Introduction to Xen virtualization, execution control of instruction sets, and xen Instruction Sets
Instruction Set execution control
Introduction to virtualization technology-XEN
Virtualization technology is very similar to simulation in concept. A system impersonates two or more identical systems. Most modern operating systems contain a simple virtual system. Every running process thinks that it is the only process in the system,
This is because the CPU and memory are virtualized. Everyone is using some kind of virtualization every day.
CPU Virtualization
CPU virtualization seems to be very simple to some extent. When process A is occupying CPU computing and another process B needs to use the CPU, B will issue an interrupt request to the CPU, the CPU saves the running status data of process A, interrupts CPU running, and process B starts to use CPU computing. After A period of time, process B saves the running status data and interrupts it. process A continues to occupy CPU computing.
The virtual CPU is different from the physical CPU. When the operating system is running or switching, the CPU is in the privileged mode. At this time, the system allows certain execution. For example, access the memory directly through the physical address (this operating system is usually not allowed)
CPU commands are divided into three categories:
1. Privileged-level commands: commands that may run in privileged-level mode but will run once the privileged-level commands exit.
2. Sensitive Control commands: commands that attempt to change the system resource configuration.
3. behavior-sensitive commands: these commands have different performance lines according to resource configuration, including all the commands for loading and store operations on virtual addresses.
Why virtualization?
The fundamental purpose of virtualization technology is the same as that of a multi-task operating system, that is, the computer has more than the processing capability to meet the needs of a single task.
Advantages of Virtualization:
1. the VM can be cloned at a very low cost.
2. Another major advantage of virtualization technology is portability.
3. Low energy consumption is also an attraction of virtualization technology.
4. A Virtual Machine is easier to carry than a physical machine.
5. Compared with processes running on an operating system, a virtual machine provides deeper isolation.
In history, the first machine that fully supports virtualization was IBM's VM, which was born as part of the IBM360 project.
X86 architecture virtualization solution:
I. Binary Translation
Is a solution to the X86 architecture virtualization problem, which is popularized through VMWare. This method has a significant advantage: it allows the vast majority of virtualized environments to run in the user space, but also causes performance loss. Binary Translation requires a virtual environment to scan the command flow and identify privileged commands. The operations performed by these commands are completed by their simulation commands. This method has poor performance, especially when performing any frequent operations that are first off with I/O operations. It can accelerate performance by caching insecure commands, but it also brings some memory overhead.
Ii. Pan Virtualization
From the perspective of an operating system, the biggest difference between the two is: In the Xen system, the operating system runs on the Ring Level 1, while in the real X86 system, the operating system runs directly on the Ring 0. For more information, see CPU privilege Ring. In the Xen system, guest OS cannot execute any privileged commands. To provide similar functions, hypervisor provides a complete set of hypercall functions.
It is a different mechanism called by the original system and the Pan-virtualization system:
Like Linux, Xen uses the MS-DOS System Call mechanism, instead of the UNIX call mechanism that FreeBSD wants to use. This means that hypercall parameters are stored in registers instead of stacks.
Hardware-aided Virtualization
AMD virtualization technology is called AMD-V
AMD-V technology provides hypervisor with two approaches to address memory segmentation issues. The first mode is the "shadow page table" guest OS, which allows the hypervisor to fall into whatever time it tries to modify its own page table;
The second mode is "nested page table". The work done by the nested page table is like its name. It adds an indirect layer to the virtual memory. MMU solves the conversion from virtual addresses to physical addresses as defined by the operating system. Now, another set of page tables defined by hypervisor are used, and these physical addresses are described
Convert to a real physical address. The conversion process is completed under hardware conditions, so it is as fast as the normal virtual address query.
Intel Virtualization Technology is called IVT (Intel Virtualization Technology)
IVT adds a new mode to the processor called VMX. Hypervisor can run in VMX mode and is transparent to the operating system running on the upper layer of Ring 0. When the CPU runs in VMX mode, there is no difference from the perspective of a modified operating system,
From the perspective of guest OS, all commands do what they should do, and as long as the hypervisor executes the simulation operation correctly, the system will not encounter errors. In some cases, hardware virtualization is much faster than software virtualization.
Xen Concept
Separation of scheme and mechanism-the key idea of a good system design is the separation of scheme and mechanism.
Xen itself does not support any external devices. Xen only provides a mechanism for guest OS to directly access physical devices. In this way, the guest OS can use an existing device driver .. Of course,
Multiple guest OS can access the device. Xen sets a mechanism here. The authorization table interface allows developers to authorize access to content pages to other guest OS.
The less you do, the better.
Each new release version of Xen tries to do less than the previous version of Xen, the reason for this is that Xen runs at a very high special level-even higher than the operating system level; once a bug occurs
It will be devastating. Just like the Xen bug discovered some time ago, the cloud service vendor with a very wide impact caused some cloud service hosts to fix the bug only after Cold Restart. Therefore, Xen is very low-level, it has a certain impact on the business.
Xen System Structure
Relationship between Hypervisor, kernel, and application processes
For the kernel running on Xen, the biggest change is to exit the running level of Ring 0. The specific Ring level is transferred to Ring1 in the IA32 system, depending on the platform.
When AMD combines the IA32 architecture with the X86-64-bit architecture, what it does is to reduce the Ring level, in systems without Ring1 and Ring2, you have to modify the Xen so that the operating system runs on ring3.
Role of Domain 0
Hypervisor is responsible for allowing the running of guest OS. Xen runs guest OS in an environment called Domain. It contains a complete virtual runtime environment. The first thing Xen does when it starts is to load the guest OS kernel of the Domain.
This kernel is typically specified as a module in the boot loader unit, so it can be loaded without any file system driver.
Domain 0 is the first running guest OS and has a higher privilege level. Correspondingly, Domain U (dom U)-U stands for non-privileged level (unprivileged, currently, some responsibilities of dom 0 can be called to dom U guest OS, which will blur the boundaries between the two. Xen itself does not contain any device drivers and user interfaces. These tasks are provided by the operating system and the user space tools running on Dom0.
One of the most important tasks of Dom0 guest OS is to process peripherals. Therefore, it has a higher privilege level than other guest OS, so it can access hardware.
Any driver has three primary keys:
Multipart Device Driver, multiplex, and real driver
Non-authorized Domain
Domain U has more restrictions. It is generally not allowed to execute any hypercall that can directly access the hardware, although in some cases it is allowed to access one or more devices.
Because the hardware cannot be directly accessed, dom U implements the front ends of some device drivers. At the minimum, Xenstore is required to control the device drivers,