Virtual Machines Philipp Koehn 30 April 2018 Philipp Koehn - - PowerPoint PPT Presentation

virtual machines
SMART_READER_LITE
LIVE PREVIEW

Virtual Machines Philipp Koehn 30 April 2018 Philipp Koehn - - PowerPoint PPT Presentation

Feb 20, 2023 238 likes •578 views

Virtual Machines Philipp Koehn 30 April 2018 Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018 Basic Idea 1 Run multiple instances of full operating systems on a machine Example: run Windows and Linux on a

slide-1
SLIDE 1

Virtual Machines

Philipp Koehn 30 April 2018

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-2
SLIDE 2

1

Basic Idea

  • Run multiple instances of full operating systems on a machine
  • Example:

run Windows and Linux on a Mac

  • Not to be confused with Java Virtual Machines

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-3
SLIDE 3

2 Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-4
SLIDE 4

3

Snapshots

  • Freeze copy of a virtual machine
  • Copy of file system and memory

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-5
SLIDE 5

4

Migration

  • Migration:

move a VM to another host (maybe because of spike of VM usage overloads current machine)

  • Steps

– take snapshot (fast) – copy all pages of snapshot (not so fast) – copy modified pages (fast) – freeze virtual machine and copy VM memory

  • Very fast, fractions of a second

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-6
SLIDE 6

5

Why?

  • Better resource utilization:

sharing of a single computer among several users

  • Isolation and security in clouds
  • Security limitations of standard operating systems
  • Faster processors make overhead acceptable

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-7
SLIDE 7

6

History

  • Virtual machines popular in mainframes in 1970s
  • Not on "personal computer" Intel x86 for a long time
  • First x86 virtualization:

VMWare 1999

  • Intel and AMD added hardware support 2005/2006
  • Used in cloud computing (e.g., Amazon web services)

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-8
SLIDE 8

7

basics

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-9
SLIDE 9

8

Virtual Machine Monitor

  • Host machine runs a regular operating system
  • Virtual machine monitor (VMM)

– runs as a process of the operating system – has privileged access to CPU

  • VMM runs other operating systems (guest machine)

– manages their access to hardware – intercepts exceptions and interrupts

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-10
SLIDE 10

9

Virtual Machine Monitor

Normal OS

Kernel Process

exec syscall

Process Process Process

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-11
SLIDE 11

10

Virtual Machine Monitor

Virtual Machine

Kernel Process

exec syscall

Process Process Process VMM

exec

Kernel

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-12
SLIDE 12

11

Basic Functions of Operating System

  • User mode

– process runs in own virtual memory – makes systems calls to kernel

  • Kernel mode

– manages processes – handles interrupts and exceptions e.g., page faults

  • Hardware supports this with "privileged" mode for instructions

e.g., allow access to physical memory

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-13
SLIDE 13

12

User Processes

  • Run already in "virtual mode"
  • Memory access is channeled through virtual memory
  • Device interactions are handled by kernel via system calls

⇒ Very little overhead when running inside virtual machine (unless very I/O intensive)

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-14
SLIDE 14

13

Interrupt Handling

  • VMM controls access to

– privileged CPU state – input/output devices – exceptions – interrupts

  • "Trap and emulate"

VMM catches exceptions and directs them to the right guest

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-15
SLIDE 15

14

Traps

Normal OS

Kernel Process

exec

Process Process Process

exception interrupt syscall

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-16
SLIDE 16

15

Virtual Machine Monitor Catches Traps

Virtual Machine

Kernel Process

exec

Process Process Process VMM

exec

Kernel

exception interrupt syscall

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-17
SLIDE 17

16

emulation

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-18
SLIDE 18

17

Emulation

  • Binary translation
  • Shaddowing
  • Device emulation

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-19
SLIDE 19

18

Binary Translation

  • Some instructions require supervisor mode

– access to physical memory – handling interrupt flags

  • Raw kernel code instructions need to be translated

i.e., rewritten into user mode instructions

  • This is tricky...

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-20
SLIDE 20

19

Shadowing

  • Guest kernel data structures need to be duplicated by VMM
  • Example:

page tables of virtual memory – VMM maintains copy of page tables – traps access attenpts – emulating them instead in software

  • VMM tracks changes by guest kernel

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-21
SLIDE 21

20

Device Emulation

  • Kernel accesses devices directly, e.g.,

– network adapter – disk – keyboard – video/audio i/o

  • VMM talks directly to these
  • Guest OS interactions with hardware have to go through VMM
  • Guest OS has access only to generic devices

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-22
SLIDE 22

21

Hardware Support

  • Intel and AMD implement virtualization support for x86
  • Direct execution model

– new execution mode: guest mode → direct execution of guest OS code incl. privileged instructions – virtual machine control block (VMCB) → controls what operations trap records info to handle traps in VMM

  • Steps

– new instruction "vmrun" enters guest mode, runs VM code – when VM traps, CPU executes new "exit" instruction – enters VMM, which emulates operation

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-23
SLIDE 23

22

shadow page tables

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-24
SLIDE 24

23

Virtualizing Memory

  • OS assumes it has full control over memory

– managing it: OS assumes it owns it all – mapping it: OS assumes it can map to any physical page

  • VMM partitions memory among VMs

– VMM needs to assign hardware pages to VMs – VMM needs to control mappings for isolation → OS can only map to a hardware page given to it by the VMM

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-25
SLIDE 25

24

Additional Abstraction

  • Three abstractions of memory

machine: actual hardware memory, e.g., 16 GB of DRAM physical: abstraction of hardware memory managed by OS

  • VMM allocates 2 GB to a VM

→ OS thinks the computer has 2 GB of contiguous physical memory

  • note:

underlying machine memory may be discontiguous virtual: virtual address spaces of process (48 bit → 256TB)

  • Guest OS creates and manages page tables

but: these page tables are not used by the MMU hardware

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-26
SLIDE 26

25

Address Translation

Guest A Guest B

Guest Virtual Guest Physical Machine Memory Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-27
SLIDE 27

26

Shadow Page Tables

  • VMM manages page tables that map virtual pages to machine pages

("shadow page tables")

  • These tables are loaded into the MMU on a context switch
  • VMM needs to keep its V→M tables consistent with changes made by OS

to its V→P tables – VMM maps OS page tables as read only – when OS writes to page tables, trap to VMM – VMM applies write to shadow table and OS table, returns

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-28
SLIDE 28

27

Hardware Support

  • Intel extended page tables (EPT), AMD nested page tables (NPT)
  • Original page tables map virtual to (guest) physical pages

– Managed by OS in VM, backwards-compatible – No need to trap to VMM when OS updates its page tables

  • New tables map physical to machine pages:

Managed by VMM

  • Translation lookup buffer (TLB)

– tagged TLB w/ virtual process identifiers (VPIDs) – tag VMs with VPID, no need to flush TLB on VM/VMM switch

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-29
SLIDE 29

28

containers

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-30
SLIDE 30

29

Deploying Services

  • Often the goal is to deploy complex software applications
  • Many dependencies:

specific versions of libraries

  • Example:

"web service" answers HTTP request to fulfill complex tasks

  • One solution:

virtual machine – package all the software into a virtual machine – deployment: run virtual machine – but: relatively large overhead (runs entire operating system)

  • Light-weight solution:

containers

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-31
SLIDE 31

30

Docker Containers

  • One (host) operating system
  • Containers include application and all dependencies
  • But share the kernel with other containers
  • Each containers runs as isolated process in user space
  • Initial release of open source software in 2013

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018

slide-32
SLIDE 32

31

Containers vs. Virtual Machine

Philipp Koehn Computer Systems Fundamentals: Virtual Machines 30 April 2018