cse 153 design of operating systems winter 2015 lecture 15: virtual machine monitors

CSE 153CSE 153Design of Operating SystemsDesign of Operating Systems

Winter 2015Winter 2015

Lecture 15: Virtual Machine MonitorsLecture 15: Virtual Machine Monitors

OS AbstractionsOS Abstractions

2

Operating System

Hardware

Applications

CPU Disk RAM

Process File system Virtual memory

CSE 153 – Lecture 16 – Virtual Machine Monitors

NetworkI/O Devices

Virtual Machine MonitorVirtual Machine Monitor

3

Operating System

Hardware

Applications

CPU Disk RAM

Process File system Virtual memory


NetworkI/O Devices

Virtual Machine Monitor

What is a VMM?What is a VMM? We have seen that an OS already virtualizes

Syscalls, processes, virtual memory, file system, etc. Applications program to this interface OS offers illusion that each process is running in isolation

A VMM virtualizes an entire physical machine Interface supported is the hardware VMM offers illusion that OS has full control over the hardware VMM “applications” (OSes) run in virtual machines

Implications of booting an OS in a virtual machine Run multiple instances of an OS on same physical machine Run different OSes simultaneously on the same machine

» Linux on Windows, Windows on Mac, etc.

5CSE 153 – Lecture 16 – Virtual Machine Monitors

Why do such a crazy thing? Why do such a crazy thing? Resource utilization

Machines today are powerful, want to multiplex their hardware» e.g., Cloud service can divvy up a physical machine to customers

Can migrate VMs from one machine to another without shutdown Software use and development

Can run multiple OSes simultaneously» No need to dual boot

Can do system (e.g., OS) development at user-level Many other cool applications

Debugging, emulation, security, speculation, fault tolerance… Common theme is manipulating applications/services at

the granularity of a machine Specific version of OS, libraries, applications, etc., as package



Example of Cool VMM TricksExample of Cool VMM Tricks Time dilation

VMM can control the rate of timer interrupts to OS Can change how OS interprets passage of time If VMM slows timer by 10x, then other hardware (CPU, disk,

network) appears 10x faster to OS and applications» OS reads 100 MB of data from network in 1 second, but thinks only

0.1 second has elapsed, giving illusion of 1 GBps of bandwidth Can experiment with apps, protocols, and systems on future

hardware» But, applications run 10x slower

7


VMM RequirementsVMM Requirements Fidelity

OSes and applications work the same without modification» (although we may modify the OS a bit)

Isolation VMM protects resources and VMs from each other

Performance VMM is another layer of software…and therefore overhead

» As with OS, want to minimize this overhead VMware:

» CPU-intensive apps: 2-10% overhead

» I/O-intensive apps: 25-60% overhead

8

VMwareVMware VMware workstation uses hosted model

VMM runs unprivileged, installed on base OS Relies upon base OS for device functionality

VMware ESX server uses hypervisor model VMM runs directly on hardware

VMware uses software virtualization Dynamic binary rewriting translates code executed in VM

» Rewrite privileged instructions with emulation code (may trap) CPU only executes translated code Think JIT compilation for JVM, but

» full binary x86 IR code safe subset of x86 Incurs overhead, but can be well-tuned (small % hit)


Vmware Hypervisor ModelVmware Hypervisor Model

12

Operating System

Hardware

Applications


Virtual Machine Monitor

Hardware

VMware Hosted ArchitectureVMware Hosted Architecture


XenXen Early versions use “paravirtualization”

Fancy word for “we have to modify & recompile the OS” Since you’re modifying the OS, make life easy for yourself Create a VMM interface to minimize porting and overhead

Xen hypervisor (VMM) implements interface VMM runs at privilege, VMs (domains) run unprivileged Trusted OS (Linux) runs in own domain (Domain0)

» Use Domain0 to manage system, operate devices, etc.

Most recent version of Xen does not require OS mods Because of Intel/AMD hardware support

Commercialized via XenSource, but also open source


Xen ArchitectureXen Architecture


What needs to be virtualized?What needs to be virtualized? Exactly what you would expect

CPU Events Memory I/O devices

Isn’t this just duplicating OS functionality in a VMM? Yes and no Approaches will be similar to what we do with OSes

» Simpler in functionality, though (VMM much smaller than OS) But implements a different abstraction

» Hardware interface vs. OS interface


Virtualizing Privileged InstsVirtualizing Privileged Insts OSes can no longer successfully execute privileged

instructions Virtual memory registers, interrupts, I/O, halt, etc.

For those instructions that cause an exception Trap to VMM, take care of business, return to OS in VM

For those that do not… Xen: modify OS to hypervisor call into VMM VMware: rewrite OS instructions to emulate or call into VMM


Virtualizing MemoryVirtualizing Memory OSes assume they have full control over memory

Managing it: OS assumes it owns it all Mapping it: OS assumes it can map any virtual page to any

physical page But VMM partitions memory among VMs

VMM needs to assign hardware pages to VMs VMM needs to control mappings for isolation

» Cannot allow an OS to map a virtual page to any hardware page

» OS can only map to a hardware page given to it by the VMM

Hardware-managed TLBs make this difficult When the TLB misses, the hardware automatically walks the

page tables in memory As a result, VMM needs to control access by OS to page tables


Shadow Page TablesShadow Page Tables Three abstractions of memory

Machine: actual hardware memory» 2 GB of DRAM

Physical: abstraction of hardware memory managed by OS» If a VMM allocates 512 MB to a VM, the OS thinks the computer

has 512 MB of contiguous physical memory

» (Underlying machine memory may be discontiguous) Virtual: virtual address space per process

» Standard 232 address space

In each VM, OS creates and manages page tables for its virtual address spaces without modification

But these page tables are not used by the MMU hardware


Shadow Page TablesShadow Page Tables


SmartphonesSmartphones

CSE 153 – Lecture 16 – Virtual Machine Monitors 31

==

……in 2014in 2014


Data from McAfee

MALWARE

Android has become a hot target of malware authors

It is not a problem of the platform itself


http://theunderstatement.com/

AndroidAndroid


Dalvik VMDalvik VM Dalvik is a Java Virtual Machine

Designed to run with limited system resources

Android applications are written in Java

Every application runs in its own JVM


DEX FileDEX File

Java class files are converted into “.dex” files that Dalvik executes

Java byte-code is converted into Dalvik byte-code during this process


Process managementProcess management What’s the difference between mobile app cycle and

desktop app cycle? One app has focus from the user at a time

Two key principles Android usually does not delete an app’s state even if you

close it Android kills apps when the memory usage goes too high, but

it saves app state for quick restart later on


Application Life cycleApplication Life cycle

StarStarttStarStartt

RunRunRunRun

PausPauseePausPausee

EndEndEndEnd

Be killed tofree-up memoryStay in memory

Stay in memory

Stay in memory

Stay in memory

Close the app

Re-open the app

Open the app


ExampleExample

System

HomeHomeHomeHomeHome

At the “Home” screen


ExampleExample

System

Home

Mail

HomeHomeHomeHome

ListListListList

Start the “Mail” app and read the list


ExampleExample

System

Home

Mail

HomeHomeHomeHome

ListListListList MessagMessageeMessagMessagee

Click on one of the message and see its content


ExampleExample

System

Home

Mail

HomeHomeHomeHome

ListListListList MessagMessageeMessagMessagee

Browser BrowseBrowse

rrBrowseBrowserr

Click a link in the message


ExampleExample

System



rrBrowseBrowserr

Now we have enough space to start the “Map” app

March 4, 2014 52CSE 153 – Lecture 16 – Virtual Machine Monitors

ExampleExample

System



rrBrowseBrowserr

MapMapMapMapMap

Start the “Map” app


ExampleExample

System



rrBrowseBrowserr

Map

Go back to the browser


ExampleExample

System


Browser

MailListListListList MessagMessag

eeMessagMessagee

“Mail” app is resumed and shows previous message


ExampleExample

System


Browser

MailListListListList

Go back to the mail list


ExampleExample

System


Browser

Mail

Go back to the “Home” screen


Memory managementMemory management Linux kernel does most of the job

Page-based memory management Virtual address to physical address mapping

No virtual memory swapping Pros and cons?


Offloading of computationOffloading of computation

Naive offloadingSpeech-to-text, OCR

More sophisticated offloading - fine-grained offloadingMAUI: Making Smartphones Last Longer with Code Offload

Running two versions of the app on the mobile device and a powerful server

Decide when/what to offload on the fly


Disk I/ODisk I/O

Flash Hard Disk Drive

Random access ~0.1ms 5-10ms

File fragment impact

No Greatly impacted

Total power 1/2 to 1/3 of HDD up to 15+ watts

Reliability Reliable Less reliable due to mechanical parts

Write longevity Limited number of writes Less of a problem

Capacity <= 512GB 2-3TB

Price $1.5-2 / GB $0.1-0.2 / GB



SummarySummary VMMs multiplex virtual machines on hardware

Export the hardware interface Run OSes in VMs, apps in OSes unmodified Run different versions, kinds of OSes simultaneously

Android: Use of virtual machines to protect phones

63


Other VMM SystemsOther VMM Systems VMWare Xen Microsoft Virtual PC User-Mode Linux

64

cse 153 design of operating systems winter 2015 lecture 15: virtual machine monitors

Documents

virtual machine monitorscse

virtual machine monitorswhy

virtual machine monitorswhat

virtual machinesimplications

microsoft virtual pchardware

os development

machinespecific version

hardwarevmm applications