Hardware Reference
In-Depth Information
These two reasons are why cloud-based servers, such as Amazon's, rely on virtual machines.
Requirements Of A Virtual Machine Monitor
What must a VM monitor do? It presents a software interface to guest software, it must isolate
the state of guests from each other, and it must protect itself from guest software (including
guest OSes). The qualitative requirements are
■ Guest software should behave on a VM exactly as if it were running on the native hard-
ware, except for performance-related behavior or limitations of fixed resources shared by
multiple VMs.
■ Guest software should not be able to change allocation of real system resources directly.
To “virtualize” the processor, the VMM must control just about everything—access to priv-
ileged state, address translation, I/O, exceptions and interrupts—even though the guest VM
and OS currently running are temporarily using them.
For example, in the case of a timer interrupt, the VMM would suspend the currently run-
ning guest VM, save its state, handle the interrupt, determine which guest VM to run next,
and then load its state. Guest VMs that rely on a timer interrupt are provided with a virtual
timer and an emulated timer interrupt by the VMM.
To be in charge, the VMM must be at a higher privilege level than the guest VM, which
generally runs in user mode; this also ensures that the execution of any privileged instruction
will be handled by the VMM. The basic requirements of system virtual machines are almost
identical to those for paged virtual memory listed above:
■ At least two processor modes, system and user.
■ A privileged subset of instructions that is available only in system mode, resulting in a trapif
if executed in user mode. All system resources must be controllable only via these instruc-
tions.
(Lack Of) Instruction Set Architecture Support For Virtual
Machines
If VMs are planned for during the design of the ISA, it's relatively easy to both reduce the
number of instructions that must be executed by a VMM and how long it takes to emulate
them. An architecture that allows the VM to execute directly on the hardware earns the title
virtualizable
, and the IBM 370 architecture proudly bears that label.
Alas, since VMs have been considered for desktop and PC-based server applications only
fairly recently, most instruction sets were created without virtualization in mind. These cul-
prits include 80x86 and most RISC architectures.
Because the VMM must ensure that the guest system only interacts with virtual resources,
a conventional guest OS runs as a user mode program on top of the VMM. Then, if a guest
OS attempts to access or modify information related to hardware resources via a privileged
instruction—for example, reading or writing the page table pointer—it will trap to the VMM.
The VMM can then effect the appropriate changes to corresponding real resources.
Hence, if any instruction that tries to read or write such sensitive information traps when
executed in user mode, the VMM can intercept it and support a virtual version of the sensitive
information as the guest OS expects.
In the absence of such support, other measures must be taken. A VMM must take special
precautions to locate all problematic instructions and ensure that they behave correctly when
Search WWH ::
Custom Search