the turtles project design and implementation of nested
play

The Turtles Project: Design and Implementation of Nested - PowerPoint PPT Presentation

Oct 10, 2023 •281 likes •919 views

The Turtles Project: Design and Implementation of Nested Virtualization Muli Ben-Yehuda Michael D. Day Zvi Dubitzky Michael Factor Nadav HarEl Abel Gordon Anthony Liguori Orit Wasserman Ben-Ami Yassour IBM

  1. The Turtles Project: Design and Implementation of Nested Virtualization Muli Ben-Yehuda † Michael D. Day ‡ Zvi Dubitzky † Michael Factor † Nadav Har’El † Abel Gordon † Anthony Liguori ‡ Orit Wasserman † Ben-Ami Yassour † † IBM Research – Haifa ‡ IBM Linux Technology Center Ben-Yehuda et al. (IBM Research) The Turtles Project: Nested Virtualization OSDI ’10 1 / 22

  2. What is nested x86 virtualization? Running multiple unmodified Guest Guest Guest hypervisors OS OS OS With their associated unmodified VM’s Guest Guest Hypervisor OS Simultaneously On the x86 architecture Which does not support Hypervisor nesting in hardware. . . . . . but does support a single level of virtualization Hardware Ben-Yehuda et al. (IBM Research) The Turtles Project: Nested Virtualization OSDI ’10 2 / 22

  3. Why? Operating systems are already hypervisors (Windows 7 with XP mode, Linux/KVM) To be able to run other hypervisors in clouds Security (e.g., hypervisor-level rootkits) Co-design of x86 hardware and system software Testing, demonstrating, debugging, live migration of hypervisors Ben-Yehuda et al. (IBM Research) The Turtles Project: Nested Virtualization OSDI ’10 3 / 22

  4. Why? Operating systems are already hypervisors (Windows 7 with XP mode, Linux/KVM) To be able to run other hypervisors in clouds Security (e.g., hypervisor-level rootkits) Co-design of x86 hardware and system software Testing, demonstrating, debugging, live migration of hypervisors Ben-Yehuda et al. (IBM Research) The Turtles Project: Nested Virtualization OSDI ’10 3 / 22

  5. Why? Operating systems are already hypervisors (Windows 7 with XP mode, Linux/KVM) To be able to run other hypervisors in clouds Security (e.g., hypervisor-level rootkits) Co-design of x86 hardware and system software Testing, demonstrating, debugging, live migration of hypervisors Ben-Yehuda et al. (IBM Research) The Turtles Project: Nested Virtualization OSDI ’10 3 / 22

  6. Why? Operating systems are already hypervisors (Windows 7 with XP mode, Linux/KVM) To be able to run other hypervisors in clouds Security (e.g., hypervisor-level rootkits) Co-design of x86 hardware and system software Testing, demonstrating, debugging, live migration of hypervisors Ben-Yehuda et al. (IBM Research) The Turtles Project: Nested Virtualization OSDI ’10 3 / 22

  7. Why? Operating systems are already hypervisors (Windows 7 with XP mode, Linux/KVM) To be able to run other hypervisors in clouds Security (e.g., hypervisor-level rootkits) Co-design of x86 hardware and system software Testing, demonstrating, debugging, live migration of hypervisors Ben-Yehuda et al. (IBM Research) The Turtles Project: Nested Virtualization OSDI ’10 3 / 22

  8. Related work First models for nested virtualization [PopekGoldberg74, BelpaireHsu75, LauerWyeth73] First implementation in the IBM z/VM; relies on architectural support for nested virtualization ( sie ) Microkernels meet recursive VMs [FordHibler96]: assumes we can modify software at all levels x86 software based approaches (slow!) [Berghmans10] KVM [KivityKamay07] with AMD SVM [RoedelGraf09] Early Xen prototype [He09] Blue Pill rootkit hiding from other hypervisors [Rutkowska06] Ben-Yehuda et al. (IBM Research) The Turtles Project: Nested Virtualization OSDI ’10 4 / 22

  9. Related work First models for nested virtualization [PopekGoldberg74, BelpaireHsu75, LauerWyeth73] First implementation in the IBM z/VM; relies on architectural support for nested virtualization ( sie ) Microkernels meet recursive VMs [FordHibler96]: assumes we can modify software at all levels x86 software based approaches (slow!) [Berghmans10] KVM [KivityKamay07] with AMD SVM [RoedelGraf09] Early Xen prototype [He09] Blue Pill rootkit hiding from other hypervisors [Rutkowska06] Ben-Yehuda et al. (IBM Research) The Turtles Project: Nested Virtualization OSDI ’10 4 / 22

  10. Related work First models for nested virtualization [PopekGoldberg74, BelpaireHsu75, LauerWyeth73] First implementation in the IBM z/VM; relies on architectural support for nested virtualization ( sie ) Microkernels meet recursive VMs [FordHibler96]: assumes we can modify software at all levels x86 software based approaches (slow!) [Berghmans10] KVM [KivityKamay07] with AMD SVM [RoedelGraf09] Early Xen prototype [He09] Blue Pill rootkit hiding from other hypervisors [Rutkowska06] Ben-Yehuda et al. (IBM Research) The Turtles Project: Nested Virtualization OSDI ’10 4 / 22

  11. Related work First models for nested virtualization [PopekGoldberg74, BelpaireHsu75, LauerWyeth73] First implementation in the IBM z/VM; relies on architectural support for nested virtualization ( sie ) Microkernels meet recursive VMs [FordHibler96]: assumes we can modify software at all levels x86 software based approaches (slow!) [Berghmans10] KVM [KivityKamay07] with AMD SVM [RoedelGraf09] Early Xen prototype [He09] Blue Pill rootkit hiding from other hypervisors [Rutkowska06] Ben-Yehuda et al. (IBM Research) The Turtles Project: Nested Virtualization OSDI ’10 4 / 22

  12. Related work First models for nested virtualization [PopekGoldberg74, BelpaireHsu75, LauerWyeth73] First implementation in the IBM z/VM; relies on architectural support for nested virtualization ( sie ) Microkernels meet recursive VMs [FordHibler96]: assumes we can modify software at all levels x86 software based approaches (slow!) [Berghmans10] KVM [KivityKamay07] with AMD SVM [RoedelGraf09] Early Xen prototype [He09] Blue Pill rootkit hiding from other hypervisors [Rutkowska06] Ben-Yehuda et al. (IBM Research) The Turtles Project: Nested Virtualization OSDI ’10 4 / 22

  13. Related work First models for nested virtualization [PopekGoldberg74, BelpaireHsu75, LauerWyeth73] First implementation in the IBM z/VM; relies on architectural support for nested virtualization ( sie ) Microkernels meet recursive VMs [FordHibler96]: assumes we can modify software at all levels x86 software based approaches (slow!) [Berghmans10] KVM [KivityKamay07] with AMD SVM [RoedelGraf09] Early Xen prototype [He09] Blue Pill rootkit hiding from other hypervisors [Rutkowska06] Ben-Yehuda et al. (IBM Research) The Turtles Project: Nested Virtualization OSDI ’10 4 / 22

  14. Related work First models for nested virtualization [PopekGoldberg74, BelpaireHsu75, LauerWyeth73] First implementation in the IBM z/VM; relies on architectural support for nested virtualization ( sie ) Microkernels meet recursive VMs [FordHibler96]: assumes we can modify software at all levels x86 software based approaches (slow!) [Berghmans10] KVM [KivityKamay07] with AMD SVM [RoedelGraf09] Early Xen prototype [He09] Blue Pill rootkit hiding from other hypervisors [Rutkowska06] Ben-Yehuda et al. (IBM Research) The Turtles Project: Nested Virtualization OSDI ’10 4 / 22

  15. What is the Turtles project? Efficient nested virtualization for Intel x86 based on KVM Multiple guest hypervisors and VMs: VMware, Windows, . . . Code publicly available Ben-Yehuda et al. (IBM Research) The Turtles Project: Nested Virtualization OSDI ’10 5 / 22

  16. What is the Turtles project? (cont’) Nested VMX virtualization for nested CPU virtualization Multi-dimensional paging for nested MMU virtualization Multi-level device assignment for nested I/O virtualization Micro-optimizations to make it go fast (see paper) + + = Ben-Yehuda et al. (IBM Research) The Turtles Project: Nested Virtualization OSDI ’10 6 / 22

  17. What is the Turtles project? (cont’) Nested VMX virtualization for nested CPU virtualization Multi-dimensional paging for nested MMU virtualization Multi-level device assignment for nested I/O virtualization Micro-optimizations to make it go fast (see paper) + + = Ben-Yehuda et al. (IBM Research) The Turtles Project: Nested Virtualization OSDI ’10 6 / 22

  18. What is the Turtles project? (cont’) Nested VMX virtualization for nested CPU virtualization Multi-dimensional paging for nested MMU virtualization Multi-level device assignment for nested I/O virtualization Micro-optimizations to make it go fast (see paper) + + = Ben-Yehuda et al. (IBM Research) The Turtles Project: Nested Virtualization OSDI ’10 6 / 22

  19. What is the Turtles project? (cont’) Nested VMX virtualization for nested CPU virtualization Multi-dimensional paging for nested MMU virtualization Multi-level device assignment for nested I/O virtualization Micro-optimizations to make it go fast (see paper) + + = Ben-Yehuda et al. (IBM Research) The Turtles Project: Nested Virtualization OSDI ’10 6 / 22

  20. Theory of nested CPU virtualization Single-level architectural support (x86) vs. multi-level architectural support (e.g., z/VM) Single level ⇒ one hypervisor, many guests Turtles approach: L 0 multiplexes the hardware between L 1 and L 2 , running both as guests of L 0 —without either being aware of it (Scheme generalized for n levels; Our focus is n=2) Guest Guest L2 L2 L2 Guest Guest Guest Guest Hypervisor Guest Hypervisor Guest L1 L1 L2 L2 L0 Host Hypervisor L0 Host Hypervisor Hardware Hardware Multiple logical levels Multiplexed on a single level Ben-Yehuda et al. (IBM Research) The Turtles Project: Nested Virtualization OSDI ’10 7 / 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ORIGIN OF TURTLES Earliest relative of the current existing sea turtles - Desmatochelys padillai

ORIGIN OF TURTLES Earliest relative of the current existing sea turtles - Desmatochelys padillai

TURTLES FRIENDLY PREHISTORIC CREATURES Georgina Hayes PADI SI #411108 BSc Hons. Zoology ORIGIN OF TURTLES Earliest relative of the current existing sea turtles - Desmatochelys padillai from the early Cetaceous period (fossil aged at 120

228 views • 19 slides
Tree SSA Tree SSA Design and Implementation Design and Implementation Diego Novillo Red Hat

Tree SSA Tree SSA Design and Implementation Design and Implementation Diego Novillo Red Hat

Tree SSA Tree SSA Design and Implementation Design and Implementation Diego Novillo Red Hat Canada dnovillo@redhat.com GCC & GNU Toolchain Developers' Summit June 2004 Ottawa, Canada Project History - 1 Project History - 1 Project

168 views • 16 slides
TOP-DOWN DESIGN (THE BLACKJACK EXAMPLE, PART 1) AND MORE LOOP PATTERNS: NESTED LOOPS AND THE

TOP-DOWN DESIGN (THE BLACKJACK EXAMPLE, PART 1) AND MORE LOOP PATTERNS: NESTED LOOPS AND THE

Checkout todays project from your individual SVN repository: 14-NestedLoops TOP-DOWN DESIGN (THE BLACKJACK EXAMPLE, PART 1) AND MORE LOOP PATTERNS: NESTED LOOPS AND THE WAIT-UNTIL-EVENT LOOP PATTERN CSSE 120 Rose Hulman Institute of

429 views • 13 slides
Nested Word Automata Jens Stimpfle 30.6.2014 Nested Words Nested Words Theoretically and

Nested Word Automata Jens Stimpfle 30.6.2014 Nested Words Nested Words Theoretically and

Nested Word Automata Jens Stimpfle 30.6.2014 Nested Words Nested Words Theoretically and practically pleasant model for the representation of data with both: a linear ordering a hierarchically nested matching Nested Words

796 views • 58 slides
Formal Methods for Critical Systems: A verified implementation of nested procedures Tristan

Formal Methods for Critical Systems: A verified implementation of nested procedures Tristan

Formal Methods for Critical Systems: A verified implementation of nested procedures Tristan Crolard 1 ICAR15 8-9 October 2015 Joint work with: 1 Pierre Courtieu, 1 , 2 Maria-Virginia Aponte, Julia Lawall 3 1. CNAM / Cedric / CPR team 2.

980 views • 71 slides
CPS 108, Fall 1999 Program Design and Implementation Software Design and Implementation

CPS 108, Fall 1999 Program Design and Implementation Software Design and Implementation

CPS 108, Fall 1999 Program Design and Implementation Software Design and Implementation Language independent principles of design and programming Object oriented programming and design design heuristics good design helps do away

295 views • 3 slides
Nested Transactions Nested Transactions Flat transactions The rules for committing of

Nested Transactions Nested Transactions Flat transactions The rules for committing of

Nested Transactions Nested Transactions Flat transactions The rules for committing of nested transactions Nested Transactions A transaction commits or aborts only after its child transactions have completed; Structured in

808 views • 11 slides
Protecting Sea Turtles from Shrimp Trawl Nets Credit: NOAA Whats the Problem? Not

Protecting Sea Turtles from Shrimp Trawl Nets Credit: NOAA Whats the Problem? Not

Protecting Sea Turtles from Shrimp Trawl Nets Credit: NOAA Whats the Problem? Not all shrimp boats are required to use Turtle Excluder Devices (TEDs) * The government estimates that 50,000 sea turtles drown every year in shrimp

363 views • 18 slides
15-112 Fundamentals of Programming Week 2 - Lecture 2: Nested loops + Style + Top-down design

15-112 Fundamentals of Programming Week 2 - Lecture 2: Nested loops + Style + Top-down design

15-112 Fundamentals of Programming Week 2 - Lecture 2: Nested loops + Style + Top-down design May 24, 2016 Nested Loops My first ever program ************ *********** ********** ********* ******** ******* ****** ***** **** *** ** *

871 views • 54 slides
Complete+Cycle+for+Design DESIGN FABRICATE 8model 8synthesize IDEA 8mask+production+++

Complete+Cycle+for+Design DESIGN FABRICATE 8model 8synthesize IDEA 8mask+production+++

Implementation+Technologies We+can+implement a+design+with+many+different+ implementation+technologies+8 different+ implementation+technologies+offer+different+ tradeoffs HDL+Synthesis offers+an+easy+way+to+target+a+model+

395 views • 22 slides
SEMESTER PROJECT Design and implementation of a force/torque sensor for a quadruped robot

SEMESTER PROJECT Design and implementation of a force/torque sensor for a quadruped robot

SEMESTER PROJECT Design and implementation of a force/torque sensor for a quadruped robot Supervisers : Alexander Sprwitz Rico Mckel Prof. : Auke Jan Ijspeert Nicolas Sommer, master MT 20/06/2011 PRESENTATION OUTLINE Introduction

630 views • 15 slides
SEMESTER PROJECT Design and implementation of a force/torque sensor for a quadruped robot

SEMESTER PROJECT Design and implementation of a force/torque sensor for a quadruped robot

SEMESTER PROJECT Design and implementation of a force/torque sensor for a quadruped robot Supervisers : Rico Mckel Alexander Sproewitz Prof. : Auke Jan Ijspeert Nicolas Sommer, master MT 14/04/2011 PRESENTATION OUTLINE Cheetah

342 views • 13 slides
Advanced OpenMP Lecture 6: Nested parallelism Nested parallelism Nested parallelism is

Advanced OpenMP Lecture 6: Nested parallelism Nested parallelism Nested parallelism is

Advanced OpenMP Lecture 6: Nested parallelism Nested parallelism Nested parallelism is supported in OpenMP. If a PARALLEL directive is encountered within another PARALLEL directive, a new team of threads will be created. This is

242 views • 11 slides
Lecture 22 But not sufficient for the real world: At least 2 key missing pieces System

Lecture 22 But not sufficient for the real world: At least 2 key missing pieces System

CSE 331 Context Software Design and Implementation CSE331 is almost over Focus on software design, specification, testing, and implementation Absolutely necessary stuff for any nontrivial project Lecture 22 But not sufficient

351 views • 10 slides
The Design and Implementation of the W arp T ransactional F ilesystem Robert Escriva, Emin Gn

The Design and Implementation of the W arp T ransactional F ilesystem Robert Escriva, Emin Gn

The Design and Implementation of the W arp T ransactional F ilesystem Robert Escriva, Emin Gn Sirer Cornell University Symposium on Networked Systems Design and Implementation March 18, 2016 The Design and Implementation of WTF 1 / 28

443 views • 43 slides
Comparing Nested Models Two models are nested if one model contains all the terms of the other,

Comparing Nested Models Two models are nested if one model contains all the terms of the other,

ST 430/514 Introduction to Regression Analysis/Statistics for Management and the Social Sciences II Comparing Nested Models Two models are nested if one model contains all the terms of the other, and at least one additional term. The larger model

418 views • 20 slides
Virtual Machine Introspection Isolation Interpretation Interposition Isolation

Virtual Machine Introspection Isolation Interpretation Interposition Isolation

Virtual Machine Introspection Isolation Interpretation Interposition Isolation From in-guest kernel/userspace Provided by Xen Buggy emulation blurres the line From trusted computing base (TCB) Possible via Xen

286 views • 26 slides
Explainable AI: Beware of Inmates Running the Asylum Or: How I Learnt to Stop Worrying and Love

Explainable AI: Beware of Inmates Running the Asylum Or: How I Learnt to Stop Worrying and Love

Explainable AI: Beware of Inmates Running the Asylum Or: How I Learnt to Stop Worrying and Love the Social Sciences Tim Miller School of Computing and Information Systems Co-Director, Centre for AI & Digital Ethics The University of

732 views • 44 slides
P-Gemo Gemox and Bey x and Beyond ond Lo Long ngter term outc m outcomt omt of of Newl

P-Gemo Gemox and Bey x and Beyond ond Lo Long ngter term outc m outcomt omt of of Newl

P-Gemo Gemox and Bey x and Beyond ond Lo Long ngter term outc m outcomt omt of of Newl Newly y dia diago gosed sed an and d rela elapo posed sed/r /refr efrator tory y NK NKTCL CL Sun Yat-sen University Cancer Center

719 views • 36 slides
Antiviral activity of fluorinated compounds against DNA- and RNA-containing viruses Krystyna

Antiviral activity of fluorinated compounds against DNA- and RNA-containing viruses Krystyna

Antiviral activity of fluorinated compounds against DNA- and RNA-containing viruses Krystyna Naumenko 1* , Polina Zaremba 1 , Svitlana Zagorodnya 1 , Serhii Siryi 2 , Yaroslav Borodkin 2 , Yurii Shermolovych 2 1 Zabolotny Institute of Microbiology

119 views • 8 slides
VT VT-x Deepayan Bhattacharjee VT-x : Motivation To solve the problem that the x86

VT VT-x Deepayan Bhattacharjee VT-x : Motivation To solve the problem that the x86

MMU virtualization in In Intel VT VT-x Deepayan Bhattacharjee VT-x : Motivation To solve the problem that the x86 instructions architecture cannot be virtualized. Simplify VMM software by closing virtualization holes by design of Ring

507 views • 14 slides
ERIM: S Secure, E , Efficient i in-pr proce cess ss Iso Isola latio tion n with ith

ERIM: S Secure, E , Efficient i in-pr proce cess ss Iso Isola latio tion n with ith

ERIM: S Secure, E , Efficient i in-pr proce cess ss Iso Isola latio tion n with ith Memory y Protectio tion n Keys s Anjo Vahldiek-Oberwagner , Eslam Elnikety, Nuno O. Duarte, Michael Sammler, Peter Druschel, Deepak Garg

714 views • 56 slides
HyperTracing Tracing Through Virtualization Layers Abderrahmane Benbachir Linux Plumbers

HyperTracing Tracing Through Virtualization Layers Abderrahmane Benbachir Linux Plumbers

HyperTracing Tracing Through Virtualization Layers Abderrahmane Benbachir Linux Plumbers Conference, September, 2017 cole Polytechnique de Montral Laboratoire DORSAL What is hypertracing? Hy Hypertra racing cing = Offloading traces from

450 views • 8 slides
Dune: Safe User-level Access to Privileged CPU Features

Dune: Safe User-level Access to Privileged CPU Features

Dune: Safe User-level Access to Privileged CPU Features Adam Belay, Andrea Bi>au, Ali MashAzadeh, David Terei, David Mazires, and Christos Kozyrakis

387 views • 38 slides

More recommend