with the extensive deployment of multicore systems, clusters, grids and even cloud computing in recent years, the advantages of virtualization technology in commercial applications are increasingly reflected, not only to reduce IT costs, but also to enhance the security and reliability of the system, the concept of virtualization gradually into people's daily work and life. Aiming at the x86 platform, this paper first gives the basic concept and classification of virtualization technology, then expounds the realization principle and challenges of pure software virtualization, and finally introduces the INTEL-VT hardware-assisted virtualization technology in detail.
Introduction of Virtualization Technology
What is Virtualization
Virtualization (virtualization) technology, which first appeared in the the 1960s IBM mainframe systems, became popular in the 70 's System 370 series, which was called Virtual machine MONITOR,VMM Program generates many virtual machine instances that can run standalone operating system software on top of the physical hardware. With the extensive deployment of multicore systems, clusters, grids and even cloud computing in recent years, the advantages of virtualization technology in commercial applications are increasingly reflected, not only to reduce IT costs, but also to enhance the security and reliability of the system, the concept of virtualization gradually into people's daily work and life.
Virtualization is a generalized term that may mean different things to different people, depending on the environment in which they are located. In the field of computer science, virtualization represents the abstraction of computational resources, not just the concept of virtual machines. For example, the abstraction of physical memory creates a virtual memory technology that allows an application to assume that it has an address space that is continuously available, while in fact the code and data of the application may be separated into multiple fragments of pages or segments, or even swapped to external storage such as disk, Flash, etc. The application runs smoothly even when there is not enough physical memory.
Second, the classification of virtualization technology
Virtualization technology is divided into the following major categories:
Platform Virtualization (Platform virtualization) for virtualization of computers and operating systems.
Resource Virtualization (Resource virtualization), for specific system resource virtualization, such as memory, storage, network resources and so on.
Application Virtualization (Application Virtualization), including simulation, simulation, interpretation technology, and more.
What we typically call virtualization is the platform virtualization technology that hides the actual physical characteristics of a particular computing platform by using control programs (control program, also known as virtual machine Monitor or Hypervisor), providing users with abstract, A unified, simulated computing environment (called a virtual machine). The operating system running in the virtual machine is called the guest OS, and the operating system running the virtual machine monitor is known as the host OS, and of course some virtual machine monitors can run directly above the hardware (such as VMWARE's ESX products) from the operating system. The real system that runs the virtual machine we call the host system.
CPU Virtualization: Analog:emulation virtual:virtulization Full Virtualization (full-virtulization) BT: binary translation (software)        HVM: Hardware-assisted virtualization (hardware) Semi-virtualized (para-virtulization) memory: process: Linear address space Kernel: Physical Address space MMU Virtulization Intel: EPT, Extended Page Table amd: ntp, nested page table tlb virtulization           TAGGED TLBI/O the way to virtualize: Simulation:   fully use software to simulate real hardware semi-virtualized: io-through: io Transmission intel: vt-d Hardware-assisted virtualization technology based on North Bridge;
Platform virtualization technology can be subdivided into the following sub-categories:
1. Complete virtualization (full virtualization)
Full virtualization is the virtual machine that simulates the complete underlying hardware, including processors, physical memory, clocks, peripherals, etc., so that the operating system or other system software designed for the original hardware can be run in the virtual machine without any modification at all . The interaction between the operating system and the real hardware can be seen through a pre-defined hardware interface. Fully virtualized VMM provides all interfaces in a way that fully emulates hardware (and must also simulate the execution of privileged instructions).
For example, in the x86 architecture, for the operation of the operating system switching Process page table, the real hardware implements the interface by providing a privileged CR3 register, and the operating system simply executes the "MOV pgtable,%%cr3" assembly instructions. Full virtualization VMM must fully simulate the entire process that the interface performs. If the hardware does not provide special support for virtualization, the simulation process will be complex: In general, VMM must run at the highest priority to fully control the host system, and the Guest OS needs to be degraded to run so that it cannot perform privileged operations. When the guest OS executes the preceding privileged assembly instruction, the host system generates an exception (General Protection Exception), and the execution control is re-transferred from the Guest OS to the hands of VMM. VMM allocates a variable in advance as the shadow CR3 Register to the guest OS, fills the Pgtable representative's client physical address (guest physical address) into the shadow CR3 register, and then VMM also needs pgtable to translate the host physical address (H OST physical Address) and fill in the physical CR3 register, and then return to the Guest OS. VMM will then also handle the complex Guest OS Page Fault.
The more famous fully virtualized VMM has Microsoft virtual PC, VMware Workstation, Sun virtual Box, Parallels Desktop for Mac, and QEMU.
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/78/E0/wKioL1aEmgfzmpiCAAFA9bEA4Gc653.jpg "title=" Qq20151231105812.jpg "alt=" Wkiol1aemgfzmpicaafa9bea4gc653.jpg "/>
2, semi-virtualized (Para virtualization)
This is a technique that modifies the code of the Guest OS section to access privileged state to interact directly with VMM. In a semi-virtualized virtual machine, some hardware interfaces are provided as software to the guest operating system, which can be provided by Hypercall (a direct call from VMM to the Guest OS, similar to a system call).
For example, the Guest OS modifies the code of the switch page table to call Hypercall to directly complete the work of modifying the Shadow CR3 register and translating the address. Because there is no need to generate additional exceptions and simulate part of the hardware execution process, semi-virtualization can significantly improve performance.
The more famous semi-virtualized VMM has Denali, Xen.
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/78/E2/wKioL1aEpLXQHMAQAAEgQ_1xTOE214.jpg "title=" Qq20151231114352.jpg "alt=" Wkiol1aeplxqhmaqaaegq_1xtoe214.jpg "/>
3. Hardware-assisted virtualization (hardware-assisted virtualization Machine)
Hardware-assisted virtualization refers to the support of hardware (primarily host processors) for efficient full virtualization. For example, with the support of INTEL-VT technology, the guest OS and the VMM execution environment are automatically completely isolated, and the guest OS has its own "full set of registers" that can be run directly at the highest level. So in the example above, the Guest OS is able to perform assembly instructions that modify the page table. INTEL-VT and Amd-v are two hardware-assisted virtualization technologies currently available on the x86 architecture.
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/78/E4/wKiom1aErpzg8Yr4AAG0lNxWepc987.jpg "title=" Qq20151231122637.jpg "alt=" Wkiom1aerpzg8yr4aag0lnxwepc987.jpg "/>
4, operating system level virtualization (Operating system levels virtualization)
In a traditional operating system, the process of all users is essentially running in an instance of the same operating system, so a kernel or application flaw can affect other processes. Operating system-level virtualization is a lightweight virtualization technology used in server operating systems, where the kernel isolates different processes by creating multiple virtual operating system instances (cores and libraries), and processes in different instances have no knowledge of each other's existence.
The more famous are the Solaris Container [2],freebsd Jail and OpenVZ etc.
This classification is not absolute, and a good virtualization software often incorporates a number of technologies. For example, VMware Workstation is a well-known, fully virtualized VMM, but it uses a technique called dynamic binary (BT) translation to transform privileged state access into shadow state operations, thus avoiding inefficient trap-and-emulate processing. This is similar to full virtualization, except that full virtualization modifies the program code statically. For Hyper-virtualization, if you can take advantage of hardware features, the management of virtual machines will be greatly simplified while maintaining high performance.
The virtualization technology discussed in this article is for the x86 platform (including AMD 64) and assumes that the Guest OS running in the virtual machine is also designed for the x86 platform.
The virtualization of Memory
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/78/E4/wKiom1aEr_SBEcnfAAF9zCOcQtI927.jpg "title=" 134p42591_0.jpg "alt=" Wkiom1aer_sbecnfaaf9zcocqti927.jpg "/>
In the left half of the normal situation of memory usage, a linear address to the physical address of a conversion, usually the memory address used by the application is a linear address, need to through the MMU address translation of a hardware to achieve a linear address to the physical address of a conversion. The right half of the virtualization scenario is how memory is translated into a linear address-to-physical address, the OS in the virtual machine is given a linear address assigned by the host OS, and the application in the guest OS gets a linear address relative to the guest OS, So for this linear address can only be converted to a linear address, can not be converted to the physical address, virtualization provides a virtual MMU directly to the guest OS directly into the real physical address of the linear address, But this virtual MMU is virtual out of the real hardware MMU performance and the development of virtual MMU is also very complex, each guest must have a MMU, this memory consumption is too large. For this technique we call it Shadow page table technology.
Since then, Intel has pioneered the EPT (Extended page Tables) technology, which, compared to the shadow page table technology, reduces the difficulty of memory virtualization, and the EPT technology directly implements the linear address in the guest OS to the guest in hardware. The physical address in the OS is then converted two times to the physical address in the host OS.
The virtualization of IO
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/78/E5/wKiom1aEs32BZrV3AAHwoyBH4ao025.jpg "title=" 134p25039_0.jpg "alt=" Wkiom1aes32bzrv3aahwoybh4ao025.jpg "/>
The most left-hand IO Virtualization is using simulation technology:
Simulation (emulation) is a technology that simulates hardware entirely through a software program. This scenario is used by early virtualization to virtualize network devices. Common simulation software is QEMU, VMware WorkStation, VirtualBox. Emulation Net
The intermediate IO virtualization is para-virtualization:
Para-virtualization, also known as para-virtualization, was first used by Citrix's Xen. In the semi-virtualized model, the unified physical hardware resources are managed by hypervisor, and the hypervisor provides the resource invocation interface. The virtual machine communicates with the hypervisor through a specific calling interface, and then the full I/O resource is controlled.
On the far right is the direct IO
Hypervisor assigns a PCI device (which can be a network card, USB, CD-ROM) directly to the specified virtual sub-machine for individual access. For security and stability reasons, the use of pass-through is typically combined with Intel vt-d (AMD has similar technology) to ensure that memory access between virtual machines does not conflict through IOMMU. This technique is called Vmdirectpath I/O on VMware and no specific terminology is found in other scenarios.
This article is from the "Little Water Drop" blog, please make sure to keep this source http://wangzan18.blog.51cto.com/8021085/1730261
Discussion on the technology of virtualization