Download lec15 - CSE @ UCR

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
Document related concepts
no text concepts found
Transcript 
CSE 153
Design of Operating
Systems
Fall 2016
Lecture 15: Virtual Machine Monitors
OS Abstractions
Applications
Process
I/O
Devices
File system
Virtual memory
Network
Operating System
CPU
Hardware
Disk
RAM
CSE 153 – Lecture 16 – Virtual Machine Monitors
2
Virtual Machine Monitor
Applications
Process
I/O
Devices
File system
Virtual memory
Network
Operating System
Hardware
Virtual Machine Monitor
CPU
Disk
RAM
CSE 153 – Lecture 16 – Virtual Machine Monitors
3
What is a VMM?
We have seen that an OS already virtualizes



Syscalls, processes, virtual memory, file system, etc.
Applications program to this interface
OS offers illusion that each process is running in isolation
A VMM virtualizes an entire physical machine



Interface supported is the hardware
VMM offers illusion that OS has full control over the hardware
VMM “applications” (OSes) run in virtual machines
Implications of booting an OS in a virtual machine


Run multiple instances of an OS on same physical machine
Run different OSes simultaneously on the same machine
» Linux on Windows, Windows on Mac, etc.
CSE 153 – Lecture 16 – Virtual Machine Monitors
5
Why do such a crazy thing?
Resource utilization

Machines today are powerful, want to multiplex their hardware
» e.g., Cloud service can divvy up a physical machine to customers

Can migrate VMs from one machine to another without shutdown
Software use and development

Can run multiple OSes simultaneously
» No need to dual boot

Can do system (e.g., OS) development at user-level
» Xv6/Qemu!
Strong isolation – for security and otherwise
Many other cool applications

Debugging, emulation, security, speculation, fault tolerance…
Applications/services at the granularity of a machine

Specific version of OS, libraries, applications, etc., as package
CSE 153 – Lecture 16 – Virtual Machine Monitors
6
Example of Cool VMM Tricks
Time dilation



VMM can control the rate of timer interrupts to OS
Can change how OS interprets passage of time
If VMM slows timer by 10x, then other hardware (CPU, disk,
network) appears 10x faster to OS and applications
» OS reads 100 MB of data from network in 1 second, but thinks only
0.1 second has elapsed, giving illusion of 1 GBps of bandwidth

Can experiment with apps, protocols, and systems on future
hardware
» But, applications run 10x slower
CSE 153 – Lecture 16 – Virtual Machine Monitors
7
VMM Requirements
Fidelity

OSes and applications work the same without modification
» (although we may modify the OS a bit)
Isolation

VMM protects resources and VMs from each other
Performance

VMM is another layer of software…and therefore overhead
» As with OS, want to minimize this overhead

VMware:
» CPU-intensive apps: 2-10% overhead
» I/O-intensive apps: 25-60% overhead
CSE 153 – Lecture 16 – Virtual Machine Monitors
8
VMware
VMware workstation uses hosted model


VMM runs unprivileged, installed on base OS
Relies upon base OS for device functionality
VMware ESX server uses hypervisor model

VMM runs directly on hardware
VMware uses software virtualization

Dynamic binary rewriting translates code executed in VM
» Rewrite privileged instructions with emulation code (may trap)


CPU only executes translated code
Think JIT compilation for JVM, but
» full binary x86  IR code  safe subset of x86

Incurs overhead, but can be well-tuned (small % hit)
CSE 153 – Lecture 16 – Virtual Machine Monitors
11
Vmware Hypervisor Model
Applications
Operating System
Hardware
Virtual Machine Monitor
Hardware
CSE 153 – Lecture 16 – Virtual Machine Monitors
12
VMware Hosted Architecture
CSE 153 – Lecture 16 – Virtual Machine Monitors
13
Xen
Early versions use “paravirtualization”



Fancy word for “we have to modify & recompile the OS”
Since you’re modifying the OS, make life easy for yourself
Create a VMM interface to minimize porting and overhead
Xen hypervisor (VMM) implements interface


VMM runs at privilege, VMs (domains) run unprivileged
Trusted OS (Linux) runs in own domain (Domain0)
» Use Domain0 to manage system, operate devices, etc.
Most recent version of Xen does not require OS mods

Because of Intel/AMD hardware support
Commercialized via XenSource, but also open source
CSE 153 – Lecture 16 – Virtual Machine Monitors
14
Xen Architecture
CSE 153 – Lecture 16 – Virtual Machine Monitors
15
What needs to be virtualized?
Exactly what you would expect




CPU
Events
Memory
I/O devices
Isn’t this just duplicating OS functionality in a VMM?


Yes and no
Approaches will be similar to what we do with OSes
» Simpler in functionality, though (VMM much smaller than OS)

But implements a different abstraction
» Hardware interface vs. OS interface
CSE 153 – Lecture 16 – Virtual Machine Monitors
17
Virtualizing Privileged Insts
OSes can no longer successfully execute privileged
instructions

Virtual memory registers, interrupts, I/O, halt, etc.
For those instructions that cause an exception

Trap to VMM, take care of business, return to OS in VM
For those that do not…


Xen: modify OS to hypervisor call into VMM
VMware: rewrite OS instructions to emulate or call into VMM
CSE 153 – Lecture 16 – Virtual Machine Monitors
18
Virtualizing Memory
OSes assume they have full control over memory


Managing it: OS assumes it owns it all
Mapping it: OS assumes it can map any virtual page to any
physical page
But VMM partitions memory among VMs


VMM needs to assign hardware pages to VMs
VMM needs to control mappings for isolation
» Cannot allow an OS to map a virtual page to any hardware page
» OS can only map to a hardware page given to it by the VMM
Hardware-managed TLBs make this difficult


When the TLB misses, the hardware automatically walks the
page tables in memory
As a result, VMM needs to control access by OS to page tables
CSE 153 – Lecture 16 – Virtual Machine Monitors
22
Shadow Page Tables
Three abstractions of memory

Machine: actual hardware memory
» 2 GB of DRAM

Physical: abstraction of hardware memory managed by OS
» If a VMM allocates 512 MB to a VM, the OS thinks the computer
has 512 MB of contiguous physical memory
» (Underlying machine memory may be discontiguous)

Virtual: virtual address space per process
» Standard 232 address space
In each VM, OS creates and manages page tables for
its virtual address spaces without modification

But these page tables are not used by the MMU hardware
CSE 153 – Lecture 16 – Virtual Machine Monitors
24
Shadow Page Tables
CSE 153 – Lecture 16 – Virtual Machine Monitors
26
Smartphones
==
CSE 153 – Lecture 16 – Virtual Machine Monitors
31
…in 2014
CSE 153 – Lecture 16 – Virtual Machine Monitors
32
MALWARE
Android has become
a hot target of
malware authors
It is not a problem of
the platform itself
Data from McAfee
CSE 153 – Lecture 16 – Virtual Machine Monitors
34
Android
CSE 153 – Lecture 16 – Virtual Machine Monitors
36
Android
CSE 153 – Lecture 16 – Virtual Machine Monitors
39
Android
CSE 153 – Lecture 16 – Virtual Machine Monitors
40
Android
CSE 153 – Lecture 16 – Virtual Machine Monitors
41
Dalvik VM
Dalvik is a Java Virtual Machine

Designed to run with limited system resources
Android applications are written in Java
Every application runs in its own JVM
CSE 153 – Lecture 16 – Virtual Machine Monitors
42
DEX File
Java class files are
converted into “.dex” files
that Dalvik executes
Java byte-code is
converted into Dalvik bytecode during this process
CSE 153 – Lecture 16 – Virtual Machine Monitors
43
Process management
What’s the difference between mobile app cycle and
desktop app cycle?

One app has focus from the user at a time
Two key principles


Android usually does not delete an app’s state even if you
close it
Android kills apps when the memory usage goes too high, but
it saves app state for quick restart later on
CSE 153 – Lecture 16 – Virtual Machine Monitors
45
Application Life cycle
Start
Run
Paus
e
End
CSE 153 – Lecture 16 – Virtual Machine Monitors
46
Example
System
Home
Home
At the “Home” screen
CSE 153 – Lecture 16 – Virtual Machine Monitors
48
Example
System
Home
Mail
Home
List
Start the “Mail” app and read the list
CSE 153 – Lecture 16 – Virtual Machine Monitors
49
Example
System
Home
Mail
Home
List
Message
Click on one of the message and see its content
CSE 153 – Lecture 16 – Virtual Machine Monitors
50
Example
System
Home
Mail
Browser
Home
List
Message
Browser
Click a link in the message
CSE 153 – Lecture 16 – Virtual Machine Monitors
51
Example
System
Home
Browser
Home
Browser
Now we have enough space to start the “Map” app
March 4, 2014
CSE 153 – Lecture 16 – Virtual Machine Monitors
52
Example
System
Home
Browser
Home
Browser
Map
Map
Start the “Map” app
CSE 153 – Lecture 16 – Virtual Machine Monitors
53
Example
System
Home
Browser
Home
Browser
Map
Go back to the browser
CSE 153 – Lecture 16 – Virtual Machine Monitors
54
Example
System
Home
Home
Browser
Mail
List
Message
“Mail” app is resumed and shows previous message
CSE 153 – Lecture 16 – Virtual Machine Monitors
55
Example
System
Home
Home
Browser
Mail
List
Go back to the mail list
CSE 153 – Lecture 16 – Virtual Machine Monitors
56
Example
System
Home
Home
Browser
Mail
Go back to the “Home” screen
CSE 153 – Lecture 16 – Virtual Machine Monitors
57
Memory management
Linux kernel does most of the job
Page-based memory management

Virtual address to physical address mapping
No virtual memory swapping

Pros and cons?
CSE 153 – Lecture 16 – Virtual Machine Monitors
58
Offloading of computation
Naive offloading
Speech-to-text, OCR
More sophisticated offloading - fine-grained offloading
MAUI: Making Smartphones Last Longer with Code Offload
Running two versions of the app on the mobile device and a
powerful server
Decide when/what to offload on the fly
CSE 153 – Lecture 16 – Virtual Machine Monitors
60
Disk I/O
Flash
Hard Disk Drive
Random access
~0.1ms
5-10ms
File fragment impact
No
Greatly impacted
Total power
1/2 to 1/3 of HDD
up to 15+ watts
Reliability
Reliable
Less reliable due to
mechanical parts
Write longevity
Limited number of writes
Less of a problem
Capacity
<= 512GB
2-3TB
Price
$1.5-2 / GB
$0.1-0.2 / GB
CSE 153 – Lecture 16 – Virtual Machine Monitors
61
Summary
VMMs multiplex virtual machines on hardware



Export the hardware interface
Run OSes in VMs, apps in OSes unmodified
Run different versions, kinds of OSes simultaneously
Android: Use of virtual machines to protect phones
CSE 153 – Lecture 16 – Virtual Machine Monitors
63
Other VMM Systems
VMWare
Xen
Microsoft Virtual PC
User-Mode Linux
CSE 153 – Lecture 16 – Virtual Machine Monitors
64
Related documents
Document
Document
26-computer_science
26-computer_science
Introduction
Introduction
Operating System Support for Virtual Machines
Operating System Support for Virtual Machines
PUNCH: An Evolutionary Algorithm for Optimizing Bit Set Selection
PUNCH: An Evolutionary Algorithm for Optimizing Bit Set Selection
Results in Data Mining for Adaptive System Management
Results in Data Mining for Adaptive System Management
CSE 510 Web Data Engineering Java Server Pages (JSPs)
CSE 510 Web Data Engineering Java Server Pages (JSPs)
Syllabus for M Sc - Rajshahi University Alumni Association
Syllabus for M Sc - Rajshahi University Alumni Association
Chapter 7 Assembly Language
Chapter 7 Assembly Language
Application Servers WildFly Monitor
Application Servers WildFly Monitor
Data Mining and Bioinformatics: Some Challenges
Data Mining and Bioinformatics: Some Challenges
Virtual Machine Monitors: Current Technology
Virtual Machine Monitors: Current Technology
Are Virtual-Machine Monitors Microkernels Done Right?
Are Virtual-Machine Monitors Microkernels Done Right?
Data Structures
Data Structures
Data mining functionalities
Data mining functionalities
Guidelines accompanying Commission Regulation (EC) No 642/2009
Guidelines accompanying Commission Regulation (EC) No 642/2009
cse4701chap25 - University of Connecticut
cse4701chap25 - University of Connecticut
Document
Document