the University of West Florida. His research interests include real-time imaging, embedded systems, pattern recognition, and dual-core processor architectures. At the University of Texas he has started a new real-time systems lab using dual-core processor technology. He is also the principal investigator for the “Back-To-Basics” project aimed at engineering student retention. Nikhil Satyala, University of Texas-Tyler NIKHIL SATYALA received the Bachelors degree in Electronics and Communication Engineering from the Jawaharlal Nehru Technological University (JNTU), India in 2004. He is currently pursuing his Masters degree at the University of Texas at Tyler, while working as a research assistant. His research interests include embedded systems, dual-core processor architectures and microprocessors. Page 12.152.1 Page © American Society for Engineering Education, 2007 A Virtual Machine Environment for Real Time Systems Laboratories Abstract The goal of this project was to build a superior environment for a real time system laboratory that would allow users to run Windows and Linux embedded application development tools concurrently on a single computer. These requirements were dictated by real-time system applications which are increasingly being implemented on asymmetric dual-core processors running different operating systems. A real time systems laboratory curriculum based on dual- core architectures has been presented in this forum in the past.2 It was designed for a senior elective course in real time systems at the University of Texas at Tyler that combines lectures along with an integrated lab.
    [Show full text]
  • Understanding Full Virtualization, Paravirtualization, and Hardware Assist
    VMware Understanding Full Virtualization, Paravirtualization, and Hardware Assist Contents Introduction .................................................................................................................1 Overview of x86 Virtualization..................................................................................2 CPU Virtualization .......................................................................................................3 The Challenges of x86 Hardware Virtualization ...........................................................................................................3 Technique 1 - Full Virtualization using Binary Translation......................................................................................4 Technique 2 - OS Assisted Virtualization or Paravirtualization.............................................................................5 Technique 3 - Hardware Assisted Virtualization ..........................................................................................................6 Memory Virtualization................................................................................................6 Device and I/O Virtualization.....................................................................................7 Summarizing the Current State of x86 Virtualization Techniques......................8 Full Virtualization with Binary Translation is the Most Established Technology Today..........................8 Hardware Assist is the Future of Virtualization, but the Real Gains Have
    [Show full text]
  • Introduction to Virtualization Virtualization
    Introduction to Virtualization Prashant Shenoy Computer Science CS691D: Hot-OS Lecture 2, page 1 Virtualization • Virtualization: extend or replace an existing interface to mimic the behavior of another system. – Introduced in 1970s: run legacy software on newer mainframe hardware • Handle platform diversity by running apps in VMs – Portability and flexibility Computer Science CS691D: Hot-OS Lecture 2, page 2 Types of Interfaces • Different types of interfaces – Assembly instructions – System calls – APIs • Depending on what is replaced /mimiced, we obtain different forms of virtualization Computer Science CS691D: Hot-OS Lecture 2, page 3 Types of Virtualization • Emulation – VM emulates/simulates complete hardware – Unmodified guest OS for a different PC can be run • Bochs, VirtualPC for Mac, QEMU • Full/native Virtualization – VM simulates “enough” hardware to allow an unmodified guest OS to be run in isolation • Same hardware CPU – IBM VM family, VMWare Workstation, Parallels,… Computer Science CS691D: Hot-OS Lecture 2, page 4 Types of virtualization • Para-virtualization – VM does not simulate hardware – Use special API that a modified guest OS must use – Hypercalls trapped by the Hypervisor and serviced – Xen, VMWare ESX Server • OS-level virtualization – OS allows multiple secure virtual servers to be run – Guest OS is the same as the host OS, but appears isolated • apps see an isolated OS – Solaris Containers, BSD Jails, Linux Vserver • Application level virtualization – Application is gives its own copy of components that are not shared • (E.g., own registry files, global objects) - VE prevents conflicts – JVM Computer Science CS691D: Hot-OS Lecture 2, page 5 Examples • Application-level virtualization: “process virtual machine” • VMM /hypervisor Computer Science CS691D: Hot-OS Lecture 2, page 6 The Architecture of Virtual Machines J Smith and R.
    [Show full text]
  • Oracle® Linux Virtualization Manager Getting Started Guide
    Oracle® Linux Virtualization Manager Getting Started Guide F25124-11 September 2021 Oracle Legal Notices Copyright © 2019, 2021 Oracle and/or its affiliates. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial computer software documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the license contained in the applicable contract.
    [Show full text]
  • Virtualizationoverview
    VMWAREW H WHITEI T E PPAPERA P E R Virtualization Overview 1 VMWARE WHITE PAPER Table of Contents Introduction .............................................................................................................................................. 3 Virtualization in a Nutshell ................................................................................................................... 3 Virtualization Approaches .................................................................................................................... 4 Virtualization for Server Consolidation and Containment ........................................................... 7 How Virtualization Complements New-Generation Hardware .................................................. 8 Para-virtualization ................................................................................................................................... 8 VMware’s Virtualization Portfolio ........................................................................................................ 9 Glossary ..................................................................................................................................................... 10 2 VMWARE WHITE PAPER Virtualization Overview Introduction Virtualization in a Nutshell Among the leading business challenges confronting CIOs and Simply put, virtualization is an idea whose time has come. IT managers today are: cost-effective utilization of IT infrastruc- The term virtualization broadly describes the separation
    [Show full text]
  • Oracle Virtualbox Installation, Setup, and Ubuntu Introduction
    ORACLE VIRTUALBOX INSTALLATION, SETUP, AND UBUNTU INTRODUCTION • VirtualBox is a hardware virtualization program. • Create virtual computers aka virtual machines. • Prototyping, sandboxing, testing. • The computer that VirtualBox is installed on is called the “host”, and each virtual machine is called a “guest”. PREREQUISITES Since virtual machines share resources with the host computer, we need to know what resources we have available on our host. • Click “Type here to search”. • Search for “System Information”. • Note the number of processor cores and the amount of RAM installed in your host. PREREQUISITES • Expand “Components”. • Expand “Storage”. • Select “Drives”. • Note the amount of free space available on your host. Every computer is different, so how we will need to balance these resources between our host and guest systems will differ. DOWNLOADING VIRTUALBOX • VISIT VIRTUALBOX.ORG • SELECT THE CORRECT PACKAGE • CLICK THE DOWNLOAD LINK. FOR YOUR HOST. INSTALLING VIRTUALBOX • Browse to where you downloaded VirtualBox and run the installer. • All default options will be fine. Simply follow the prompts. INSTALLING VIRTUALBOX • CLICK “FINISH”. • VIRTUALBOX INSTALLED! SETTING THINGS UP Before we build our first virtual machine, we need to download an operating system to install as our “guest”. • Visit Ubuntu.com • Click “Download”. • Select the current Ubuntu Desktop “LTS” release. • LTS releases focus on stability rather than cutting edge features. SETTING THINGS UP • IN VIRTUALBOX, CLICK “NEW”. • NAME THE VIRTUAL MACHINE. SETTING THINGS UP Here’s where we will need the system resources information that we looked up earlier. Each virtual machine functions like a separate computer in and of itself and will need to share RAM with the host.
    [Show full text]
  • Container and Kernel-Based Virtual Machine (KVM) Virtualization for Network Function Virtualization (NFV)
    Container and Kernel-Based Virtual Machine (KVM) Virtualization for Network Function Virtualization (NFV) White Paper August 2015 Order Number: 332860-001US YouLegal Lines andmay Disclaimers not use or facilitate the use of this document in connection with any infringement or other legal analysis concerning Intel products described herein. You agree to grant Intel a non-exclusive, royalty-free license to any patent claim thereafter drafted which includes subject matter disclosed herein. No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps. The products described may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Copies of documents which have an order number and are referenced in this document may be obtained by calling 1-800-548-4725 or by visiting: http://www.intel.com/ design/literature.htm. Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Learn more at http:// www.intel.com/ or from the OEM or retailer. Results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance. For more complete information about performance and benchmark results, visit www.intel.com/benchmarks. Tests document performance of components on a particular test, in specific systems.
    [Show full text]
  • Introduction to Real-Time Virtualization (Hypervisor)
    Introduction to the NI Real-Time Hypervisor 1 Agenda 1) NI Real-Time Hypervisor overview 2) Basics of virtualization technology 3) Configuring and using Real-Time Hypervisor systems 4) Performance and benchmarks 5) Case study: aircraft arrestor system NI Real-Time Hypervisor Overview NI Real-Time Hypervisor • Run NI LabVIEW Real-Time Windows XP LabVIEW Real-Time and Windows XP in parallel • Partition I/O devices, RAM, NI Real-Time Hypervisor and CPUs between OSs • Uses virtualization I/O RAM CPUs technology and Intel VT Benefits of the Real-Time Hypervisor • Capability: make use of real-time processing and Windows XP services Applications Determinism Graphics Real-Time I/O Services Timing Benefits of the Real-Time Hypervisor • Consolidation: reduce hardware costs, wiring, and physical footprint Virtualized System with NI Real-Time Hypervisor Benefits of the Real-Time Hypervisor • Efficiency: take advantage of multicore processors effectively Quad-Core Controller with Virtualization Windows XP LabVIEW Real-Time Basics of Virtualization Technology What Is Virtualization? • The term: refers to abstraction of OSs from hardware resources • In practice: running multiple OSs simultaneously on a single computer Virtualization Software Architectures • Software: virtual machine monitor (VMM) or Hypervisor • Two main variations: hosted and bare-metal Hosted (VMWare) Bare-Metal (NI Real-Time Hypervisor) How Does Virtualization Software Work? • OSs are “unaware” of being virtualized • Hypervisor is called only when needed • Various mechanisms for
    [Show full text]
  • Oracle VM Virtualbox Data Sheet
    ORACLE DATA SHEET ORACLE VM VIRTUALBOX KEY FEATURES Oracle VM VirtualBox is cross-platform virtualization software that allows you • Available for Windows, Mac OS X, Linux to extend your existing computer to run multiple operating systems at the same and Oracle Solaris host operating systems time. Designed for IT professionals, Oracle VM VirtualBox runs on Windows, • Supports a wide-range of guest Mac OS X, Linux and Oracle Solaris systems and is ideal for testing, platforms developing, demonstrating and deploying solutions across multiple platforms on • Easy to use graphical user interface one machine. • Powerful, scriptable command-line interface • Import and export virtual machines using OVF/OVA standards • Shared folders between guest vm and host machine • Seamless, resizable, and full screen window display modes • Video and 3D (OpenGL, DirectX) acceleration • Multiple virtual screen support • Powerful and flexible networking options • USB and serial ports • SAS, SATA, SCSI and IDE storage controllers • Built-in iSCSI initiator • Built-in Remote Display Server • Multi-generational branched snapshots • Linked and Full Clones • Controllable Copy-and-Paste • VM Groups Easy to use, Fast and Powerful, Great Platform coverage KEY BENEFITS Designed for use on systems ranging from ultrabooks to high-end server class hardware, • Run almost any type of application on your existing machine Oracle VM VirtualBox is lightweight and easy to install and use. Yet under the deceptively simple exterior lies an extremely fast and powerful virtualization engine. With a formidable • Quickly and easily try out new platforms reputation for speed and agility, Oracle VM VirtualBox contains innovative features to deliver • Create an optimum test and tangible business benefits: significant performance improvements; a more powerful development environment virtualization system; and a wider range of supported guest operating system platforms.
    [Show full text]
  • KVM: Linux-Based Virtualization
    KVM: Linux-based Virtualization Avi Kivity [email protected] Columbia University Advanced OS/Virtualization course Agenda Quick view Power management Features Non-x86 KVM Execution loop Real time Memory management Xenner Linux Integration Community Paravirtualization Conclusions I/O Copyright © 2007 Qumranet, Inc. All rights reserved. At a glance KVM – the Kernel-based Virtual Machine – is a Linux kernel module that turns Linux into a hypervisor Requires hardware virtualization extensions Supports multiple architectures: x86 (32- and 64- bit) s390 (mainframes), PowerPC, ia64 (Itanium) Competitive performance and feature set Advanced memory management Tightly integrated into Linux 3 Copyright © 2007 Qumranet, Inc. All rights reserved. The KVM approach Reuse Linux code as much as possible Focus on virtualization, leave other things to respective developers Integrate well into existing infrastructure, codebase, and mindset Benefit from semi-related advances in Linux Copyright © 2007 Qumranet, Inc. All rights reserved. VMware Console User User User VM VM VM VM Hypervisor Driver Driver Driver Hardware Copyright © 2007 Qumranet, Inc. All rights reserved. Xen User User User Domain 0 VM VM VM Driver Driver Hypervisor Driver Hardware Copyright © 2007 Qumranet, Inc. All rights reserved. KVM Ordinary LinuxOrdinary User User User Ordinary ProcessLinux VM VM VM ProcessLinux Process KVM Modules Linux Driver Driver Driver Hardware Copyright © 2007 Qumranet, Inc. All rights reserved. KVM model enefits Reuse scheduler, memory management, bringup Reuse Linux driver portfolio Reuse I/O stack Reuse management stack Copyright © 2007 Qumranet, Inc. All rights reserved. KVM Process Model task task guest task task guest kernel 9 Copyright © 2007 Qumranet, Inc. All rights reserved. KVM Execution Model Three modes for thread execution instead of the traditional two: User mode Kernel mode Guest mode A virtual CPU is implemented using a Linux thread The Linux scheduler is responsible for scheduling a virtual cpu, as it is a normal thread 10 Copyright © 2007 Qumranet, Inc.
    [Show full text]
  • Virtualization in Linux KVM + QEMU
    CS695 Topics in Virtualization and Cloud Computing Virtualization in Linux KVM + QEMU Senthil, Puru, Prateek and Shashank Virtualization in Linux 1 Topics covered • KVM and QEMU Architecture • VTx support • CPU virtualization in KMV • Memory virtualization techniques • shadow page table • EPT/NPT page table • IO virtualization in QEMU • KVM and QEMU usage • Virtual disk creation • Creating virtual machines • Copy-on-write disks Virtualization in Linux 2 KVM + QEMU - Architecture Virtualization in Linux 3 KVM + QEMU – Architecture • Need for hardware support • less privileged rings ( rings > 0) are not sufficient to run guest – sensitive unprivileged instructions • Should go for • Binary instrumentation/ patching • paravirtualization • VTx and AMD-V • 4 different address spaces - host physical, host virtual, guest physical and guest virtual Virtualization in Linux 4 X86 VTx support Guest 3 Guest User Guest 2 Guest 1 Guest 0 Guest Kernel Host 3 QEMU Host 2 Host 1 Host 0 KVM Communication Channels VMCS + vmx KVM /dev/kvm QEMU KVM Guest 0-3 instructions Virtualization in Linux 5 X86 VMX Instructions • Controls transition between VMX root and VMX non- root • VMX root -> VMX non-root - VM Entry • VMX non-root -> VMX root – VM Exit • Example instructions • VMXON – enables VMX Operation • VMXOFF – disable VMX Operation • VMLAUNCH – VM Entry • VMRESUME – VM Entry • VMREAD – read from VMCS • VMWRITE – write to VMCS Virtualization in Linux 6 X86 VMCS Structure • Controls CPU behavior in VTx non root mode • 4KB structure – configured by KVM • Also
    [Show full text]