Understanding Virtualization and System Virtualization in Operating Systems

Virtualization in operating systems plays a crucial role in creating virtual versions of resources like CPU, containers, and virtual machines. It involves techniques like isolating containers and utilizing hypervisors to manage hardware for system virtualization. Hypervisors come in different types, each serving specific functions. The concept of virtualization is essential for cloud computing, server consolidation, and creating virtual test environments.

• Virtualization
• Operating Systems
• Hypervisors
• Containers
• Virtual Machines

arich Follow

Uploaded on Oct 01, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. CPU Virtualization Brian Kocoloski, Marion Sudvarg, Chris Gill, James Orr CSE 522S Advanced Operating Systems Washington University in St. Louis St. Louis, MO 63130 1

2. Container Review A container is a self contained execution environment that shares the kernel of the host system and which is (optionally) isolated from other containers in the system. (From the libcontainer README) Containers share an OS kernel Resource efficient But can only encapsulate processes compatible with the underlying kernel And provide only limited isolation via kernel mechanisms (e.g. namespaces) CSE 522S Advanced Operating Systems 2

3. Virtual Machines Virtual machines provide strong isolation Each VM hosts its own operating system kernel Exists in a separate memory space on top of a hardware virtualization layer Virtual machines are resource-intensive Each VM contains its own kernel and applications CSE 522S Advanced Operating Systems 3

4. Virtualization Virtualization refers to the act of creating a virtual (rather than actual) version of something Examples of virtualization we ve already seen: Virtual memory creates illusion of full access to system memory Context switching creates illusion of full access to system CPU(s) veth devices create illusion of a dedicated Ethernet interface CSE 522S Advanced Operating Systems 4

5. Virtualization Virtual machine: emulation of a full computer system Rather than virtualize only specific resources to support multi-processing, we can virtualize the entire platform to support multi-operating systems Why would we want to? Cloud computing Server consolidation + software packaging Virtual test environments E.g., OS development for specific hardware platforms Linux enthusiasts who still can t decide which distribution is best CSE 522S Advanced Operating Systems 5

6. System Virtualization Requires a hypervisor to share and manage hardware, creating multiple environments that are isolated from each other P2 P1 OS 2 P1 P2 OS 1 OS Hypervisor Hardware Hardware CSE 522S Advanced Operating Systems 6

7. Types of Hypervisors Type 1: hypervisor runs directly on hardware (no host operating system) Type 2: hypervisor runs within host operating system P2 P1 P2 P1 OS 2 OS 1 OS 2 OS 1 Hypervisor Hypervisor Host OS Hardware Hardware CSE 522S Advanced Operating Systems 7

8. Ways to Virtualize The key challenge is to prevent the guest OS from accessing shared hardware and possibly corrupting other programs/OSes As a result, guest behavior must be isolated from other guests and host processes Shared state: CPU registers Physical memory contents (next lecture) I/O devices (discussed later) CSE 522S Advanced Operating Systems 8

9. Emulation vs Virtualization Instruction emulation Guest OS (and all processes it creates) run as a user-mode process An interpreter first checks that instructions are legal and don t manipulate shared state Interpreter can even translate between different instruction set architectures (ISA) (e.g., using dynamic binary translation) Hardware virtualization Guest OS runs directly on the hardware with no interpreter CPU provides a separate privilege domain to prevent guest from manipulating shared hardware CSE 522S Advanced Operating Systems 9

10. QEMU qemu.org Free and open source emulator Can be configured to perform both instruction emulation in software and leverage hardware virtualization features CSE 522S Advanced Operating Systems 10

11. (QEMU) Emulation Example Assume virtual machine executes: P1: store 4 0xabcd <ctx switch> P2: store 5 0xabcd What type of address is 0xabcd? Virtual address these should resolve to two different physical memory locations But QEMU runs all guest processes within a single user process (i.e., single address space) CSE 522S Advanced Operating Systems 11

12. (QEMU) Emulation Example How to determine what the physical addresses are? QEMU uses a software MMU (memory management unit) Performs the same functions as a page table i.e., can convert to physical address Problems? Every memory access requires a SW translation VERY slow CSE 522S Advanced Operating Systems 12

13. Emulation Problems Emulator is a software implementation of hardware, meaning: It must understand/interpret all instructions in the ISA It must model an MMU (including page tables) to translate memory locations It must understand the meaning of special CPU control registers Emulation requires the emulator to interpret every instruction issued by the guest OS Enter hardware virtualization CSE 522S Advanced Operating Systems 13

14. Hardware Virtualization Modern hardware has support for drastically improving the performance of virtualization Basic idea: hardware introduces a new privilege domain called supervisor mode Supervisor mode indicates whether trusted (host) or untrusted (guest) code is running Supervisor mode allows the host to trap specific instructions that might modify shared state, thus retaining isolation CSE 522S Advanced Operating Systems 14

15. CPU Rings Privilege levels provided by x86 hardware Linux uses ring 0 for kernel, ring 3 for applications x86 allows hypervisor or host OS to run in supervisor mode so that VM kernels can run at ring 0 in guest mode Newer Intel (VT-x) and AMD (AMD-V) x86 hardware introduce Ring -1 for hypervisor ARM uses privilege levels: EL0: application EL1: operating system EL2: hypervisor EL3: secure monitor (new with ARMv8) https://en.wikipedia.org/wiki/Protection_ring CSE 522S Advanced Operating Systems 15

16. Rings and Supervisor Modes Here, we illustrate an example for x86 hardware OS kernels run at Ring 0, applications run at Ring 3 Host code runs in Supervisor Mode, guest code runs in Guest Mode Ring 3, Guest Mode P1 Ring 0, Guest Mode Guest OS Hypervisor P2 Ring 3, Supervisor Mode Ring 0, Supervisor Mode Host OS Hardware CSE 522S Advanced Operating Systems 16

17. Virtualization Hardware (e.g., x86) VMX nonroot (aka guest mode) Userspace processes in the guest Guest kernel code VMX root Regular userspace processes Host kernel code Hypervisor code (e.g., KVM) (aka host/supervisor mode) Userspace (e.g., x86 ring 3) Kernel space (e.g., x86 ring 0) CSE 522S Advanced Operating Systems 17

18. Hardware Virtualization Hardware virtualization allows guest code to run directly on the hardware P1: store 4 0xabcd (guest, userspace) <ctx switch> (guest, kernel) - will switch in page tables for P2 P2: store 5 0xabcd(guest, userspace) Both of these processes run on the hardware without emulation The CPU s page tables are used to map these guest virtual addresses to distinct physical memory locations (more on this next time) CSE 522S Advanced Operating Systems 18

19. Hypervisor Examples Type 1 Type 2 (hypervisor runs directly on hardware) (hypervisor runs within host operating system) Xen: Open-source, now under the Linux Foundation. KVM: Kernel-based Virtual Machine, a module in the Linux kernel. VMware ESXi: Closed-source, supports small/medium host clusters. QEMU: Emulates various hardware architectures. Can leverage hardware virtualization features and KVM if host machine architecture matches. seL4: Highly secure, formally verified microkernel that can also run as a Type 1 hypervisor. (Ring-0 on x86, hyp on ARM) VMWare Fusion, Parallels: Run virtual machines on macOS. Vmware Workstation, Virtualbox: Run virtual machines on Windows and Linux CSE 522S Advanced Operating Systems 19

20. Todays Readings Kivity, A., Kamay, Y., Laor, D., Lublin, U., & Liguori, A. (2007). KVM: the Linux Virtual Machine Monitor. In Proceedings of the 2007 Ottawa Linux Symposium (OLS -07). VMware, inc. Virtualization: Architectural Considerations and Other Evaluation Criteria. Whitepaper, 2005. CSE 522S Advanced Operating Systems 20