Lecture: virtual machines

preparation

• finish the Dune exercise

OS virtualization recap

• review OS organization
• virtual memory
• virtual CPU/time
• virtual file system
  • file descriptor & name space
• a key scheme: naming
  • (pid, va) -> pa
  • (file, offset) -> disk address
  • other naming examples: DNS, Linux namespace (Docker etc.)
• what if we want to run multiple OSes?
  • 60s: IBM
  • 90s: VMware for x86

overview

• terminology
  • host (VMM, hypervisor), guest
  • host can be baremetal or an OS
• goals
  • virtualize a machine
  • isolation: between guests, between host and guests
  • security, billing, etc.
• techniques
  • interpreter / binary translation: QEMU
  • trap & simulate: run guest kernel in ring 3 & trap into host
  • hardware support
  • example: how does cr3% work in each case

x86 virtualization

• what machine state to virtualize: CPL, GDT, IDT, page table, control registers, MSRs, etc.
• hardware support: Intel’s VT-x (vmx) / AMD’s AMD-V (svm)
• VT-x
  • host: root mode (sometimes called ring -1)
  • guest: non-root mode
  • VM control structure (VMCS)
  • vmlaunch, vmresume, vmcall
• virtual memory
  • shadow page tables
    • simulate %cr3 in software
    • write-protect guest’s page table pages
    • downside: performance
  • extended page tables (EPT) / nested page tables (NPT): guest pa -> host pa
• virtual CPU
• devices

Dune

• goal
  • process absraction for privileged instructions
  • Dune process mode
    • ring 0, non-root
    • use hypercalls as syscalls
• applications
  • fast faults
    • CPU delivers page faults to user space: compared to JOS lab4
    • how about division by zero - should the kernel be involved
  • direct access to page tables, etc.
    • example: GC
    • use dirty bits to track if memory has been touched
    • better page table management
    • better TLB control
• performance: pros and cons