OS Virtualization Based on Tanenbaum 8.3 Outline • Background • What is Virtualization? • Why would we want it? • Why is it hard? • How do we do it? • Choices 2 MicroKernel What is Virtualization? • OS virtualization – Create a platform that emulates a hardware platform and allow multiple instances of an OS to use that platform, as though they have full and exclusive access to the underlying hardware 4 What is Virtualization? Applications Applications Applications Applications OS 1 OS 2 OS 3 OS 4 Virtualization Platform Hardware 5 Virtualization – Why? • Server Consolidation – Often many servers support 1 major application – Strong isolation between VMs – Virtualization saves on hardware & energy • Disaster Recovery • High Availability • Testing and Deployment 6 Virtualization – Why? • Desktop Consolidation – Support for legacy applications – Software Development – Training 7 The Problem • OS uses kernel mode / user mode to protect the OS. – System calls (privileged instructions) generate a trap (software interrupt) that forces a switch to kernel mode – These calls trigger sensitive instructions (I/O, MMU control, etc.) that must only be executed by the kernel 8 The Problem • If our VM now runs in user space, we cannot run sensitive instructions in it, since those must trap to kernel space. • Solved in 2005 with new CPUs – Intel Core 2 – VT (Virtualization Technology) – AMD Pacific – SVM (Secure Virtual Machine) – Provides new instructions that allow VM to capture traps 9 Implementation • Type 1 Hypervisor • Type 2 Hypervisor • Paravirtualization 10 Type 1 Hypervisor • Runs on “bare metal” • Virtual machines run in user mode – VM runs the guest OS (which thinks it is running in kernel mode) – Virtual kernel Mode – If guest OS calls sensitive instructions, hypervisor will trap and execute the instructions. – If application on guest OS calls sensitive instructions (system calls), hypervisor traps to guest OS. 11 Type 1 Hypervisors Figure 8-26. When the operating system in a virtual machine executes a kernel-only instruction, it traps to the hypervisor if virtualization technology is present. cs431-cotter 12 Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639 Type 2 Hypervisor • Runs from within a OS. • Supports guest OSs above it. – Boot from CD to load new OS – Read in code, looking for basic blocks – Then inspect basic block to find sensitive instructions. If found, replace with VM call (process called binary translation) – Then, cache block and execute. – Eventually all basic blocks will be modified and cached, and will run at near native speed. 13 Type 2 Hypervisor Applications Applications Applications OS 1 OS 2 OS 3 Virtualization Platform Applications Base Operating System Hardware 14 Paravirtualization • Modify Guest OS so that all calls to sensitive instructions are changed to hypervisor calls. • Much easier (and more efficient) to modify source code than to emulate hardware instructions (as in binary translation). • In effect, turns the hypervisor into a microkernel. 15 Paravirtualization (1) Figure 8-27. A hypervisor supporting both true virtualization and paravirtualization. 16 Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639 Problems with Paravirtualization • Paravirtualized systems won’t run on native hardware • There are many different paravirtualization systems that use different commands, etc. – VMware, Xen, etc. • Proposed solution: – Modify the OS kernel so that it calls a special set of procedures to execute sensitive instructions (Virtual Machine Interface ) • Bare metal – link to library that implement code • On VM – link to VM specific library 17 Paravirtualization (2) Figure 8-28. VMI Linux running on (a) the bare hardware (b) VMware (c) Xen. 18 Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639 Products (partial List) • Microsoft – Virtual PC, Hyper-V • QEMU – Processor Emulation & VM • Sun Microsystems – xVM, VirtualBox • VMware – ESX Server, Workstation, Fusion, Player, Server • Xen – Xen • VirtualIron 19 Memory Virtualization • OS tracks mapping of virtual memory pages to physical memory pages. • Builds page tables, then update paging register (trap). • Allow hypervisor to manage page mapping, and use shadow page tables for the VMs 20 Shadow Page Table Memory Virtualization • Changes to page tables do NOT trap! – One solution: Mark shadow page tables as read only. Then when VM tries to write to table, page fault traps to hypervisor. – Paravirtualized OS: Since OS has been modified to account for hypervisor, page table updates can be followed by call to hypervisor about changes. 22 Memory Virtualization • VMM creates and manages page tables that map virtual pages directly to machine pages – These tables are loaded into the MMU on a context switch – VMM page tables are the shadow page tables • VMM needs to keep its Virtual-Map tables consistent with changes made by OS to its Virtual-Physical tables – VMM maps OS page tables as read only – When OS writes to page tables, trap to VMM – VMM applies write to shadow table and OS table, 23 I/O Virtualization • Each guest OS holds its own “partition”. – Typically implemented as a file or region on disk – Hypervisor must convert guest OS address (block #) into physical address in region – May convert between storage types. – Must deal with DMA requests 24 VM on Multi-core CPUs • Each core can be configured for multiple virtual machines. – A Quad-core CPU could be configured as a 32 node multi-computer – Limiting factor is often memory. Each guest OS has its own requirements (512 MB?) 25 Summary • Virtualization provides a way to consolidate OS installations onto fewer hardware platforms • 3 basic approaches – type 1 hypervisor – type 2 hypervisor – Paravirtualization • Must also account for virtual access to shared resources (memory, I/O) cs431-cotter 26 References • Virtual Machine Interface – http://vmi.ncsa.uiuc.edu/ • VirtualBox – https://www.virtualbox.org • Xen Hypervisor (Red Hat Linux) – http://www.xen.org/ • Virtual PC 2007 – http://www.microsoft.com cs431-cotter 27.