System Virtualization 1System Virtualization 1

Learning Objective:

– To understand the implementation choices and details of System Virtualization

COMP25212 1

Aims and DefinitionsAims and Definitions

COMP25212 2

ApplicationApplication

Operating SystemOperating System

HardwareHardware

ApplicationsApplications

Guest AOperating System

Guest AOperating System

Virtual Machine Monitor/HypervisorVirtual Machine Monitor/Hypervisor

ApplicationsApplications

Host HardwareHost Hardware

Guest BOperating System

Guest BOperating System

Unvirtualized Virtualized

Host:Guest:

Hosted VirtualizationHosted Virtualization

COMP25212 3

ApplicationsApplications

Guest AOperating System

Guest AOperating System

ApplicationsApplications

Host HardwareHost Hardware

Guest BOperating System

Guest BOperating System

ApplicationApplication

Host Operating SystemHost Operating System

Virtual Machine Monitor/HypervisorVirtual Machine Monitor/Hypervisor

Advantages?Disadvantages?

Xen Guest 0 Xen Guest 0 VirtualizationVirtualization

COMP25212 4

ApplicationsApplications

Guest 0Operating System

Guest 0Operating System

ApplicationsApplications

Host HardwareHost Hardware

Guest BOperating System

Guest BOperating System

ApplicationApplication

Virtual Machine Monitor/HypervisorVirtual Machine Monitor/Hypervisor

Advantages?Disadvantages?

Guest AOperating System

Guest AOperating System

RevisionRevision: OS : OS Protection/PrivilegeProtection/Privilege

OS handles physical resources:– Privileged

• Application isolated from resources:– Non-privileged

COMP25212 5

ApplicationApplication

Operating SystemOperating System

HardwareHardware

Unvirtualized

Virtualization: Virtualization: Protection/PrivilegeProtection/Privilege

• VMM handles physical resources:– Privileged

• Guest OS isolated from resources– non-

(less-)privileged

COMP25212 6

ApplicationsApplications

Guest AOperating System

Guest AOperating System

Virtual Machine Monitor/HypervisorVirtual Machine Monitor/Hypervisor

ApplicationsApplications

Host HardwareHost Hardware

Guest BOperating System

Guest BOperating System

Virtualized

VMM gets control on every guest OS access to physical resource

What Physical Resources What Physical Resources are Guarded?are Guarded?

• Timers• CPU registers:

– Interrupt Enable– Page Table Base

• Device Control Registers– Programmed I/O?– Interrupt I/O?– DMA I/O?

• Interrupts (may be for different Guest?)• Memory Mapping (page tables)

COMP25212 7

How does Guest Cause How does Guest Cause VMM Entry?VMM Entry?

• VMM designers are (a bit) lucky:– Many Guest accesses to physical resources

cause trap in non-privileged mode– So, running the OS in non-privileged mode

suffices

• BUT some instructions behave differently (without trapping) in privileged and non-priv mode

• e.g. Intel “Store into Flags”

COMP25212 8

Memory Accessing in Memory Accessing in VirtualizationVirtualization

COMP25212 9

Virtual AddressVirtual

Address

VMMPage Tables

VMMPage Tables

Physical AddressPhysical Address

Virtualized

Virtual AddressVirtual Address

OS Page Tables(+ TLBs for efficiency)

OS Page Tables(+ TLBs for efficiency) Physical AddressPhysical Address

UnvirtualizedUnvirtualized

OS Page Tables

OS Page Tables

TLBs ??TLBs ??

Interfacing Guest OS Interfacing Guest OS and VMMand VMM

• Three solutions today:

a) Software (static)

b) Software (dynamic)

c) Hardware (dynamic)

COMP25212 10

ParaVirtualizationParaVirtualization

Modify Guest OS to be Virtualization-aware:

a)call VMM for all privileged operations

b)cooperate with VMM over shared page tables

c)call VMM for input-output

Advantages? Disadvantages?

COMP25212 11

Detect and Fix Detect and Fix Interfaces in VMMInterfaces in VMM

• Detection:– Write-protect Guest OS page tables– Code-scan (Dynamic Binary Translation?)

Guest OS for unsafe instructions – plant traps

• Fixing:– Use write-error trap to detect guest page-table

writes– Provide “shadow page tables” for hardware

TLBs– Use “illegal instruction” and “trap” traps

COMP25212 12

Detect and Fix Interfaces Detect and Fix Interfaces in Hardware in Hardware

• Requirement:– VMM runs more-privileged than Guest OS

• Hardware provides Application/OS and VMM modes

• When Virtualization is active, all OS accesses to physical resources trap to VMM

Advantages? Disadvantages?

COMP25212 13

The Manchester The Manchester SolutionSolution

• … watch this space

• … or help make it happen!

COMP25212 14