Virtualization

Darren Alton

A brief introduction...In general, virtualization means emulating computer hardware* with software**.Virtual machine (VM) can mean a couple of things:

A process virtual machine runs a single process.

A system virtual machine usually emulates an entire computer.

We'll be primarily, but not necessarily exclusively, focusing our attention on system virtual machines.

* sometimes not real hardware** sometimes assisted by real hardware

TerminologyAn operating system installed inside a VM is often called the "guest."

An operating system installed on the physical hardware is similarly called the "host" (assuming it has any guests).

The virtual machine software itself is often called a "hypervisor," a "virtual machine monitor" (VMM), or, in some cases, an "emulator."

Why bother?Guests can often be managed in the same ways as files and processes on the host system.

Run software incompatible with the host system on a guest.

Simultaneously run multiple guests on the same host, sharing the host's resources.

Isolate the guest systems for security reasons.

How does it work? The simplest case of an emulator is a pure interpreter, where the guest CPU is implemented entirely in software.

+ Portable, easily generalizes to nearly any host or guest architecture + Conceptually simple - Very slow!

// the basic concept in pseudo-code:while (running){ op = memory[pc++]; if (op not in ISA) { error("illegal instruction!"); running = false; } run_guest_opcode(op, memory);}

image: David Byrne, in Once in a Lifetime by Talking Heads

How does it work? A dynamic recompiler, or Just-In-Time (JIT) compiler, disassembles the guest's machine code and re-compiles it for the host.

+ Much faster than interpreting each operation individually

- More complex, harder to implement

// the basic concept in pseudo-code:while (running){ if (cache[pc] does not exist) { asm = disasm_guest(memory, pc); if (asm is null) { error("illegal instruction!"); running = false; } cache[pc] = compile_for_host(asm); } execute(cache[pc]);}

image: "Johnny 5," from Short Circuit

What about the same architecture?

You may ask, "Suppose I just want to run an x86 guest on an x86 host, can't I just forgo all that re-interpreting and re-compiling business and run the guest's code directly?"

In a sense, yes, but there are some issues. First, we need to discuss some properties of instruction set architectures (ISA), and what is needed to be "virtualizable."

In a paper published in 1974, Gerald J. Popek and Robert P. Goldberg defined criteria for what we now call "classical virtualization."

Fidelity - The guest must run the same as it would natively.Performance - A "statistically dominant" subset of the opcodes must be executed directly on the host's CPU.Safety - The hypervisor must always remain in control of the guest.

x86 in particular doesn't quite meet these requirements!

Handling sensitive instructions First, some definitions:

Sensitive instructions depend on or affect the system configuration.

Privileged instructions can only be run in kernel mode and cause an exception if run in user mode. Let S be the set of sensitive instructions, and P be the set of privileged instructions: Popek and Goldberg proposed that if S⊆P, then the ISA can be virtualized by a "trap-and-emulate" method.

// the basic concept in pseudo-code:while (running) { try { execute(memory + pc); } catch (Exception e) { pc = e.location; op = memory[pc++]; if (op not in ISA) { error("illegal instruction!"); running = false; } else { run_guest_opcode(op, memory); } }}

image: Admiral Ackbar, from Star Wars: Episode VI

Failing to handle sensitive instructions

However, the x86 ISA contains no less than seventeen instructions that are sensitive, but not considered privileged.

VMware, VirtualBox, and others employ binary translation, which uses dynamic recompilation where needed.

AMD and Intel processors retrofit classical virtualizability onto the x86 architecture in 2005.

Hardware-assisted failureThese extensions added:

The VMCB, which contains the state of the guest, and what to trap.

The "vmrun" instruction, which enters virtual machine mode until a trap.

A security hole in the x86 ISA itself! The "Blue Pill" attack.

image: Morpheus and Neo, from The Matrix

Memory management

Virtualizing memory is a tricky problem as well.

Consider that the guests and host each must have their own page tables, and they must not interfere with each other.

Also consider how swap space would behave...

Paravirtualization

Suppose we didn't care about "classical" virtualization.We probably don't want to budge much on performance and safety...But suppose we don't care whether the guest knows that it's a guest.

Enter paravirtualization, which requires modifying the guest operating system's kernel to interact with the hypervisor.

Requires the guest OS be modified to cooperate with the hypervisor.

Recursive virtualization

Popek and Goldberg, again:"THEOREM: A conventional third generation computer is recursively virtualizable if it is:

1. [classically] virtualizable, and2. a VMM without any timing dependencies can be constructed for it."

Recursive virtualization is not always possible.

image: Cobb from Inception

In practice...

QEMU is effectively the Swiss Army Knife of virtualization.

VMware and VirtualBox are popular virtual machines for x86, with a GUI for managing virtual machines and disks.

Xen is a popular hypervisor for paravirtualization.

High-level emulation (HLE)

Some hardware is costly to fully emulate.

Instead of emulating the whole device at a lower level, re-implement the functionality that device provides.

So, instead of emulating the GPU, pass along the job to the host GPU.

"UltraHLE" popularized this approach in 1999.

VMware, Parallels, and VirtualBox now do this.

image: Mewtwo from Pokemon Stadium

Not quite emulation, but...

WINE Is Not an Emulator.

Cygwin provides a Unix-like environment on Windows.User-mode Linux is a Linux kernel built to run as an ordinary process on the host.

coLinux is the same thing, but for Windows hosts.

OpenVZ and Lguest allow the host kernel to use multiple instances of itself as "guests."

Similar to FreeBSD's jail(8), which differs from typical chroot(8) jail in that it isolates everything, not just the filesystem.

image: stock photo

Live migration between hosts

It is sometimes possible to move a guest from one host to another without the guest ever being shut down.

This is called "live migration" or "seamless migration."

Usually requires that any virtual disks be on a network share available to both hosts to be possible.

The memory of the guest is copied over the network... then the guest starts on the target and stops on the source.

To the cloud!

Infrastructure as a Service (IaaS)

Some cloud-based services offer the ability to rent virtual machines.

More flexible than paying for and maintaining physical servers.

Usually don't have to worry about installing and configuring the OS.

What virtualization methods are best for IaaS hosting?

image: Tim from Braid

Running a Nintendo Wii emulator inside VirtualBox on Linux

Virtualizing a lot of game consoles on Linux... at the same time

Resources

Hardware Support for Efficient Virtualizationhttp://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.110.1676&rep=rep1&type=pdf

Xen and the Art of Virtualizationhttp://research.microsoft.com/~tharris/papers/2003-sosp.pdf

A Comparison of Software and Hardware Techniques for x86 Virtualizationhttp://www.vmware.com/pdf/asplos235_adams.pdf

Introducing Blue Pillhttp://www.coseinc.com/en/index.php?rt=download&act=publication&file=Introducing%20Blue%20Pill.ppt.pdf

Formal requirements for virtualizable third generation architectureshttp://www-users.cselabs.umn.edu/classes/Spring-2010/csci5105/papers/popek-virt-reqmts.pdf

Live Migration of Virtual Machineshttp://www.cl.cam.ac.uk/research/srg/netos/papers/2005-migration-nsdi-pre.pdf

Questions(and, hopefully, answers)

This presentation, with more detailed slides:http://goo.gl/kgzej