Virtualization Technology

Февраль 24, 2021

Главная
Разное
Virtualization Technology

Содержание

2. Virtualization: rejuvenation 1960’s: first track of virtualization Time and resource sharing on expensive mainframes IBM VM/370
3. IBM VM/370 Robert Jay Creasy (1939-2005) Project leader of the first full virtualization hypervisor: IBM CP-40,
4. IBM VM/370 System/370 Control Program (CP) Conversational Monitor System (CMS) Mainstream OS (MVS, DOS/VSE etc.) Specialized
5. IBM VM/370 Technology: trap-and-emulate Kernel Application CP
6. Virtualization on x86 architecture Challenges Correctness: not all privileged instructions produce traps! Example: popf Performance: System
7. Virtualization on x86 architecture Solutions: Dynamic binary translation & shadow page table Hardware extension Para-virtualization (Xen)
8. Dynamic binary translation Idea: intercept privileged instructions by changing the binary Cannot patch the guest kernel
9. Dynamic binary translation Pros: Make x86 virtualizable Can reduce traps Cons: Overhead Hard to improve system
10. Shadow page table
11. Shadow page table Guest page table Shadow page table
12. Shadow page table Pros: Transparent to guest VMs Good performance when working set fit into shadow
13. Hardware support First generation - processor Second generation - memory Third generation – I/O device
14. First generation: Intel VT-x & AMD SVM Eliminating the need of binary translation Host mode Guest
15. Second generation: Intel EPT & AMD NPT Eliminating the need to shadow page table
16. Third generation: Intel VT-d & AMD IOMMU I/O device assignment VM owns real device DMA remapping
17. Para-virtualization Full vs. para virtualization
18. Xen and the art of virtualization SOSP’03 Very high impact
19. Overview of the Xen approach Support for unmodified application binaries (but not OS) Keep Application Binary
20. Xen architecture
21. Virtualization on x86 architecture Challenges Correctness: not all privileged instructions produce traps! Example: popf Performance: System
22. CPU virtualization Protection Xen in ring0, guest kernel in ring1 Privileged instructions are replaced with hypercalls
23. CPU virtualization (cont.) Interrupts: Lighweight event system Time: Interfaces for both real and virtual time
24. Memory virtualization Xen exists in a 64MB section at the top of every address space Guest
25. I/O virtualization Shared-memory, asynchronous buffer descriptor rings
26. Porting effort
27. Evaluation
28. Evaluation
29. Evaluation
31. Скачать презентацию

Слайд 2

Virtualization: rejuvenation
1960’s: first track of virtualization
Time and resource sharing on expensive mainframes
IBM

VM/370
Late 1970’s and early 1980’s: became unpopular
Cheap hardware and multiprocessing OS
Late 1990’s: became popular again
Wide variety of OS and hardware configurations
VMWare
Since 2000: hot and important
Cloud computing

Слайд 3

IBM VM/370
Robert Jay Creasy (1939-2005)
Project leader of the first full virtualization hypervisor:

IBM CP-40, a core component in the VM system
The first VM system: VM/370

Слайд 4

IBM VM/370
System/370
Control Program (CP)
Conversational Monitor System (CMS)
Mainstream OS (MVS, DOS/VSE etc.)
Specialized VM

subsystem (RSCS, RACF, GCS)

Another copy of VM

Hardware

Hypervisor

Virtual machines

Слайд 5

IBM VM/370
Technology: trap-and-emulate
Kernel
Application
CP

Слайд 6

Virtualization on x86 architecture
Challenges
Correctness: not all privileged instructions produce traps!
Example: popf
Performance:
System calls:

traps in both enter and exit (10X)
I/O performance: high CPU overhead
Virtual memory: no software-controlled TLB

Слайд 7

Virtualization on x86 architecture
Solutions:
Dynamic binary translation & shadow page table
Hardware extension
Para-virtualization (Xen)

Слайд 8

Dynamic binary translation
Idea: intercept privileged instructions by changing the binary
Cannot patch the

guest kernel directly (would be visible to guests)
Solution: make a copy, change it, and execute it from there
Use a cache to improve the performance

Слайд 9

Dynamic binary translation
Pros:
Make x86 virtualizable
Can reduce traps
Cons:
Overhead
Hard to improve system calls, I/O

operations
Hard to handle complex code

Слайд 10

Shadow page table

Слайд 11

Shadow page table
Guest page table
Shadow page table

Слайд 12

Shadow page table
Pros:
Transparent to guest VMs
Good performance when working set fit into

shadow page table
Cons:
Big overhead of keeping two page tables consistent
Introducing more issues: hidden fault, double paging …

Слайд 13

Hardware support
First generation - processor
Second generation - memory
Third generation – I/O device

Слайд 14

First generation: Intel VT-x & AMD SVM
Eliminating the need of binary translation
Host

mode

Guest mode

VMRUN

VMEXIT

Слайд 15

Second generation: Intel EPT & AMD NPT
Eliminating the need to shadow

page table

Слайд 16

Third generation: Intel VT-d & AMD IOMMU
I/O device assignment
VM owns real device
DMA

remapping
Support address translation for DMA
Interrupt remapping
Routing device interrupt

Слайд 17

Para-virtualization
Full vs. para virtualization

Слайд 18

Xen and the art of virtualization
SOSP’03
Very high impact

Слайд 19

Overview of the Xen approach
Support for unmodified application binaries (but not OS)
Keep

Application Binary Interface (ABI)
Modify guest OS to be aware of virtualization
Get around issues of x86 architecture
Better performance
Keep hypervisor as small as possible
Device driver is in Dom0

Слайд 20

Xen architecture

Слайд 21

Virtualization on x86 architecture
Challenges
Correctness: not all privileged instructions produce traps!
Example: popf
Performance:
System calls:

traps in both enter and exit (10X)
I/O performance: high CPU overhead
Virtual memory: no software-controlled TLB

Слайд 22

CPU virtualization
Protection
Xen in ring0, guest kernel in ring1
Privileged instructions are replaced with

hypercalls
Exception and system calls
Guest OS registers handles validated by Xen
Allowing direct system call from app into guest OS
Page fault: redirected by Xen

Слайд 23

CPU virtualization (cont.)
Interrupts:
Lighweight event system
Time:
Interfaces for both real and virtual time

Слайд 24

Memory virtualization
Xen exists in a 64MB section at the top of every

address space
Guest sees real physical address
Guest kernels are responsible for allocating and managing the hardware page tables.
After registering the page table to Xen, all subsequent updates must be validated.

Virtualization Technology

Содержание

Virtualization: rejuvenation1960’s: first track of virtualizationTime and resource sharing on expensive mainframesIBM

IBM VM/370Robert Jay Creasy (1939-2005)Project leader of the first full virtualization hypervisor:

IBM VM/370System/370Control Program (CP)Conversational Monitor System (CMS)Mainstream OS (MVS, DOS/VSE etc.)Specialized VM

IBM VM/370Technology: trap-and-emulateKernelApplicationCP

Virtualization on x86 architectureChallengesCorrectness: not all privileged instructions produce traps!Example: popfPerformance:System calls:

Virtualization on x86 architectureSolutions:Dynamic binary translation & shadow page tableHardware extensionPara-virtualization (Xen)

Dynamic binary translationIdea: intercept privileged instructions by changing the binaryCannot patch the

Dynamic binary translationPros:Make x86 virtualizableCan reduce trapsCons:OverheadHard to improve system calls, I/O

Shadow page table

Shadow page tableGuest page tableShadow page table

Shadow page tablePros:Transparent to guest VMsGood performance when working set fit into

Hardware supportFirst generation - processorSecond generation - memoryThird generation – I/O device

First generation: Intel VT-x & AMD SVMEliminating the need of binary translationHost

Second generation: Intel EPT & AMD NPT Eliminating the need to shadow

Third generation: Intel VT-d & AMD IOMMUI/O device assignmentVM owns real deviceDMA

Para-virtualizationFull vs. para virtualization

Xen and the art of virtualizationSOSP’03Very high impact

Overview of the Xen approachSupport for unmodified application binaries (but not OS)Keep

Xen architecture

Virtualization on x86 architectureChallengesCorrectness: not all privileged instructions produce traps!Example: popfPerformance:System calls:

CPU virtualizationProtectionXen in ring0, guest kernel in ring1Privileged instructions are replaced with

CPU virtualization (cont.)Interrupts:Lighweight event systemTime:Interfaces for both real and virtual time

Memory virtualizationXen exists in a 64MB section at the top of every

I/O virtualizationShared-memory, asynchronous buffer descriptor rings

Porting effort

Evaluation

Evaluation

Evaluation

Похожие презентации

Virtualization: rejuvenation
1960’s: first track of virtualization
Time and resource sharing on expensive mainframes
IBM

IBM VM/370
Robert Jay Creasy (1939-2005)
Project leader of the first full virtualization hypervisor:

IBM VM/370
System/370
Control Program (CP)
Conversational Monitor System (CMS)
Mainstream OS (MVS, DOS/VSE etc.)
Specialized VM

IBM VM/370
Technology: trap-and-emulate
Kernel
Application
CP

Virtualization on x86 architecture
Challenges
Correctness: not all privileged instructions produce traps!
Example: popf
Performance:
System calls:

Virtualization on x86 architecture
Solutions:
Dynamic binary translation & shadow page table
Hardware extension
Para-virtualization (Xen)

Dynamic binary translation
Idea: intercept privileged instructions by changing the binary
Cannot patch the

Dynamic binary translation
Pros:
Make x86 virtualizable
Can reduce traps
Cons:
Overhead
Hard to improve system calls, I/O

Shadow page table
Guest page table
Shadow page table

Shadow page table
Pros:
Transparent to guest VMs
Good performance when working set fit into

Hardware support
First generation - processor
Second generation - memory
Third generation – I/O device

First generation: Intel VT-x & AMD SVM
Eliminating the need of binary translation
Host

Second generation: Intel EPT & AMD NPT
Eliminating the need to shadow

Third generation: Intel VT-d & AMD IOMMU
I/O device assignment
VM owns real device
DMA

Para-virtualization
Full vs. para virtualization

Xen and the art of virtualization
SOSP’03
Very high impact

Overview of the Xen approach
Support for unmodified application binaries (but not OS)
Keep

Virtualization on x86 architecture
Challenges
Correctness: not all privileged instructions produce traps!
Example: popf
Performance:
System calls:

CPU virtualization
Protection
Xen in ring0, guest kernel in ring1
Privileged instructions are replaced with

CPU virtualization (cont.)
Interrupts:
Lighweight event system
Time:
Interfaces for both real and virtual time

Memory virtualization
Xen exists in a 64MB section at the top of every

I/O virtualization
Shared-memory, asynchronous buffer descriptor rings