.. System Virtualization and OS Virtual Machines slides file, created by hieroglyph-quickstart on Mon Oct 28 09:39:30 2013. ============================================= System Virtualization and OS Virtual Machines ============================================= :Date: 2013-10-29 :Authors: Ivan Boule, Olivier Matz Plan ==== Contents -------- .. contents:: :depth: 2 :backlinks: none History ======= History of Virtual Machines --------------------------- - VM introduced in the sixties on IBM/370 series - Co-Designed VM: IBM AS/400 - High level ISA including I/Os - Proprietary CISC → PowerPC - Application VMs - Sun Java, Microsoft Common Language Infrastructure - OS VMs - VMware (virtualized PC on x86) - Virtual PC (PC emulation on Mac OS/PowerPC) - Many others : Bochs, VirtualBox, Qemu, ... Virtualization Usages ===================== System Virtualization Principles -------------------------------- - Run multiple OS's on the same machine - By design, an OS assumes to have full control over all physical resources of the machine - Manage sharing/partitioning of machine resources between Guest OS's - CPU - Physical memory & MMU - I/O devices Goals of System Virtualization ------------------------------ - Reduction of Total Cost of Ownership (TCO) - Increase utilisation of server resources - Reduction of Total Cost of Functioning - Energy consumption - Cooling - Occupied Space - Hardware Consolidation - Reduction of Build Of Material (BOM) for high-volume low-end products - Isolation of OS for security purposes Virtualization in high-throughput network equipments ---------------------------------------------------- .. figure:: high-thput1.jpg .. figure:: high-thput2.jpg Virtualization in Multimedia devices ------------------------------------ - Reduction of Build Of Material (BOM) for high-volume low-end products - No need for a general purpose processor - 20 to 25 % BOM reduction - Run Linux together with OS supporting Codecs on a single TI DSP - Leverage Linux environment - Reuse existing DSP software XXX 2 images Usages of Virtual Machines -------------------------- - Server virtualization - Web sites hosting - OS partitionning - Time sharing - Security - OS/kernel education & training - OS fault recovery - OS kernel development - Test machine = development host - Keep backward compatibility of legacy software - Run applications not supported by host OS Recovery Servers ---------------- .. figure:: recovery.png Multi-Core CPU Issues (1) ------------------------- - CPU power gain - No more achieved through Frequency/Speed increase - But obtained with higher density & multi-core chips - Many RTOS designed with mono-processor assumption - Adding multi-processor support is complex & costly - Scaling requires time, at best... - Legacy RT applications also designed for mono-processor - Adaptation to multi-pro even more difficult than RTOS Multi-Core CPU Issues (2) ------------------------- - OS virtualization allows to run simultaneously on a multi-cores CPU multiple instances of mono-processor OS's - Each OS instance is run in a mono-processor - Virtual Machine assigned to a single CPU core - No need to change legacy software - Scalability managed at virtualization level Virtualization Taxonomy ======================= Machines Interfaces ------------------- .. figure:: isa-abi.svg - ISA = Instruction Set Architecture - System level interface - All CPU instructions, memory architecture, I/O - ABI = Application Binary Interface - Process level interface - User-level non privileged ISA instructions + OS systems 14 calls Virtualization Taxonomy ----------------------- - Process level virtualization - Emulation of Operating System ABI - Emulation of OS ABI, cross-architecture - Virtual Servers - System level virtualization - Standalone / Hosted Virtualization - Machine Emulation / Machine Virtualization Hosted versus Standalone Virtualization --------------------------------------- - Hosted Virtualization - Hosted VM Monitor (VMM) runs on top of native OS - VMware WKS, Microsoft VirtualPC, QEMU/KVM, UML - Standalone Virtualization - VMM directly runs on bare hardware - VMware ESX, IBM/VM, Xen - OS run in a VM is named a Guest OS Hosted Virtualization --------------------- .. figure:: hosted.svg Example: VMware Workstation ---------------------------- .. figure:: vmware-wks.png - Hosted VM - Unmodified OSes - Specific device drivers - x86 only - Guest OS executed in user mode Standalone Virtualization ------------------------- .. figure:: standalone.svg Example: VMware ESX ------------------- - Standalone VMM - Supports unmodified OS binaries - Configuration with appropriate device drivers - x86 only - No Intel-VT - Guest OS - runs in user mode Process Level Virtualization ============================ Process level ABI Emulation --------------------------- - Goal: execute binary applications of a given system **X** on the ABI of another system **Y** - Emulate system **X** ABI on top of system **Y** ABI - Emulation done by application-level code - System **Y** must provide services equivalent to those of system **X** (file system, sockets, etc...) Process Level (ABI) Emulators ----------------------------- - Wine - Windows Emulator on Unix/Linux - Windows API in userland - Adobe Photoshop, Google Picasa, ... - Cygwin - Unix emulation on Windows - POSIX library - Bash shell + many Unix commands - GNU development tool chain (gcc, gdb) - X Window, GNOME, Apache, sshd, ... Process Level Cross-architecture Emulators ------------------------------------------ - Emulate the Operating System ABI - Emulated OS and native OS are the same (ex: both are linux) - Emulated arch is different than native architecture (ex: x86 and powerpc) - Example: qemu-user:: $ gcc hello.c $ ./a.out hello $ powerpc-linux-gnu-gcc -static hello.c $ ./a.out bash: ./a.out: cannot execute binary file $ qemu-ppc ./a.out hello Virtual Servers (1) ------------------- - Single OS kernel / Multiple resource instances - Isolated kernel execution environments - Root file system - Network: Routing table, IP tables, interfaces... - Process for signals - Solaris 10 Containers - LXC, Linux-VServer, openVZ - FreeBSD Jail Virtual Servers (2) ------------------- .. figure:: virtual-servers.svg Virtual Servers (3) ------------------- - Pro's - CPU independent - Lightweight - Low memory footprint - Low CPU overhead - Scalable - Con's - No OS heterogeneity (no GPOS/RTOS combination) - Single OS binary instance (common point of failure) Transparent Hardware Emulation ============================== Transparent Hardware Emulation (1) ---------------------------------- - Run unmodified OS binaries - Includes emulation of physical devices - Cross ISA Emulation - qemu-system - Same ISA Emulation - VirtualBox (Intel x86) Transparent Hardware Emulation (2) ---------------------------------- - Emulate machine X on top of machine Y - Interpretation - 1 instruction of X executed by N instructions of Y - Huge slow down method - Dynamic Binary Translation - Convert blocs of X instructions in Y instructions - Application-level emulator runs on a native OS - One VM running a single Guest OS QEMU Architecture ----------------- .. figure:: qemu.svg QEMU: Hosted Hardware Emulator ------------------------------ - Cross ISA Emulation - Emulate machine X on top of machine Y - Interpretation + translation - Intel x86, PowerPC, ARM, Sparc architectures - Emulation of SMP architectures - Emulates physical I/O devices - Hard Disk drives, CD-ROM, network controllers, USB controllers, ... - Synchronous emulation of device I/O operations Transparent Hardware Virtualization =================================== Transparent Hardware Virtualization ----------------------------------- - Guest and host architectures are the same - Execute native/unmodified OS binary images - Provide in each VM a complete simulation of hardware - Full CPU instruction set - Interrupts, exceptions - Memory access and MMU - I/O devices - Share machine resources among multiple VMs Full CPU Virtualization (1) --------------------------- - Present same functional CPU to all Guest OSes - VMM manages a CPU context for each VM - saved copy of CPU registers - representation of software-emulated CPU context - VMM shares physical CPUs among all VMs - VMM includes a VM scheduler - round-robin - priority-based Full CPU Virtualization (2) --------------------------- - Relationships between a VMM and VMs similar to relationships between native OS and applications - Guarantee mutual isolation between all VMs - Protect VMM from all VMs - Directly execute native binary images of Guest OS's in non-privileged mode - VMM emulates access to protected resources performed by Guest OSs CPU Virtualization ------------------ - Run each Guest OS in non-privileged mode .. figure:: cpu-virt.svg "Hardware-Sensitive" Instructions --------------------------------- - Interact with protected hardware resources - Privileged Instructions (cannot be executed in user mode) - Critical Instructions (can be, but should not be executed by Guest OS) - Must be detected and faked by VMM - Dynamic Binary Translation of kernel code - Done once, saved in Translation Cache - Example: Vmware Privileged Instructions Virtualization -------------------------------------- - Only allowed in supervisor mode - Ex: **cli/sti** to mask/unmask interrupts on Intel x86 - When executed in non-privileged mode - CPU automatically detects a privilege violation - Triggers a “privilege-violation” exception - Caught by VMM which fakes the expected effect of the privileged instruction - Ex: **cli/sti** - VMM does not mask/unmask CPU interrupts - records « interrupt mask status » in context of VM Critical Instructions Virtualization (1) ---------------------------------------- - Hardware-sensitive instructions - Ex: Intel IA-32 pushf/popf:: pushf /* save EFLAG reg. to stack */ cli /* mask interrupts => clear EFLAG.IF */ ... popf /* restore EFLAG reg. => unmask interrupts */ - When executed in non-privileged mode - The cli instruction triggers an exception caught by VMM => VMM record interrupts masked for current VM - But no exception for popf => VMM not aware of Guest OS action (unmask interrupts) Critical Instructions Virtualization (2) ---------------------------------------- - Must be detected and emulated by VMM - VMM dynamically analyses Guest OS binary code to find critical instructions - VMM replaces critical instructions by a « trap » instruction to enter the VMM - VMM emulates expected effect of critical instruction, if any. Full Memory Virtualization -------------------------- - CPU include a Memory Management Unit (MMU) - Isolated memory addressing spaces - Independant of underlying physical memory layout - Run mutually protected applications in parallel - Virtual Memory managed by OS kernel - Provides a virtual address space to each process - 4 GB on most 32-bit architectures (Intel x86, PowerPC) - Manages virtual page → physical case mappings - Manages « swap » space to extend physical memory MMU & Virtual Address Space --------------------------- .. figure:: mmu1.svg Intel x86 MMU ------------- .. figure:: mmu2.svg Memory Virtualization (1) ------------------------- - Machine Physical Memory - Physical memory available on the machine - Guest OS Physical Memory - Part of machine memory assigned to a VM by VMM - ∑ Guest Physical Memory can be > Machine Memory - VMM uses « swap » space - Guest OS Virtual Memory - Guest OS manages virtual address spaces of its processes Memory Virtualization (2) ------------------------- - Guest OS manages Guest Physical Pages - Manages MMU with its own page entries - Translates Virtual Addresses into Guest Physical Addresses (GPA) - VMM transparently manages Machine Physical Pages - Guest Physical Address ≠ Machine Physical Address - VMM dynamically translates Guest Physical Pages into Machine Physical Pages Memory Virtualization (3) ------------------------- .. figure:: mem-virt.svg Memory Virtualization (4) ------------------------- - VMM maintains Shadow Page Tables - Copies of Guest OS translation tables - VMM catches updates operations of translation tables performed by a Guest OS - RW-protect all guest OS page tables - Emulates operation in shadow page table - Updates effective MMU page table entry, if needed Memory Virtualization (5) ------------------------- - PTE entries can be tagged with a context ID - Avoids to flush TLB when switching current address space upon scheduling of a new process - usually PTE tag = OS process identifier - Processes of different Guest OSes can be assigned the same Process ID - VMM must flush TLB when switching VMs Memory Virtualization (6) ------------------------- - VMM must respect Guest OS virtual page faults - Not map virtual pages unmapped by Guest OS - When Guest OS unmaps a virtual page: - VMM must delete the associated real-page/physical page mapping, if any. - Conversely, VMM can transparently: - Introduce & resolve real-page faults for Guest OSes - Share physical pages between Guest OS's - Pages with same content's (e.g. zero-ed pages) Memory Virtualization (7) ------------------------- - VMM can swap real pages of a VM - on "swap" space managed by VMM - VMM can dynamically distribute physical memory among VMs - Needs a specific support in Guest OS (Linux module) - VMM asks Guest OS to release memory - Guest OS self-allocates real pages - no more available for normal kernel allocation service - VMM assigns same amount of physical pages to other VM's Paravirtualization ================== Paravirtualization (1) ---------------------- - OS adaptation to avoid binary translation overhead - Requires access to OS source code - Include drivers of virtual devices - Examples: - Xen - User Mode Linux (UML) Paravirtualization (2) ---------------------- - Still run each Guest OS in non-privileged mode - But with minimal virtualization overhead - => Modified Guest OS kernel - Remove Hardware-Sensitive Instructions - Use fast VMM system calls instead, if needed - Minimise usage of Privileged Instructions - Only affect Machine/CPU dependant part of OS - OS portage on new architecture with same CPU - Without system ISA Paravirtualization (3) ---------------------- - Guest OS only use Virtual I/O Devices, in a cooperative way - Front-end driver in Guest OS - Back-end driver in VMM - VMM multiplex VM Virtual Devices on physical devices - Virtual Ethernet - Virtual Disks - Data transfer through I/O rings Virtual I/O Devices ------------------- .. figure:: virt-devices.svg Paravirtualization Example: Xen ------------------------------- - Objectives - Scalable, support more than 100 VM - Share resources of Server machines - Intel IA-32, x86-64, ARM, ... - Special first Guest OS called Domain 0 - Run in privileged mode - Have access (and manages) all physical devices - Modified version of Linux, FreeBSD Hardware-Assisted Virtualization ================================ Hardware Assisted Virtualization (1) ------------------------------------ - Support of Virtualization in Hardware - Run unmodified OS binaries - With minimal virtualization overhead - Simplify VMM development - Examples - KVM - VMware Hardware Assisted Virtualization (2) ------------------------------------ - CPU virtualization - AMD-V - Intel VT-x (x86), Intel VT-i (Itanium) architectures - ARM Cortex-A15 - MMU virtualization - Intel Extended Page Tables (EPT) - AMD Nested Page Tables (NPT) Hardware Assisted Virtualization (3) ------------------------------------ - DMA virtualization - IO-MMU (Intel VT-d) - I/O Device virtualization - Self-Virtualizing devices - Single Root I/O Virtualization and Sharing Specification (SR-IOV) - Extensions to PCIe (PCI Express) Bus standard Intel VT-x Architecture ----------------------- - Support unmodified Guest OS with no need for paravirtualization and/or binary code translation - Simplify VMM tasks & improve VMM performances - Minimize VMM memory footprint - Suppress shadowing of Guest OS page tables - Enable Guest OS to directly manage I/O devices - Without performance lost - While enforcing VM isolation and mutual protection Intel VT-x Architecture Overview -------------------------------- .. figure:: vt-x.svg Intel VT-x CPU Virtualization (1) --------------------------------- - Virtual Machine eXtension (VMX) - Two new meta-modes of CPU operation - VMX root mode - Behaviour similar to IA-32 without VT - Intended for VMM execution - VMX non-root mode - Alternative IA-32 execution environment - Controlled by a VMM - Designed to run unchanged Guest OS in a VM - Both modes support rings 0-3 privilege levels - Allow VMM to use several privilege levels Intel VT-x CPU Virtualization (2) --------------------------------- - Two additional CPU mode transitions - From VMX root-mode to VMX non-root mode - Named VM Enter (VMLaunch instruction) - From VMX non-root mode to VMX root mode - Named VM Exit (event) - VM entries & VM exits use a new data structure - Virtual Machine Control Structure (VMCS) per VM - Referenced with a memory physical address - Format and layout hidden - New VT-x instructions to access a VMCS Intel VT-x CPU Virtualization (3) --------------------------------- - Guest State Area - Saved value of registers before beeing changed by - VM Exits (e.g., Segment Registers, CR3, IDTR) - Hidden CPU state (e.g., CPU Interruptibility State) - Host State Area - VM Control Fields - Interrupt Virtualization - Exceptions bitmaps - I/O bitmaps - Model Specific Register R/W bitmaps - Execution rights for CPU Privileged Instructions Intel VT-x Interrupt Virtualization ----------------------------------- - VMCS External Interrupt Exiting - All external interrupts cause VM Exit - Guest OS cannot mask external interrupts when executing Interrupt Masking instructions - VMCS Interrupt Window Exiting - VM Exit occurs whenever Guest OS ready to serve external interrupts - Used by VMM to control VM interrupts Intel VT-x MMU Virtualization ----------------------------- - Extended Page Tables (EPT) - Second level of Page Tables in MMU - Translate Guest OS Physical Address into Machine Physical Address - Controlled by VMM - Virtual Processor IDentifier (VPID) - Used to tag TLB entries - Avoid to flush TLB upon VM switch Virtual Memory Virtualization ----------------------------- .. figure:: vt-x-mem.svg Intel VT-x Extended Page Tables (1) ----------------------------------- - VMM controls Extended Page Tables - EPT used in VMX non-root operation - Activated on VM Enter - Desactivated on VM exit - EPTP register points to Extended Page Tables - Instanciated by VMM - Saved in VMCS - Loaded from VMCS on VM entry Intel VT-x Extended Page Tables (2) ----------------------------------- .. figure:: vt-x-mmu.svg TLB Flush Issue --------------- .. figure:: tlb-flush-issue.svg Intel VT-x Virtual Processor Identifier --------------------------------------- - 16-bit VPID used to tag TLB entries - Enabled by VMM in VMCS - Unique VPID is assigned by VMM to each VM - VPID 0 reserved for VMM - Current VPID is 0x0000 when - Outside VMX operation - In VMX root mode operation - In VMX non-root mode if VPID disabled in VMCS - VPID loaded from VMCS on VM Enter DMA Virtualization (1) ---------------------- - Enable Guest OS to manage I/O devices - I/O devices assigned by VMM to Guest OSes - Transparent mode - Use native device driver of Guest OS - Unaware of physical memory Virtualization - Enforce isolation between Guest Oses - Guest OS only view hardware ressources assigned by VMM (memory, devices) DMA Principles -------------- .. figure:: dma.svg DMA Virtualization (2) ---------------------- .. figure:: dma-virt.svg DMA Virtualization Issue ------------------------ - Guest OS driver setup I/O registers of device with Guest Physical Address of I/O buffers - Guest Physical Address must be translated into its corresponding Machine Physical Address when used for DMA operations by device - GPA Translation cannot be done by VMM - VMM cannot catch device-specific driver operations to setup I/O buffers addresses Intel VT-d Protection Domains ----------------------------- - Intel VT-d provides DMA Protection Domains - Extension of IOMMU translation mechanism - Isolated context of a subset of the Machine Physical Memory (MPA) - Correspond to the portion of Machine Physical Memory allocated to a VM - I/O devices assigned by VMM to a DMA Protection Domain - Achieves DMA isolation by restricting memory view of I/O devices through DMA address translation Intel VT-d DMA Translation -------------------------- - VT-d hardware treats address specified in DMA request as DMA Virtual Address (DVA) - DVA = GPA of the VM to which the I/O device is assigned - VT-d translates the DVA into its corresponding Machine Physical Address - Support of multiple Protection Domains - DVA to MPA translation table per Protection Domain - Must identify the device issuing a DMA request VT-d PCI Express North Bridge ----------------------------- .. figure:: vt-d.svg PCI DMA Requester Identification -------------------------------- - Mapping between PCI Device and Protection Domains - 16-bit PCI DMA Requester Identifier .. figure:: dma-req-id.svg - Assigned by PCI configuration software - Bus # indexes Bus Context Table in Root Context Table - (Device #, Function #) indexes Device Protection Domain in Bus Context Table Device / Protection Domain Mapping ---------------------------------- .. figure:: device-domain-mapping.svg Virtual DMA Address Translation ------------------------------- - VDA ↔ MPA VT-d Page Tables similar to IA-32 processor Page Tables - 4KB or larger page size granularity - Read/Write permissions - Protection Domains managed by VMM - Initialized at VM creation time - With same translations of the VM Extended Page Table Device Virtualization --------------------- - Share I/O device among multiple VMs - With no performance lost - While enforcing VM isolation and protection - Move device virtualization from the VMM to the device itself - Requires support from the device - Example of Ethernet controllers Ethernet Device Virtualization ------------------------------ .. figure:: ethernet-dev-virt.svg Intel Single Root I/O Virtualization ------------------------------------ - SR-IOV capable PCI Device can be partitionned into multiple Virtual Functions - SR-IOV Device appears in PCI configuration space as multiple PCI Virtual Functions - Each Device Virtual Function includes - PCI configuration registers - DMA streams - Interrupts - Requires VT-d for DMA virtualization Intel SR-IOV (1) ---------------- - VMM manages physical PCI device - Create a PCI Virtual Function for each VM - Include it into VM PCI configuration space to be probed by VM GuestOS kernel - Map it to Protection Domain of VM - Programs the sharing of physical devices ressources between VFs - PCI Device Virtual Functions directly managed by specific VF-Aware GuestOS drivers (kind of Para-Virtualization) Intel SR-IOV (2) ---------------- .. figure:: eth-sr-iov.svg :width: 80% Intel SR-IOV - Ethernet example ------------------------------- - Intel Kawela (1GB) / Niantic (10GB) Ethernet NICs - Multiple RX/TX packet queues per port - Virtual Device Machine Queues - 1 RX paquet queue per VF - Filters multiple unicast Ethernet Addresses - Layer-2 paquet filtering based on Ethernet Destination Address - Duplicate Broadcast / Multicast packets for all VFs - Load balancing between TX paquets sent by VFs Virtualization and Embedded Systems =================================== Old Embedded Systems (1) ------------------------ - Relatively simple architecture - Single-purpose devices - Dominated by hardware constraints - Memory, battery charge - Dedicated functionalities, with moderated software size and complexity - Real-time constraints Old Embedded Systems (2) ------------------------ - Closed environment (« black boxes ») - Fixed hardware configuration - Full software provided by device vendor - No dynamic loading of applications - Software updates rareful Embedded Systems Now (1) ------------------------ - Take on features of general-purpose OS's - Growing functionalities => growing complexity and size - Run applications originally developed for PC's - Sophisticated Human Machine Interfaces (HMI) - Safari Web browser on iPhones - Dynamic loading of applications - Iphone - Google Android Embedded Systems Now (2) ------------------------ - Dynamically load device's owner specific applications - Games - Applications developped by engineers with no expertise in embedded systems - Java applications - Need for exchanges with external world - USB, Bluetooth, Wi-Fi - TCP/IP - Need for open API's, and openness in general - Need for high-level systems (Linux, Windows) Embedded Systems Challenges --------------------------- - Still Real-Time systems (part of it) - Baseband stack of mobile phones - Still hardware constraints - Battery - Memory (to minimize device's cost) - Also used in mission/life critical situations - Weapons - Cars - High requirements on reliability and security Mobile Handsets --------------- XXX - Run Android/Linux applications on baseband processor - Re-use existing legacy modem software stack with its RTOS (no changes) - Support of Linux at a minimal development cost - Operating System independence for future evolutions - Security & Protection through OS isolation :: HMI: Human-Machine-Interface PIM: Personal Information Virtualization in Embedded Systems (1) -------------------------------------- - Support for heterogeneous OS's environments - Real-time OS - Legacy software - Dedicated applications whose real-time constraints cannot be achieved by General-Purpose systems - Licence issues (« GPL contamination ») - General Purpose OS - Openness - HMI Virtualization in Embedded Systems (2) -------------------------------------- - Concurrent execution of RTOS and GP-OS on the same CPU - Reduces cost (Bill Of Material) - Requires the underlying VMM to provide - Memory isolation between OS's - CPU scheduling among OS's, with higher priority to the RTOS - Device partitionning - Communication mechanism between OS's Virtualization in Embedded Systems (3) -------------------------------------- - Leverage multi-cores support with virtual machine abstraction - 1 core per OS => no need for CPU scheduling - 2 low-performance cores consume less power than a single high performance CPU => simplify power management - New model of software distribution, shipping application with its own OS - No OS configuration/version incoherency Security Through Virtualization ------------------------------- - Notion of Trusted Computing Base (TCB) - Part of the system that provides security foundations - Should only include hardware and VMM - May also include RTOS, for performance/legacy reasons - Run GP OS in an isolated Virtual Machine - Avoid damaged GP OS to compromise the secure parts (data, services) of the system Embedded + Virtualization Challenges (1) ---------------------------------------- - Full isolation of VM's does not fit cooperation requirements between OS's - Efficient communication mechanisms between VM's - Global scheduling, with interleaved priorities - Global Energy Management Embedded + Virtualization Challenges (2) ---------------------------------------- - Efficient communication mechanisms between VM's - Virtual Ethernet device not adapted - Need VMM-controlled shared memory transfers - Example: Video streaming on a Smartphone - Video data received via the baseband managed by RTOS - Video data displayed by a Media Player running on GPOS - Avoid copy of video data transfered between the 2 OS's ! Task Scheduling Issues ---------------------- - Standard server-oriented Virtualization model - The VMM schedules VM's on the CPU - The OS on each VM runs its own scheduler - Interleaved priorities in Embedded Systems - Baseband task of RTOS with a high priority - But GPOS Media-Player must have a higher priority than some low-priority tasks of RTOS - Enable a VM to yield the CPU - Use a RT task as a proxy of GP OS application, and make it yield the CPU Multi-Users Devices ------------------- - Mobile phone has 3 types of users, each with specific private data to protect from the others - The person owning the device, with address book, emails, documents, etc. - Different wireless providers, for example private and professionnal: network access properly authenticated, ensure correct billing ! - Third-party service providers, for instance multimedia providers. - Owner and third-parties must be granted secure financial transactions Virtualization in Hardware -------------------------- - Only way to build a real TCB - Without penalizing performances - Should include support for - Memory Partitionning - Physical Memory / Machine Memory mapping - Coupled with multi-cores - Device Partitioning - Interrupt routing - I/O DMA coupled with memory partitioning & Physical Memory / Machine Memory mapping Conclusion / Evolution of Virtualization ======================================== Conclusion ---------- - Emulation : slow, multi-arch, simulates ISA (full machine) or ABI (process level) - Accelerated emulation : faster, code is executed natively, overhead for privilegied actions - Virtual servers : fast and scalable, but same OS and one kernel - Paravirtualization : fast, needs a modified OS - HW-assisted virtualization : solves most of the issues Evolutions of Virtualization ---------------------------- - Cloud computing - Big amount of data - Virtualization brings flexibility to data center - Operating systems in browsers ? - State of OS is stored remotely - Virtualization on desktops and small devices - Security (isolates work and personal area)