Lecture: CPU virtualization

administrivia

read chapters 2 & 3 of the textbook
quick review
- what are VMs
- why VMs
- virtualization: cpu (today), memory, I/O (next week)
goals
- fidelity: (almost) identical to execution on hw
- performance: low overhead
- safety: isolation, mutiplexing
strawman plans
- directly run guest kernels on hw: safety?
- emulation (e.g., QEMU/Bochs): performance?
- run guest kernels in user mode: what can go wrong
classically virtualizable ISA
- Popek-Goldberg: sensitive instructions ⊆ privileged instruction
- trap-and-emulate
- x86 (before vmx/svm)
  - not virtualizable: 17 sensitive, unprivileged instructions
  - example: pushf/popf/iret behave differently in user mode
  - except for v8086

virtualize x86 without vmx/svm
- idea: modify the guest code to avoid the 17 instructions
- binary translation (e.g., VMware)
  - goal: replace the 17 instructions with trapping ones (e.g., int $3)
  - q: how does gdb work?
  - similar to a just-in-time compiler
  - challenges
    - how to do this efficiently
    - how about memory
- paravirtualization (e.g., Xen)
  - originally from the Denali isolation kernel (OSDI 2002)
  - replace the 17 instructions in guest kernels with hypercalls
vmx/svm (2005/2006)
- use vmx (VT-x) as an example
- introduce additional mode: root vs non-root
- transitions
  - VM-exit: non-root mode to root mode (kernel)
    - root-mode-privileged instruction
    - exceptions/interrupts (depending on configuration)
    - vmcalls
  - VM-entry (vmlaunch/vmresume): root mode (kernel) to non-root
  - overhead: 4000 (older)–500(newer) cycles (syscalls: 60-70 cycles)
- two approaches
  - trap-and-emulate
  - duplicate guest/host states (to reduce traps)
  - examples
    - rdtsc: passthrough, trap, scaling
    - what about pushf/popf/iret
- caveat
  - first generations provide cpu virtualization w/o memory virtualization
  - performance can be worse than binary translation
kvm
- assume vmx/svm
- cpu/memory virtualization: by the kvm kernel module
- I/O virtualization: by QEMU