virtualization allows concurrent execution of multiple OSs(and their applications) on the same physical machine.
virtual resources == each os thinks that it “owns” hardware resources
-virtual machine(VM) == os + applications
+ virtual resources (guest domain)
-virtualization layer == management of physical hardware (virtual machine monitor, hypervisor)
A virtual machine … is an efficient, isolated duplicate of the real machine
supported by a virtual machine monitor(VHM)
Bare-metal Virtualization
Xen(open source or citrix xen server)
– dom o and dom Us
– drivers in dom O
ESX(VMware)
– many open APIs
– drivers in VMM
– used to have Linux control core, now remote APIs
Hoseted
– host os owns all hardware
– special VMM module provides hardware interfaces to VMs and deals with VM context switching
Example: KVM
(kernel-based VM)
– based on Linux
– KVM kernel module + QEMU for hardware virtualization
– leverages Linux open-source community
Hardware Protection Levels
commodity hardware has more than 2 protection levels
e.g., x86 has 4 protection levels(rings)
ring 3: lowest privilege(apps)
ring 0: highest privilege(os)
-non-root: VMs
-root:
x86 pre 2005
– 4 rings, no root/non-root modes yet
– hypervisor in ring 0, guest OS in ring
But: 17 privileged instructions do not trap! fail silently!
hypervisor doesn’t know, so it doesn’t try to change settings
os doesn’t know, so assumes change was successful
Binary Translation
-goal: full virtualization == guest OS not modified
-approach: dynamic binary translation
1. inspect code block to be executed
2. if needed, translate to alternate instruction sequence
-e.g., to emulate desired behavior, possibly even avoiding trap
3. otherwise, run at hardware speeds
