From: Olivier Matz Date: Thu, 31 Oct 2013 09:55:03 +0000 (+0100) Subject: first version X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=cbad4180b230dacd98df271aee1ad0cf66bd3081;p=slides-virt.git first version --- cbad4180b230dacd98df271aee1ad0cf66bd3081 diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..2cd293c --- /dev/null +++ b/Makefile @@ -0,0 +1,183 @@ +# Makefile for Sphinx documentation +# + +# You can set these variables from the command line. +SPHINXOPTS = +SPHINXBUILD = sphinx-build +PAPER = +BUILDDIR = _build + +# User-friendly check for sphinx-build +ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1) +$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/) +endif + +# Internal variables. +PAPEROPT_a4 = -D latex_paper_size=a4 +PAPEROPT_letter = -D latex_paper_size=letter +ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . +# the i18n builder cannot share the environment and doctrees with the others +I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . + +.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext + +help: + @echo "Please use \`make ' where is one of" + @echo " html to make standalone HTML files" + @echo " dirhtml to make HTML files named index.html in directories" + @echo " singlehtml to make a single large HTML file" + @echo " pickle to make pickle files" + @echo " json to make JSON files" + @echo " htmlhelp to make HTML files and a HTML help project" + @echo " qthelp to make HTML files and a qthelp project" + @echo " devhelp to make HTML files and a Devhelp project" + @echo " epub to make an epub" + @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" + @echo " latexpdf to make LaTeX files and run them through pdflatex" + @echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx" + @echo " text to make text files" + @echo " man to make manual pages" + @echo " texinfo to make Texinfo files" + @echo " info to make Texinfo files and run them through makeinfo" + @echo " gettext to make PO message catalogs" + @echo " changes to make an overview of all changed/added/deprecated items" + @echo " xml to make Docutils-native XML files" + @echo " pseudoxml to make pseudoxml-XML files for display purposes" + @echo " linkcheck to check all external links for integrity" + @echo " doctest to run all doctests embedded in the documentation (if enabled)" + +clean: + rm -rf $(BUILDDIR)/* + +html: + $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." + +dirhtml: + $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." + +singlehtml: + $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml + @echo + @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." + +pickle: + $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle + @echo + @echo "Build finished; now you can process the pickle files." + +json: + $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json + @echo + @echo "Build finished; now you can process the JSON files." + +htmlhelp: + $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp + @echo + @echo "Build finished; now you can run HTML Help Workshop with the" \ + ".hhp project file in $(BUILDDIR)/htmlhelp." + +qthelp: + $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp + @echo + @echo "Build finished; now you can run "qcollectiongenerator" with the" \ + ".qhcp project file in $(BUILDDIR)/qthelp, like this:" + @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/SystemVirtualizationandOSVirtualMachines.qhcp" + @echo "To view the help file:" + @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/SystemVirtualizationandOSVirtualMachines.qhc" + +devhelp: + $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp + @echo + @echo "Build finished." + @echo "To view the help file:" + @echo "# mkdir -p $$HOME/.local/share/devhelp/SystemVirtualizationandOSVirtualMachines" + @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/SystemVirtualizationandOSVirtualMachines" + @echo "# devhelp" + +epub: + $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub + @echo + @echo "Build finished. The epub file is in $(BUILDDIR)/epub." + +latex: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo + @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." + @echo "Run \`make' in that directory to run these through (pdf)latex" \ + "(use \`make latexpdf' here to do that automatically)." + +latexpdf: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through pdflatex..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +latexpdfja: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through platex and dvipdfmx..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf-ja + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +text: + $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text + @echo + @echo "Build finished. The text files are in $(BUILDDIR)/text." + +man: + $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man + @echo + @echo "Build finished. The manual pages are in $(BUILDDIR)/man." + +texinfo: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo + @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." + @echo "Run \`make' in that directory to run these through makeinfo" \ + "(use \`make info' here to do that automatically)." + +info: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo "Running Texinfo files through makeinfo..." + make -C $(BUILDDIR)/texinfo info + @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." + +gettext: + $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale + @echo + @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." + +changes: + $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes + @echo + @echo "The overview file is in $(BUILDDIR)/changes." + +linkcheck: + $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck + @echo + @echo "Link check complete; look for any errors in the above output " \ + "or in $(BUILDDIR)/linkcheck/output.txt." + +doctest: + $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest + @echo "Testing of doctests in the sources finished, look at the " \ + "results in $(BUILDDIR)/doctest/output.txt." + +xml: + $(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml + @echo + @echo "Build finished. The XML files are in $(BUILDDIR)/xml." + +pseudoxml: + $(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml + @echo + @echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml." + + +slides: + $(SPHINXBUILD) -b slides $(ALLSPHINXOPTS) $(BUILDDIR)/slides + @echo "Build finished. The HTML slides are in $(BUILDDIR)/slides." + diff --git a/_static/6wind-banner.png b/_static/6wind-banner.png new file mode 100644 index 0000000..d7a8643 Binary files /dev/null and b/_static/6wind-banner.png differ diff --git a/_static/custom.css b/_static/custom.css new file mode 100644 index 0000000..7443f7b --- /dev/null +++ b/_static/custom.css @@ -0,0 +1,57 @@ +.slides > article { + background: #FAF8FF url('6wind-banner.png') no-repeat left top; + background-size:100%; + padding: 80px 40px; + color: #404040; +} + +h1 { + color: #202080; +} + +h2 { + color: #202080; +} + +h3 { + color: #202080; + display: block; + text-align: right; + padding: 0px 0px 0px 0px; +} + +/* reduce font size of imbricated lists */ +ul ul { + font-size: 0.8em; +} + +/* center images */ +img { + display: block; + margin-left: auto; + margin-right: auto; +} + +/* bold is in red */ +strong { + color: #B00000; +} + +/* hacks for table of contents */ + +div.topic { + border: 0px; + margin: -70px 0px; + padding: 7px 40px 0px; +} +div.contents.topic { + font-size: 0.8em; +} +a.reference.internal { + text-decoration: none; + color: #404040; +} +p.topic-title { + color: #202080; + font-size: 0px; +} diff --git a/conf.py b/conf.py new file mode 100644 index 0000000..61e1a4b --- /dev/null +++ b/conf.py @@ -0,0 +1,332 @@ +# -*- coding: utf-8 -*- +# +# System Virtualization and OS Virtual Machines documentation build configuration file, created by +# sphinx-quickstart on Mon Oct 28 09:39:30 2013. +# +# This file is execfile()d with the current directory set to its containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. + +import sys, os + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +#sys.path.insert(0, os.path.abspath('.')) + +# -- General configuration ----------------------------------------------------- + +# If your documentation needs a minimal Sphinx version, state it here. +#needs_sphinx = '1.0' + +# Add any Sphinx extension module names here, as strings. They can be extensions +# coming with Sphinx (named 'sphinx.ext.*') or your custom ones. +extensions = ['sphinx.ext.doctest', 'sphinx.ext.intersphinx', 'sphinx.ext.todo', 'sphinx.ext.coverage', 'sphinx.ext.pngmath', 'sphinx.ext.ifconfig'] + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The suffix of source filenames. +source_suffix = '.rst' + +# The encoding of source files. +#source_encoding = 'utf-8-sig' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +project = u'System Virtualization and OS Virtual Machines' +copyright = u'2013, Ivan Boule, Olivier Matz' + +# The version info for the project you're documenting, acts as replacement for +# |version| and |release|, also used in various other places throughout the +# built documents. +# +# The short X.Y version. +version = '2013.10.28' +# The full version, including alpha/beta/rc tags. +release = '2013.10.28' + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +#language = None + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +#today = '' +# Else, today_fmt is used as the format for a strftime call. +#today_fmt = '%B %d, %Y' + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +exclude_patterns = ['_build'] + +# The reST default role (used for this markup: `text`) to use for all documents. +#default_role = None + +# If true, '()' will be appended to :func: etc. cross-reference text. +#add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +#add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +#show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# A list of ignored prefixes for module index sorting. +#modindex_common_prefix = [] + +# If true, keep warnings as "system message" paragraphs in the built documents. +#keep_warnings = False + + +# -- Options for HTML output --------------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +html_theme = 'default' + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +#html_theme_options = {} + +# Add any paths that contain custom themes here, relative to this directory. +#html_theme_path = [] + +# The name for this set of Sphinx documents. If None, it defaults to +# " v documentation". +#html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +#html_short_title = None + +# The name of an image file (relative to this directory) to place at the top +# of the sidebar. +#html_logo = None + +# The name of an image file (within the static path) to use as favicon of the +# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +#html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['_static'] + +# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, +# using the given strftime format. +#html_last_updated_fmt = '%b %d, %Y' + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +#html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +#html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +#html_additional_pages = {} + +# If false, no module index is generated. +#html_domain_indices = True + +# If false, no index is generated. +#html_use_index = True + +# If true, the index is split into individual pages for each letter. +#html_split_index = False + +# If true, links to the reST sources are added to the pages. +#html_show_sourcelink = True + +# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. +#html_show_sphinx = True + +# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. +#html_show_copyright = True + +# If true, an OpenSearch description file will be output, and all pages will +# contain a tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +#html_use_opensearch = '' + +# This is the file name suffix for HTML files (e.g. ".xhtml"). +#html_file_suffix = None + +# Output file base name for HTML help builder. +htmlhelp_basename = 'SystemVirtualizationandOSVirtualMachinesdoc' + + +# -- Options for LaTeX output -------------------------------------------------- + +latex_elements = { +# The paper size ('letterpaper' or 'a4paper'). +#'papersize': 'letterpaper', + +# The font size ('10pt', '11pt' or '12pt'). +#'pointsize': '10pt', + +# Additional stuff for the LaTeX preamble. +#'preamble': '', +} + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, author, documentclass [howto/manual]). +latex_documents = [ + ('index', 'SystemVirtualizationandOSVirtualMachines.tex', u'System Virtualization and OS Virtual Machines Documentation', + u'Ivan Boule, Olivier Matz', 'manual'), +] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +#latex_logo = None + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +#latex_use_parts = False + +# If true, show page references after internal links. +#latex_show_pagerefs = False + +# If true, show URL addresses after external links. +#latex_show_urls = False + +# Documents to append as an appendix to all manuals. +#latex_appendices = [] + +# If false, no module index is generated. +#latex_domain_indices = True + + +# -- Options for manual page output -------------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [ + ('index', 'systemvirtualizationandosvirtualmachines', u'System Virtualization and OS Virtual Machines Documentation', + [u'Ivan Boule, Olivier Matz'], 1) +] + +# If true, show URL addresses after external links. +#man_show_urls = False + + +# -- Options for Texinfo output ------------------------------------------------ + +# Grouping the document tree into Texinfo files. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [ + ('index', 'SystemVirtualizationandOSVirtualMachines', u'System Virtualization and OS Virtual Machines Documentation', + u'Ivan Boule, Olivier Matz', 'SystemVirtualizationandOSVirtualMachines', 'One line description of project.', + 'Miscellaneous'), +] + +# Documents to append as an appendix to all manuals. +#texinfo_appendices = [] + +# If false, no module index is generated. +#texinfo_domain_indices = True + +# How to display URL addresses: 'footnote', 'no', or 'inline'. +#texinfo_show_urls = 'footnote' + +# If true, do not generate a @detailmenu in the "Top" node's menu. +#texinfo_no_detailmenu = False + + +# -- Hieroglyph Slide Configuration ------------ + +extensions += [ + 'hieroglyph', +] + +slide_theme = 'slides' +slide_levels = 3 +slide_numbers = True + +# Place custom static assets in the _static directory and uncomment +# the following lines to include them + +slide_theme_options = { + 'custom_css': 'custom.css', +# 'custom_js': 'custom.js', +} + +# ---------------------------------------------- + + + +# -- Options for Epub output --------------------------------------------------- + +# Bibliographic Dublin Core info. +epub_title = u'System Virtualization and OS Virtual Machines' +epub_author = u'Ivan Boule, Olivier Matz' +epub_publisher = u'Ivan Boule, Olivier Matz' +epub_copyright = u'2013, Ivan Boule, Olivier Matz' + +# The language of the text. It defaults to the language option +# or en if the language is not set. +#epub_language = '' + +# The scheme of the identifier. Typical schemes are ISBN or URL. +#epub_scheme = '' + +# The unique identifier of the text. This can be a ISBN number +# or the project homepage. +#epub_identifier = '' + +# A unique identification for the text. +#epub_uid = '' + +# A tuple containing the cover image and cover page html template filenames. +#epub_cover = () + +# A sequence of (type, uri, title) tuples for the guide element of content.opf. +#epub_guide = () + +# HTML files that should be inserted before the pages created by sphinx. +# The format is a list of tuples containing the path and title. +#epub_pre_files = [] + +# HTML files shat should be inserted after the pages created by sphinx. +# The format is a list of tuples containing the path and title. +#epub_post_files = [] + +# A list of files that should not be packed into the epub file. +#epub_exclude_files = [] + +# The depth of the table of contents in toc.ncx. +#epub_tocdepth = 3 + +# Allow duplicate toc entries. +#epub_tocdup = True + +# Fix unsupported image types using the PIL. +#epub_fix_images = False + +# Scale large images. +#epub_max_image_width = 0 + +# If 'no', URL addresses will not be shown. +#epub_show_urls = 'inline' + +# If false, no index is generated. +#epub_use_index = True + + +# Example configuration for intersphinx: refer to the Python standard library. +intersphinx_mapping = {'http://docs.python.org/': None} diff --git a/cpu-virt.svg b/cpu-virt.svg new file mode 100644 index 0000000..e3922cf --- /dev/null +++ b/cpu-virt.svg @@ -0,0 +1,462 @@ + +image/svg+xmlApplications +Guest OS +Applications +Guest OS +Applications +Guest OS +VM0 +VM1 +VM2 +Virtual Machine Monitor (VMM) +Ring 0 +Ring 3 + \ No newline at end of file diff --git a/device-domain-mapping.svg b/device-domain-mapping.svg new file mode 100644 index 0000000..1678047 --- /dev/null +++ b/device-domain-mapping.svg @@ -0,0 +1,426 @@ + +image/svg+xmlDev 0, Func 0Dev 0, Func 1 +Bus 0 +Bus N +VDA ↔ MPATranslationTables +ProtectionDomain 0 +Dev 0, Func 0Dev 0, Func 1 +Dev 31, Func 7 +Dev 31, Func 7 +VDA ↔ MPATranslationTables +ProtectionDomain 1 +Context Tableof Bus 0 +Context Tableof Bus N +Bus 255 +Root ContextTable + \ No newline at end of file diff --git a/dma-req-id.svg b/dma-req-id.svg new file mode 100644 index 0000000..c2f7a02 --- /dev/null +++ b/dma-req-id.svg @@ -0,0 +1,229 @@ + +image/svg+xml15 +8 +7 +3 +2 +0 +PCI Bus # +Device # +Function # + \ No newline at end of file diff --git a/dma-virt.svg b/dma-virt.svg new file mode 100644 index 0000000..c668552 --- /dev/null +++ b/dma-virt.svg @@ -0,0 +1,872 @@ + +image/svg+xmlVM1 +VM2 +VM3 +Applications +Guest OS +Applications +Applications +Guest OS +Guest OS +IsolationDomain +VMM +Machine PhysicalMemory +Device 1 +Device 2 + \ No newline at end of file diff --git a/dma.svg b/dma.svg new file mode 100644 index 0000000..43704e2 --- /dev/null +++ b/dma.svg @@ -0,0 +1,408 @@ + +image/svg+xmlCPU +SystemBUS +BUSController +Memory +Device 1 +Device 2 +Device 3 +DMARequest +I/O Bus (PCI) + \ No newline at end of file diff --git a/ethernet-dev-virt.svg b/ethernet-dev-virt.svg new file mode 100644 index 0000000..1723281 --- /dev/null +++ b/ethernet-dev-virt.svg @@ -0,0 +1,524 @@ + +image/svg+xmlLAN +VM1 +VM2 +Guest OS 1 +Guest OS 2 +vNIC Driver +vNIC Driver +VMM +pNIC Driver +VirtualFunction +VirtualFunction +LAN + \ No newline at end of file diff --git a/high-thput1.jpg b/high-thput1.jpg new file mode 100644 index 0000000..64fa83d Binary files /dev/null and b/high-thput1.jpg differ diff --git a/high-thput2.jpg b/high-thput2.jpg new file mode 100644 index 0000000..3eb90b9 Binary files /dev/null and b/high-thput2.jpg differ diff --git a/hosted.svg b/hosted.svg new file mode 100644 index 0000000..373e88a --- /dev/null +++ b/hosted.svg @@ -0,0 +1,401 @@ + +image/svg+xmlHardware +Native OS +VMM +Guest OS +Applications +VMM +Guest OS +Applications +VMM +Guest OS +Applications + \ No newline at end of file diff --git a/index.rst b/index.rst new file mode 100644 index 0000000..f8603ad --- /dev/null +++ b/index.rst @@ -0,0 +1,1384 @@ + +.. System Virtualization and OS Virtual Machines slides file, created by + hieroglyph-quickstart on Mon Oct 28 09:39:30 2013. + +============================================= +System Virtualization and OS Virtual Machines +============================================= + +:Date: 2013-10-29 +:Authors: Ivan Boule, Olivier Matz + +Plan +==== + +Contents +-------- + +.. contents:: + :depth: 2 + :backlinks: none + +History +======= + +History of Virtual Machines +--------------------------- + +- VM introduced in the sixties on IBM/370 series + +- Co-Designed VM: IBM AS/400 + + - High level ISA including I/Os + - Proprietary CISC → PowerPC + +- Application VMs + + - Sun Java, Microsoft Common Language Infrastructure + +- OS VMs + + - VMware (virtualized PC on x86) + - Virtual PC (PC emulation on Mac OS/PowerPC) + - Many others : Bochs, VirtualBox, Qemu, ... + +Virtualization Usages +===================== + +System Virtualization Principles +-------------------------------- + +- Run multiple OS's on the same machine + +- By design, an OS assumes to have full control over all physical + resources of the machine + +- Manage sharing/partitioning of machine resources between Guest OS's + + - CPU + - Physical memory & MMU + - I/O devices + +Goals of System Virtualization +------------------------------ + +- Reduction of Total Cost of Ownership (TCO) + + - Increase utilisation of server resources + +- Reduction of Total Cost of Functioning + + - Energy consumption + - Cooling + - Occupied Space + +- Hardware Consolidation + +- Reduction of Build Of Material (BOM) for high-volume low-end + products + +- Isolation of OS for security purposes + + +Virtualization in high-throughput network equipments +---------------------------------------------------- + +.. figure:: high-thput1.jpg + +.. figure:: high-thput2.jpg + +Virtualization in Multimedia devices +------------------------------------ + +- Reduction of Build Of Material (BOM) for high-volume low-end + products + + - No need for a general purpose processor + + - 20 to 25 % BOM reduction + + - Run Linux together with OS supporting Codecs on a single TI DSP + + - Leverage Linux environment + + - Reuse existing DSP software + +XXX 2 images + +Usages of Virtual Machines +-------------------------- + +- Server virtualization + + - Web sites hosting + +- OS partitionning + + - Time sharing + - Security + +- OS/kernel education & training + + - OS fault recovery + - OS kernel development + - Test machine = development host + +- Keep backward compatibility of legacy software + +- Run applications not supported by host OS + +Recovery Servers +---------------- + +.. figure:: recovery.png + + +Multi-Core CPU Issues (1) +------------------------- + +- CPU power gain + + - No more achieved through Frequency/Speed increase + - But obtained with higher density & multi-core chips + +- Many RTOS designed with mono-processor assumption + + - Adding multi-processor support is complex & costly + - Scaling requires time, at best... + +- Legacy RT applications also designed for mono-processor + + - Adaptation to multi-pro even more difficult than RTOS + +Multi-Core CPU Issues (2) +------------------------- + +- OS virtualization allows to run simultaneously on a multi-cores CPU + multiple instances of mono-processor OS's + +- Each OS instance is run in a mono-processor + +- Virtual Machine assigned to a single CPU core + +- No need to change legacy software + +- Scalability managed at virtualization level + +Virtualization Taxonomy +======================= + +Machines Interfaces +------------------- + +.. figure:: isa-abi.svg + +- ISA = Instruction Set Architecture + + - System level interface + - All CPU instructions, memory architecture, I/O + +- ABI = Application Binary Interface + + - Process level interface + - User-level non privileged ISA instructions + OS systems 14 calls + +Virtualization Taxonomy +----------------------- + +- Process level virtualization + + - Emulation of Operating System ABI + - Emulation of OS ABI, cross-architecture + - Virtual Servers + +- System level virtualization + +- Standalone / Hosted Virtualization +- Machine Emulation / Machine Virtualization + +Hosted versus Standalone Virtualization +--------------------------------------- + +- Hosted Virtualization + + - Hosted VM Monitor (VMM) runs on top of native OS + - VMware WKS, Microsoft VirtualPC, QEMU/KVM, UML + +- Standalone Virtualization + + - VMM directly runs on bare hardware + - VMware ESX, IBM/VM, Xen + +- OS run in a VM is named a Guest OS + +Hosted Virtualization +--------------------- + +.. figure:: hosted.svg + +Example: VMware Workstation +---------------------------- + +.. figure:: vmware-wks.png + +- Hosted VM +- Unmodified OSes +- Specific device drivers +- x86 only +- Guest OS executed in user mode + +Standalone Virtualization +------------------------- + +.. figure:: standalone.svg + +Example: VMware ESX +------------------- + +- Standalone VMM +- Supports unmodified OS binaries + + - Configuration with appropriate device drivers + +- x86 only +- No Intel-VT +- Guest OS +- runs in user mode + +Process Level Virtualization +============================ + +Process level ABI Emulation +--------------------------- + +- Goal: execute binary applications of a given system **X** on the ABI of + another system **Y** + +- Emulate system **X** ABI on top of system **Y** ABI + + - Emulation done by application-level code + +- System **Y** must provide services equivalent to those of system + **X** (file system, sockets, etc...) + +Process Level (ABI) Emulators +----------------------------- + +- Wine - Windows Emulator on Unix/Linux + + - Windows API in userland + - Adobe Photoshop, Google Picasa, ... + +- Cygwin + + - Unix emulation on Windows + - POSIX library + - Bash shell + many Unix commands + - GNU development tool chain (gcc, gdb) + - X Window, GNOME, Apache, sshd, ... + +Process Level Cross-architecture Emulators +------------------------------------------ + +- Emulate the Operating System ABI + + - Emulated OS and native OS are the same (ex: both are linux) + - Emulated arch is different than native architecture (ex: x86 and + powerpc) + +- Example: qemu-user:: + + $ gcc hello.c + $ ./a.out + hello + + $ powerpc-linux-gnu-gcc -static hello.c + $ ./a.out + bash: ./a.out: cannot execute binary file + $ qemu-ppc ./a.out + hello + +Virtual Servers (1) +------------------- + +- Single OS kernel / Multiple resource instances + +- Isolated kernel execution environments + + - Root file system + - Network: Routing table, IP tables, interfaces... + - Process for signals + +- Solaris 10 Containers +- LXC, Linux-VServer, openVZ +- FreeBSD Jail + +Virtual Servers (2) +------------------- + +.. figure:: virtual-servers.svg + +Virtual Servers (3) +------------------- + +- Pro's + + - CPU independent + - Lightweight + + - Low memory footprint + - Low CPU overhead + + - Scalable + +- Con's + + - No OS heterogeneity (no GPOS/RTOS combination) + - Single OS binary instance (common point of failure) + +Transparent Hardware Emulation +============================== + +Transparent Hardware Emulation (1) +---------------------------------- + +- Run unmodified OS binaries + +- Includes emulation of physical devices + +- Cross ISA Emulation + + - qemu-system + +- Same ISA Emulation + + - VirtualBox (Intel x86) + +Transparent Hardware Emulation (2) +---------------------------------- + +- Emulate machine X on top of machine Y + +- Interpretation + + - 1 instruction of X executed by N instructions of Y + - Huge slow down method + +- Dynamic Binary Translation + + - Convert blocs of X instructions in Y instructions + +- Application-level emulator runs on a native OS +- One VM running a single Guest OS + +QEMU Architecture +----------------- + +.. figure:: qemu.svg + +QEMU: Hosted Hardware Emulator +------------------------------ + +- Cross ISA Emulation + + - Emulate machine X on top of machine Y + +- Interpretation + translation + +- Intel x86, PowerPC, ARM, Sparc architectures + +- Emulation of SMP architectures + +- Emulates physical I/O devices + + - Hard Disk drives, CD-ROM, network controllers, USB controllers, ... + - Synchronous emulation of device I/O operations + +Transparent Hardware Virtualization +=================================== + +Transparent Hardware Virtualization +----------------------------------- + +- Guest and host architectures are the same + +- Execute native/unmodified OS binary images + +- Provide in each VM a complete simulation of hardware + + - Full CPU instruction set + - Interrupts, exceptions + - Memory access and MMU + - I/O devices + +- Share machine resources among multiple VMs + +Full CPU Virtualization (1) +--------------------------- + +- Present same functional CPU to all Guest OSes + +- VMM manages a CPU context for each VM + + - saved copy of CPU registers + - representation of software-emulated CPU context + +- VMM shares physical CPUs among all VMs + + - VMM includes a VM scheduler + + - round-robin + - priority-based + +Full CPU Virtualization (2) +--------------------------- + +- Relationships between a VMM and VMs similar to relationships between + native OS and applications + + - Guarantee mutual isolation between all VMs + - Protect VMM from all VMs + +- Directly execute native binary images of Guest OS's in + non-privileged mode + +- VMM emulates access to protected resources performed by Guest OSs + +CPU Virtualization +------------------ + +- Run each Guest OS in non-privileged mode + +.. figure:: cpu-virt.svg + +"Hardware-Sensitive" Instructions +--------------------------------- + +- Interact with protected hardware resources + + - Privileged Instructions (cannot be executed in user mode) + - Critical Instructions (can be, but should not be executed by Guest OS) + +- Must be detected and faked by VMM + +- Dynamic Binary Translation of kernel code + + - Done once, saved in Translation Cache + - Example: Vmware + +Privileged Instructions Virtualization +-------------------------------------- + +- Only allowed in supervisor mode + + - Ex: **cli/sti** to mask/unmask interrupts on Intel x86 + +- When executed in non-privileged mode + + - CPU automatically detects a privilege violation + - Triggers a “privilege-violation” exception + +- Caught by VMM which fakes the expected effect of the privileged + instruction + + - Ex: **cli/sti** + + - VMM does not mask/unmask CPU interrupts + - records « interrupt mask status » in context of VM + +Critical Instructions Virtualization (1) +---------------------------------------- + +- Hardware-sensitive instructions + +- Ex: Intel IA-32 pushf/popf:: + + pushf /* save EFLAG reg. to stack */ + cli /* mask interrupts => clear EFLAG.IF */ + ... + popf /* restore EFLAG reg. => unmask interrupts */ + +- When executed in non-privileged mode + + - The cli instruction triggers an exception caught by VMM => VMM + record interrupts masked for current VM + + - But no exception for popf => VMM not aware of Guest OS action + (unmask interrupts) + +Critical Instructions Virtualization (2) +---------------------------------------- + +- Must be detected and emulated by VMM + +- VMM dynamically analyses Guest OS binary code to find critical instructions + +- VMM replaces critical instructions by a « trap » instruction to enter the VMM + +- VMM emulates expected effect of critical instruction, if any. + +Full Memory Virtualization +-------------------------- + +- CPU include a Memory Management Unit (MMU) + + - Isolated memory addressing spaces + - Independant of underlying physical memory layout + - Run mutually protected applications in parallel + +- Virtual Memory managed by OS kernel + + - Provides a virtual address space to each process + + - 4 GB on most 32-bit architectures (Intel x86, PowerPC) + + - Manages virtual page → physical case mappings + - Manages « swap » space to extend physical memory + +MMU & Virtual Address Space +--------------------------- + +.. figure:: mmu1.svg + +Intel x86 MMU +------------- + +.. figure:: mmu2.svg + +Memory Virtualization (1) +------------------------- + +- Machine Physical Memory + + - Physical memory available on the machine + +- Guest OS Physical Memory + + - Part of machine memory assigned to a VM by VMM + + - ∑ Guest Physical Memory can be > Machine Memory + + - VMM uses « swap » space + +- Guest OS Virtual Memory + + - Guest OS manages virtual address spaces of its processes + +Memory Virtualization (2) +------------------------- + +- Guest OS manages Guest Physical Pages + + - Manages MMU with its own page entries + - Translates Virtual Addresses into Guest Physical Addresses (GPA) + +- VMM transparently manages Machine Physical Pages + + - Guest Physical Address ≠ Machine Physical Address + - VMM dynamically translates Guest Physical Pages into Machine + Physical Pages + +Memory Virtualization (3) +------------------------- + +.. figure:: mem-virt.svg + +Memory Virtualization (4) +------------------------- + +- VMM maintains Shadow Page Tables + + - Copies of Guest OS translation tables + +- VMM catches updates operations of translation tables performed by a + Guest OS + + - RW-protect all guest OS page tables + - Emulates operation in shadow page table + - Updates effective MMU page table entry, if needed + +Memory Virtualization (5) +------------------------- + +- PTE entries can be tagged with a context ID + + - Avoids to flush TLB when switching current address space upon + scheduling of a new process + + - usually PTE tag = OS process identifier + +- Processes of different Guest OSes can be assigned the same Process + ID + + - VMM must flush TLB when switching VMs + +Memory Virtualization (6) +------------------------- + +- VMM must respect Guest OS virtual page faults + + - Not map virtual pages unmapped by Guest OS + - When Guest OS unmaps a virtual page: + + - VMM must delete the associated real-page/physical page + mapping, if any. + +- Conversely, VMM can transparently: + + - Introduce & resolve real-page faults for Guest OSes + - Share physical pages between Guest OS's + + - Pages with same content's (e.g. zero-ed pages) + +Memory Virtualization (7) +------------------------- + +- VMM can swap real pages of a VM + + - on "swap" space managed by VMM + +- VMM can dynamically distribute physical memory among VMs + + - Needs a specific support in Guest OS (Linux module) + + - VMM asks Guest OS to release memory + + - Guest OS self-allocates real pages + - no more available for normal kernel allocation service + - VMM assigns same amount of physical pages to other VM's + +Paravirtualization +================== + +Paravirtualization (1) +---------------------- + +- OS adaptation to avoid binary translation overhead +- Requires access to OS source code +- Include drivers of virtual devices +- Examples: + + - Xen + - User Mode Linux (UML) + +Paravirtualization (2) +---------------------- + +- Still run each Guest OS in non-privileged mode + +- But with minimal virtualization overhead + +- => Modified Guest OS kernel + + - Remove Hardware-Sensitive Instructions + + - Use fast VMM system calls instead, if needed + + - Minimise usage of Privileged Instructions + +- Only affect Machine/CPU dependant part of OS + +- OS portage on new architecture with same CPU + + - Without system ISA + +Paravirtualization (3) +---------------------- + +- Guest OS only use Virtual I/O Devices, in a cooperative way + + - Front-end driver in Guest OS + - Back-end driver in VMM + +- VMM multiplex VM Virtual Devices on physical devices + + - Virtual Ethernet + - Virtual Disks + +- Data transfer through I/O rings + +Virtual I/O Devices +------------------- + +.. figure:: virt-devices.svg + +Paravirtualization Example: Xen +------------------------------- + +- Objectives + + - Scalable, support more than 100 VM + - Share resources of Server machines + +- Intel IA-32, x86-64, ARM, ... + +- Special first Guest OS called Domain 0 + + - Run in privileged mode + - Have access (and manages) all physical devices + - Modified version of Linux, FreeBSD + +Hardware-Assisted Virtualization +================================ + +Hardware Assisted Virtualization (1) +------------------------------------ + +- Support of Virtualization in Hardware +- Run unmodified OS binaries +- With minimal virtualization overhead +- Simplify VMM development +- Examples + + - KVM + - VMware + +Hardware Assisted Virtualization (2) +------------------------------------ + +- CPU virtualization + + - AMD-V + - Intel VT-x (x86), Intel VT-i (Itanium) architectures + - ARM Cortex-A15 + +- MMU virtualization + + - Intel Extended Page Tables (EPT) + - AMD Nested Page Tables (NPT) + +Hardware Assisted Virtualization (3) +------------------------------------ + +- DMA virtualization + + - IO-MMU (Intel VT-d) + +- I/O Device virtualization + + - Self-Virtualizing devices + - Single Root I/O Virtualization and Sharing Specification (SR-IOV) + - Extensions to PCIe (PCI Express) Bus standard + +Intel VT-x Architecture +----------------------- + +- Support unmodified Guest OS with no need for paravirtualization + and/or binary code translation + +- Simplify VMM tasks & improve VMM performances + +- Minimize VMM memory footprint + + - Suppress shadowing of Guest OS page tables + +- Enable Guest OS to directly manage I/O devices + + - Without performance lost + - While enforcing VM isolation and mutual protection + +Intel VT-x Architecture Overview +-------------------------------- + +.. figure:: vt-x.svg + +Intel VT-x CPU Virtualization (1) +--------------------------------- + +- Virtual Machine eXtension (VMX) + + - Two new meta-modes of CPU operation + +- VMX root mode + + - Behaviour similar to IA-32 without VT + - Intended for VMM execution + +- VMX non-root mode + + - Alternative IA-32 execution environment + - Controlled by a VMM + - Designed to run unchanged Guest OS in a VM + +- Both modes support rings 0-3 privilege levels + + - Allow VMM to use several privilege levels + +Intel VT-x CPU Virtualization (2) +--------------------------------- + +- Two additional CPU mode transitions + +- From VMX root-mode to VMX non-root mode + + - Named VM Enter (VMLaunch instruction) + +- From VMX non-root mode to VMX root mode + + - Named VM Exit (event) + +- VM entries & VM exits use a new data structure + + - Virtual Machine Control Structure (VMCS) per VM + - Referenced with a memory physical address + - Format and layout hidden + - New VT-x instructions to access a VMCS + +Intel VT-x CPU Virtualization (3) +--------------------------------- + +- Guest State Area + + - Saved value of registers before beeing changed by + - VM Exits (e.g., Segment Registers, CR3, IDTR) + +- Hidden CPU state (e.g., CPU Interruptibility State) + +- Host State Area + + - VM Control Fields + - Interrupt Virtualization + - Exceptions bitmaps + - I/O bitmaps + - Model Specific Register R/W bitmaps + - Execution rights for CPU Privileged Instructions + + +Intel VT-x Interrupt Virtualization +----------------------------------- + +- VMCS External Interrupt Exiting + + - All external interrupts cause VM Exit + - Guest OS cannot mask external interrupts when executing Interrupt + Masking instructions + +- VMCS Interrupt Window Exiting + + - VM Exit occurs whenever Guest OS ready to serve external interrupts + +- Used by VMM to control VM interrupts + +Intel VT-x MMU Virtualization +----------------------------- + +- Extended Page Tables (EPT) + + - Second level of Page Tables in MMU + - Translate Guest OS Physical Address into Machine Physical Address + - Controlled by VMM + +- Virtual Processor IDentifier (VPID) + + - Used to tag TLB entries + - Avoid to flush TLB upon VM switch + +Virtual Memory Virtualization +----------------------------- + +.. figure:: vt-x-mem.svg + +Intel VT-x Extended Page Tables (1) +----------------------------------- + +- VMM controls Extended Page Tables + +- EPT used in VMX non-root operation + + - Activated on VM Enter + - Desactivated on VM exit + +- EPTP register points to Extended Page Tables + + - Instanciated by VMM + - Saved in VMCS + - Loaded from VMCS on VM entry + + +Intel VT-x Extended Page Tables (2) +----------------------------------- + +.. figure:: vt-x-mmu.svg + +TLB Flush Issue +--------------- + +.. figure:: tlb-flush-issue.svg + +Intel VT-x Virtual Processor Identifier +--------------------------------------- + +- 16-bit VPID used to tag TLB entries + + - Enabled by VMM in VMCS + - Unique VPID is assigned by VMM to each VM + - VPID 0 reserved for VMM + +- Current VPID is 0x0000 when + + - Outside VMX operation + - In VMX root mode operation + - In VMX non-root mode if VPID disabled in VMCS + +- VPID loaded from VMCS on VM Enter + +DMA Virtualization (1) +---------------------- + +- Enable Guest OS to manage I/O devices + + - I/O devices assigned by VMM to Guest OSes + +- Transparent mode + + - Use native device driver of Guest OS + - Unaware of physical memory Virtualization + +- Enforce isolation between Guest Oses + + - Guest OS only view hardware ressources assigned by VMM (memory, + devices) + +DMA Principles +-------------- + +.. figure:: dma.svg + +DMA Virtualization (2) +---------------------- + +.. figure:: dma-virt.svg + +DMA Virtualization Issue +------------------------ + +- Guest OS driver setup I/O registers of device with Guest Physical + Address of I/O buffers + +- Guest Physical Address must be translated into its corresponding + Machine Physical Address when used for DMA operations by device + +- GPA Translation cannot be done by VMM + + - VMM cannot catch device-specific driver operations to setup I/O + buffers addresses + +Intel VT-d Protection Domains +----------------------------- + +- Intel VT-d provides DMA Protection Domains + + - Extension of IOMMU translation mechanism + - Isolated context of a subset of the Machine Physical Memory (MPA) + - Correspond to the portion of Machine Physical Memory allocated to + a VM + +- I/O devices assigned by VMM to a DMA Protection Domain + + - Achieves DMA isolation by restricting memory view of I/O devices + through DMA address translation + +Intel VT-d DMA Translation +-------------------------- + +- VT-d hardware treats address specified in DMA request as DMA Virtual + Address (DVA) + +- DVA = GPA of the VM to which the I/O device is assigned + +- VT-d translates the DVA into its corresponding Machine Physical + Address + +- Support of multiple Protection Domains + + - DVA to MPA translation table per Protection Domain + - Must identify the device issuing a DMA request + +VT-d PCI Express North Bridge +----------------------------- + +.. figure:: vt-d.svg + +PCI DMA Requester Identification +-------------------------------- + +- Mapping between PCI Device and Protection Domains +- 16-bit PCI DMA Requester Identifier + + .. figure:: dma-req-id.svg + +- Assigned by PCI configuration software +- Bus # indexes Bus Context Table in Root Context Table +- (Device #, Function #) indexes Device Protection Domain in Bus + Context Table + +Device / Protection Domain Mapping +---------------------------------- + +.. figure:: device-domain-mapping.svg + +Virtual DMA Address Translation +------------------------------- + +- VDA ↔ MPA VT-d Page Tables similar to IA-32 processor Page Tables + +- 4KB or larger page size granularity + +- Read/Write permissions + +- Protection Domains managed by VMM + + - Initialized at VM creation time + - With same translations of the VM Extended Page Table + +Device Virtualization +--------------------- + +- Share I/O device among multiple VMs + + - With no performance lost + - While enforcing VM isolation and protection + +- Move device virtualization from the VMM to the device itself + +- Requires support from the device + +- Example of Ethernet controllers + +Ethernet Device Virtualization +------------------------------ + +.. figure:: ethernet-dev-virt.svg + +Intel Single Root I/O Virtualization +------------------------------------ + +- SR-IOV capable PCI Device can be partitionned into multiple Virtual + Functions + +- SR-IOV Device appears in PCI configuration space as multiple PCI + Virtual Functions + +- Each Device Virtual Function includes + + - PCI configuration registers + - DMA streams + - Interrupts + +- Requires VT-d for DMA virtualization + +Intel SR-IOV (1) +---------------- + +- VMM manages physical PCI device + +- Create a PCI Virtual Function for each VM + + - Include it into VM PCI configuration space to be probed by VM + GuestOS kernel + - Map it to Protection Domain of VM + +- Programs the sharing of physical devices ressources between VFs + +- PCI Device Virtual Functions directly managed by specific VF-Aware + GuestOS drivers (kind of Para-Virtualization) + +Intel SR-IOV (2) +---------------- + +XXX + +Intel SR-IOV - Ethernet example +------------------------------- + +- Intel Kawela (1GB) / Niantic (10GB) Ethernet NICs + + - Multiple RX/TX packet queues per port + +- Virtual Device Machine Queues + + - 1 RX paquet queue per VF + +- Filters multiple unicast Ethernet Addresses + +- Layer-2 paquet filtering based on Ethernet Destination Address + +- Duplicate Broadcast / Multicast packets for all VFs + +- Load balancing between TX paquets sent by VFs + +Virtualization and Embedded Systems +=================================== + +Old Embedded Systems (1) +------------------------ + +- Relatively simple architecture + +- Single-purpose devices + +- Dominated by hardware constraints + + - Memory, battery charge + +- Dedicated functionalities, with moderated software size and + complexity + +- Real-time constraints + +Old Embedded Systems (2) +------------------------ + +- Closed environment (« black boxes ») + +- Fixed hardware configuration + +- Full software provided by device vendor + +- No dynamic loading of applications + +- Software updates rareful + +Embedded Systems Now (1) +------------------------ + +- Take on features of general-purpose OS's + +- Growing functionalities => growing complexity and size + +- Run applications originally developed for PC's + + - Sophisticated Human Machine Interfaces (HMI) + - Safari Web browser on iPhones + +- Dynamic loading of applications + + - Iphone + - Google Android + +Embedded Systems Now (2) +------------------------ + +- Dynamically load device's owner specific applications + + - Games + +- Applications developped by engineers with no expertise + in embedded systems + + - Java applications + +- Need for exchanges with external world + + - USB, Bluetooth, Wi-Fi + - TCP/IP + +- Need for open API's, and openness in general + +- Need for high-level systems (Linux, Windows) + +Embedded Systems Challenges +--------------------------- + +- Still Real-Time systems (part of it) + + - Baseband stack of mobile phones + +- Still hardware constraints + + - Battery + - Memory (to minimize device's cost) + +- Also used in mission/life critical situations + + - Weapons + - Cars + +- High requirements on reliability and security + +Mobile Handsets +--------------- + +XXX + +- Run Android/Linux applications on baseband processor + +- Re-use existing legacy modem software stack with its RTOS (no + changes) + +- Support of Linux at a minimal development cost + +- Operating System independence for future evolutions + +- Security & Protection through OS isolation + +:: + + HMI: Human-Machine-Interface + PIM: Personal Information + +Virtualization in Embedded Systems (1) +-------------------------------------- + +- Support for heterogeneous OS's environments + +- Real-time OS + + - Legacy software + - Dedicated applications whose real-time constraints cannot be + achieved by General-Purpose systems + - Licence issues (« GPL contamination ») + +- General Purpose OS + + - Openness + - HMI + +Virtualization in Embedded Systems (2) +-------------------------------------- + +- Concurrent execution of RTOS and GP-OS on the same CPU + +- Reduces cost (Bill Of Material) + +- Requires the underlying VMM to provide + + - Memory isolation between OS's + - CPU scheduling among OS's, with higher priority to the RTOS + - Device partitionning + - Communication mechanism between OS's + +Virtualization in Embedded Systems (3) +-------------------------------------- + +- Leverage multi-cores support with virtual machine abstraction + +- 1 core per OS => no need for CPU scheduling + +- 2 low-performance cores consume less power than a single high + performance CPU => simplify power management + +- New model of software distribution, shipping application with its own OS + + - No OS configuration/version incoherency + +Security Through Virtualization +------------------------------- + +- Notion of Trusted Computing Base (TCB) + + - Part of the system that provides security foundations + - Should only include hardware and VMM + - May also include RTOS, for performance/legacy reasons + +- Run GP OS in an isolated Virtual Machine + + - Avoid damaged GP OS to compromise the secure parts (data, + services) of the system + +Embedded + Virtualization Challenges (1) +---------------------------------------- + +- Full isolation of VM's does not fit cooperation requirements between OS's + +- Efficient communication mechanisms between VM's + +- Global scheduling, with interleaved priorities + +- Global Energy Management + +Embedded + Virtualization Challenges (2) +---------------------------------------- + +- Efficient communication mechanisms between VM's + + - Virtual Ethernet device not adapted + - Need VMM-controlled shared memory transfers + +- Example: Video streaming on a Smartphone + + - Video data received via the baseband managed by RTOS + - Video data displayed by a Media Player running on GPOS + - Avoid copy of video data transfered between the 2 OS's ! + +Task Scheduling Issues +---------------------- + +- Standard server-oriented Virtualization model + + - The VMM schedules VM's on the CPU + - The OS on each VM runs its own scheduler + +- Interleaved priorities in Embedded Systems + + - Baseband task of RTOS with a high priority + - But GPOS Media-Player must have a higher priority than some + low-priority tasks of RTOS + - Enable a VM to yield the CPU + + - Use a RT task as a proxy of GP OS application, and make it yield + the CPU + +Multi-Users Devices +------------------- + +- Mobile phone has 3 types of users, each with specific private data + to protect from the others + + - The person owning the device, with address book, emails, + documents, etc. + - Different wireless providers, for example private and + professionnal: network access properly authenticated, ensure + correct billing ! + - Third-party service providers, for instance multimedia providers. + +- Owner and third-parties must be granted secure financial + transactions + +Virtualization in Hardware +-------------------------- + +- Only way to build a real TCB + + - Without penalizing performances + +- Should include support for + + - Memory Partitionning + - Physical Memory / Machine Memory mapping + - Coupled with multi-cores + - Device Partitioning + + - Interrupt routing + - I/O DMA coupled with memory partitioning & Physical Memory / + Machine Memory mapping + +Conclusion / Evolution of Virtualization +======================================== + +Conclusion +---------- + +- Emulation : slow, multi-arch, simulates ISA (full machine) or ABI + (process level) +- Accelerated emulation : faster, code is executed natively, overhead + for privilegied actions +- Virtual servers : fast and scalable, but same OS and one kernel +- Paravirtualization : fast, needs a modified OS +- HW-assisted virtualization : solves most of the issues + +Evolutions of Virtualization +---------------------------- + +- Cloud computing + + - Big amount of data + - Virtualization brings flexibility to data center + +- Operating systems in browsers ? + + - State of OS is stored remotely + +- Virtualization on desktops and small devices + + - Security (isolates work and personal area) diff --git a/isa-abi.svg b/isa-abi.svg new file mode 100644 index 0000000..1fdf71c --- /dev/null +++ b/isa-abi.svg @@ -0,0 +1,1216 @@ + +image/svg+xmlHardware +OS +App +App +App +System Calls +User ISA +System ISA +ISA +Hardware +OS +App +App +App +System Calls +User ISA +System ISA +ABI + \ No newline at end of file diff --git a/make.bat b/make.bat new file mode 100644 index 0000000..134bf32 --- /dev/null +++ b/make.bat @@ -0,0 +1,252 @@ +@ECHO OFF + +REM Command file for Sphinx documentation + +if "%SPHINXBUILD%" == "" ( + set SPHINXBUILD=sphinx-build +) +set BUILDDIR=_build +set ALLSPHINXOPTS=-d %BUILDDIR%/doctrees %SPHINXOPTS% . +set I18NSPHINXOPTS=%SPHINXOPTS% . +if NOT "%PAPER%" == "" ( + set ALLSPHINXOPTS=-D latex_paper_size=%PAPER% %ALLSPHINXOPTS% + set I18NSPHINXOPTS=-D latex_paper_size=%PAPER% %I18NSPHINXOPTS% +) + +if "%1" == "" goto help + +if "%1" == "help" ( + :help + echo.Please use `make ^` where ^ is one of + echo. html to make standalone HTML files + echo. dirhtml to make HTML files named index.html in directories + echo. singlehtml to make a single large HTML file + echo. pickle to make pickle files + echo. json to make JSON files + echo. htmlhelp to make HTML files and a HTML help project + echo. qthelp to make HTML files and a qthelp project + echo. devhelp to make HTML files and a Devhelp project + echo. epub to make an epub + echo. latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter + echo. text to make text files + echo. man to make manual pages + echo. texinfo to make Texinfo files + echo. gettext to make PO message catalogs + echo. changes to make an overview over all changed/added/deprecated items + echo. xml to make Docutils-native XML files + echo. pseudoxml to make pseudoxml-XML files for display purposes + echo. linkcheck to check all external links for integrity + echo. doctest to run all doctests embedded in the documentation if enabled + goto end +) + +if "%1" == "clean" ( + for /d %%i in (%BUILDDIR%\*) do rmdir /q /s %%i + del /q /s %BUILDDIR%\* + goto end +) + + +%SPHINXBUILD% 2> nul +if errorlevel 9009 ( + echo. + echo.The 'sphinx-build' command was not found. Make sure you have Sphinx + echo.installed, then set the SPHINXBUILD environment variable to point + echo.to the full path of the 'sphinx-build' executable. Alternatively you + echo.may add the Sphinx directory to PATH. + echo. + echo.If you don't have Sphinx installed, grab it from + echo.http://sphinx-doc.org/ + exit /b 1 +) + +if "%1" == "html" ( + %SPHINXBUILD% -b html %ALLSPHINXOPTS% %BUILDDIR%/html + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The HTML pages are in %BUILDDIR%/html. + goto end +) + +if "%1" == "dirhtml" ( + %SPHINXBUILD% -b dirhtml %ALLSPHINXOPTS% %BUILDDIR%/dirhtml + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The HTML pages are in %BUILDDIR%/dirhtml. + goto end +) + +if "%1" == "singlehtml" ( + %SPHINXBUILD% -b singlehtml %ALLSPHINXOPTS% %BUILDDIR%/singlehtml + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The HTML pages are in %BUILDDIR%/singlehtml. + goto end +) + +if "%1" == "pickle" ( + %SPHINXBUILD% -b pickle %ALLSPHINXOPTS% %BUILDDIR%/pickle + if errorlevel 1 exit /b 1 + echo. + echo.Build finished; now you can process the pickle files. + goto end +) + +if "%1" == "json" ( + %SPHINXBUILD% -b json %ALLSPHINXOPTS% %BUILDDIR%/json + if errorlevel 1 exit /b 1 + echo. + echo.Build finished; now you can process the JSON files. + goto end +) + +if "%1" == "htmlhelp" ( + %SPHINXBUILD% -b htmlhelp %ALLSPHINXOPTS% %BUILDDIR%/htmlhelp + if errorlevel 1 exit /b 1 + echo. + echo.Build finished; now you can run HTML Help Workshop with the ^ +.hhp project file in %BUILDDIR%/htmlhelp. + goto end +) + +if "%1" == "qthelp" ( + %SPHINXBUILD% -b qthelp %ALLSPHINXOPTS% %BUILDDIR%/qthelp + if errorlevel 1 exit /b 1 + echo. + echo.Build finished; now you can run "qcollectiongenerator" with the ^ +.qhcp project file in %BUILDDIR%/qthelp, like this: + echo.^> qcollectiongenerator %BUILDDIR%\qthelp\SystemVirtualizationandOSVirtualMachines.qhcp + echo.To view the help file: + echo.^> assistant -collectionFile %BUILDDIR%\qthelp\SystemVirtualizationandOSVirtualMachines.ghc + goto end +) + +if "%1" == "devhelp" ( + %SPHINXBUILD% -b devhelp %ALLSPHINXOPTS% %BUILDDIR%/devhelp + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. + goto end +) + +if "%1" == "epub" ( + %SPHINXBUILD% -b epub %ALLSPHINXOPTS% %BUILDDIR%/epub + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The epub file is in %BUILDDIR%/epub. + goto end +) + +if "%1" == "latex" ( + %SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex + if errorlevel 1 exit /b 1 + echo. + echo.Build finished; the LaTeX files are in %BUILDDIR%/latex. + goto end +) + +if "%1" == "latexpdf" ( + %SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex + cd %BUILDDIR%/latex + make all-pdf + cd %BUILDDIR%/.. + echo. + echo.Build finished; the PDF files are in %BUILDDIR%/latex. + goto end +) + +if "%1" == "latexpdfja" ( + %SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex + cd %BUILDDIR%/latex + make all-pdf-ja + cd %BUILDDIR%/.. + echo. + echo.Build finished; the PDF files are in %BUILDDIR%/latex. + goto end +) + +if "%1" == "text" ( + %SPHINXBUILD% -b text %ALLSPHINXOPTS% %BUILDDIR%/text + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The text files are in %BUILDDIR%/text. + goto end +) + +if "%1" == "man" ( + %SPHINXBUILD% -b man %ALLSPHINXOPTS% %BUILDDIR%/man + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The manual pages are in %BUILDDIR%/man. + goto end +) + +if "%1" == "texinfo" ( + %SPHINXBUILD% -b texinfo %ALLSPHINXOPTS% %BUILDDIR%/texinfo + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The Texinfo files are in %BUILDDIR%/texinfo. + goto end +) + +if "%1" == "gettext" ( + %SPHINXBUILD% -b gettext %I18NSPHINXOPTS% %BUILDDIR%/locale + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The message catalogs are in %BUILDDIR%/locale. + goto end +) + +if "%1" == "changes" ( + %SPHINXBUILD% -b changes %ALLSPHINXOPTS% %BUILDDIR%/changes + if errorlevel 1 exit /b 1 + echo. + echo.The overview file is in %BUILDDIR%/changes. + goto end +) + +if "%1" == "linkcheck" ( + %SPHINXBUILD% -b linkcheck %ALLSPHINXOPTS% %BUILDDIR%/linkcheck + if errorlevel 1 exit /b 1 + echo. + echo.Link check complete; look for any errors in the above output ^ +or in %BUILDDIR%/linkcheck/output.txt. + goto end +) + +if "%1" == "doctest" ( + %SPHINXBUILD% -b doctest %ALLSPHINXOPTS% %BUILDDIR%/doctest + if errorlevel 1 exit /b 1 + echo. + echo.Testing of doctests in the sources finished, look at the ^ +results in %BUILDDIR%/doctest/output.txt. + goto end +) + +if "%1" == "xml" ( + %SPHINXBUILD% -b xml %ALLSPHINXOPTS% %BUILDDIR%/xml + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The XML files are in %BUILDDIR%/xml. + goto end +) + +if "%1" == "pseudoxml" ( + %SPHINXBUILD% -b pseudoxml %ALLSPHINXOPTS% %BUILDDIR%/pseudoxml + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The pseudo-XML files are in %BUILDDIR%/pseudoxml. + goto end +) + +:end + + +if "%1" == "slides" ( + %SPHINXBUILD% -b slides %ALLSPHINXOPTS% %BUILDDIR%/slides + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The HTML slides pages are in %BUILDDIR%/slides. + goto end +) + diff --git a/mem-virt.svg b/mem-virt.svg new file mode 100644 index 0000000..3f470da --- /dev/null +++ b/mem-virt.svg @@ -0,0 +1,950 @@ + +image/svg+xml +2000 +6000 +1000 +4000 +7000 +1000 +5000 +1000 +8000 +1000 +3000 +unmapped virtual page +0 +3000 +7000 +unmapped Guest page +mapped virtual page +VM 2 +mapped Guest page +VM 1 +P1.1 +P1.2 +P2.1 +Machine physical page +Machinememory +ProcessVirtualSpace +GuestPhysicalMemory + \ No newline at end of file diff --git a/mmu1.svg b/mmu1.svg new file mode 100644 index 0000000..70af0a4 --- /dev/null +++ b/mmu1.svg @@ -0,0 +1,632 @@ + +image/svg+xmlTranslationLookasideBuffer +Processes (Virtual Address Spaces) +PhysicalMemory +MMU +frame N +pte +4GB +page +frame 0 + \ No newline at end of file diff --git a/mmu2.svg b/mmu2.svg new file mode 100644 index 0000000..75a627b --- /dev/null +++ b/mmu2.svg @@ -0,0 +1,950 @@ + +image/svg+xml0 +22 +31 +21 +12 +11 +DirectoryIndex +Page TableIndex +PageOffset +cr/st +1023 +cr/st +0 +1023 +VirtualAddress +Directory Page +CR3 +Directory Address +Physical Memory +cr/st = control & status +Page Table Entry (PTE) +cr/st +4KB page +Translation Lookaside Buffer (TLB) = cache for PTEs +0 +10 bits +10 bits +12 bits +32 bits word + \ No newline at end of file diff --git a/qemu.svg b/qemu.svg new file mode 100644 index 0000000..d47c38c --- /dev/null +++ b/qemu.svg @@ -0,0 +1,663 @@ + +image/svg+xml3 +Solaris (Native OS) +QEMUARM +RT-OS +Real-TimeApplications +QEMUPC-x86 +Linux +LinuxApplications +Solaris ABI +QEMUPC-x86 +Windows +WindowsApplications +Sun - Sparc +PowerPC ISA +x86 ISA +x86 ISA +SolarisProcess + \ No newline at end of file diff --git a/recovery.png b/recovery.png new file mode 100644 index 0000000..11908d7 Binary files /dev/null and b/recovery.png differ diff --git a/standalone.svg b/standalone.svg new file mode 100644 index 0000000..6a5e237 --- /dev/null +++ b/standalone.svg @@ -0,0 +1,330 @@ + +image/svg+xmlHardware +VMM +Guest OS +Applications +Guest OS +Applications +Guest OS +Applications + \ No newline at end of file diff --git a/tlb-flush-issue.svg b/tlb-flush-issue.svg new file mode 100644 index 0000000..7387f5c --- /dev/null +++ b/tlb-flush-issue.svg @@ -0,0 +1,586 @@ + +image/svg+xmlVirtual Address Space +Physical Memory +box 0 +box N +MMU +TranslationLookasideBuffer +pte +4GB + \ No newline at end of file diff --git a/virt-devices.svg b/virt-devices.svg new file mode 100644 index 0000000..2cfaaa9 --- /dev/null +++ b/virt-devices.svg @@ -0,0 +1,987 @@ + +image/svg+xmlEthernet NIC +Applications +Guest OS +Applications +Guest OS +Applications +Guest OS +VMM +Vdisk(FE) +Vdisk(FE) +Vdisk(FE) +Vdisk(BE) +Vdisk(BE) +Vdisk(BE) +Veth(BE) +Veth(BE) +Veth(BE) +Veth(FE) +Veth(FE) +Veth(FE) +NICdriver +Net Bridging +Diskdriver + \ No newline at end of file diff --git a/virtual-servers.svg b/virtual-servers.svg new file mode 100644 index 0000000..83554f2 --- /dev/null +++ b/virtual-servers.svg @@ -0,0 +1,1491 @@ + +image/svg+xmlKernel Code +P7 +P6 +10.16.0.0/16 +/roots/vm2 +10.17.0.0/16 +/roots/vm3 +10.18.0.0/16 +P3 +P8 +/ +74.125.0.0/16 +P1 +P2 +P5 +P9 +/roots/vm1 + \ No newline at end of file diff --git a/vmware-wks.png b/vmware-wks.png new file mode 100644 index 0000000..44ffead Binary files /dev/null and b/vmware-wks.png differ diff --git a/vt-d.svg b/vt-d.svg new file mode 100644 index 0000000..0a51df9 --- /dev/null +++ b/vt-d.svg @@ -0,0 +1,396 @@ + +image/svg+xmlCPU +SystemBUS +NorthBridge +Memory +Device 1 +Device 2 +Device 3 +PCI Express Bus +VT-d +PCIe rootports + \ No newline at end of file diff --git a/vt-x-mem.svg b/vt-x-mem.svg new file mode 100644 index 0000000..aa6ae76 --- /dev/null +++ b/vt-x-mem.svg @@ -0,0 +1,776 @@ + +image/svg+xmlVM 1 +VM 2 +Process 1 +Process 2 +Process 1 +Process 2 +Guest OSVirtual Memory +Guest OSPhysical Memory +MachinePhysical Memory + \ No newline at end of file diff --git a/vt-x-mmu.svg b/vt-x-mmu.svg new file mode 100644 index 0000000..dd0a872 --- /dev/null +++ b/vt-x-mmu.svg @@ -0,0 +1,370 @@ + +image/svg+xmlTranslation Lookaside Buffer (TLB)Guest PTEs (Guest VA → Guest PA)Extended PTEs (Guest PA → Host PA) +Guest CR3 +EPTR Base Pointer +GuestPage Table +Guest VA +Guest PA +Machine PA +EPTPage Table + \ No newline at end of file diff --git a/vt-x.svg b/vt-x.svg new file mode 100644 index 0000000..10951f1 --- /dev/null +++ b/vt-x.svg @@ -0,0 +1,531 @@ + +image/svg+xmlVMM +VMX root mode +VMX non-root mode +Intel-VT Hardware +VM Exit +VM Enter +rings 0 - 3 +ring 3 +ring 3 +ring 3 +ring 0 +ring 0 +ring 0 +Applications +Applications +Applications +Guest OSkernel +Guest OSkernel +Guest OSkernel +VM 1 +VM 2 +VM 3 + \ No newline at end of file