Virtualization 101

1
Virtualization 101

• Raghunathan Srinivasan, PhD

2
Short Introduction

• Joined ASU for MS in 2005
• Joined Parthas group in 2006
• Stuck on for PhD in 2007
• Was stupid enough to do it
• Finshed PhD in 2011
• Contact raghus_at_asu.edu

3
What is a virtual machine

• An Isolated programming environment
• It is a complete operating system
• Does not boot directly on physical hardware
• Usually called Guest OS
• Typically runs with the assistance of another OS
  called Host OS
• Might run on top of software emulator also
• Multiple VMs can share the hardware

4
Overview
VM
VM
VM
Host OS/Virtual Machine Monitor
Hardware

• Virtualization Simulation of hardware

5
Types

• Old School
• Full virtualization
• Paravirtualization
• New School
• Hardware Assisted virtualization
• Intel VT
• AMD-VTM

6
Full Virtualization

• Provide complete simulation of hardware
• Guest OS need not be modified in any way
• IBM CP/CMS (1970s)
• VMware workstation, VMware server (2000s)
• Used Binary translation

7
Paravirtualization

• The Host OS provides ABIs (hypercall)
• Think new system call
• Guest OS is modified to call these APIs
• Xen prior to version 3

8
Binary Translation

• Take every instruction and change it for
  underlying hardware
• Vmware running x86 guest on x86 hardware
• User mode applications are executed directly as
  if they were running natively
• Kernel code translated
• Privileged instructions need to be caught and
  fixed
• Access to hardware needs to be fixed

http//www.anandtech.com/show/2480/4
9
Popek and Goldberg principles

• 3 essential characteristics for a VMM
• Fidelity Software executing on VMM should behave
  identical to executing on hardware barring timing
  issues
• Performance Most of instructions of guest should
  not require VMM moderation
• Safety The VMM manages all hardware resources

10
Intel Architecture 3 rings
Ring 0
Ring 3
11
Obstacles with old x86

• Guest can find out its state
• Read 2 bits on the CS register (CPL)
• Trap and emulate was difficult
• If the guest OS executes a privileged instruction
  you want it to trap so it can be emulated against
  virtual hardware
• Interpreter used initially
• Software emulation affects performance
• Binary translation works better

http//www.vmware.com/pdf/asplos235_adams.pdf http
//www.hotchips.org/archives/hc17/1_Sun/HC17.T1P2.
pdf
12
Hardware assisted Virtualization

• 64 bit CPUs removed segmentation
• Hypervisor memory not isolated
• Software only virtualization became difficult

13
Intel VT-x

• Add elements into the architecture to support
  virtualization
• Processor has fields known as VMCS
• There are 2 modes of operations
• VMX
• Non VMX
• VMM will run on VMX mode
• The guest OS runs in non VMX mode

14
VMX operations
Apps Guest OS
Apps Guest OS
Ring 3
Ring 0
VM Entry
VM Exit
VMM
VMXON
VMXOFF
Standard mode
VMX root
15
Big picture

• If you want to write your own VMM
• Check if CPU supports VT
• Execute VMXon
• Create memory for VMCS and load values
• Write code for handling exits
• Launch the VMM
• Well at least that is the theory

16
VMCS

• VMCS specifies CPU behaviour
• What operations cause exit
• Exits happen on privileged instructions
• MSR accesses
• CR access
• Interrupts
• Create one VMCS for each vCPU
• Only one VMCS is active per core at any time

17
What got fixed

• Guest OS runs at Ring 0, so the guest application
  cannot find that it is virtualized
• Instructions like SGDT, SIDTdont have to trap as
  they are context switched on VM exit
• Faulting avoided

http//www.hotchips.org/archives/hc17/1_Sun/HC17.T
1P2.pdf