Hardware Reference
In-Depth Information
VMM is to keep track of messages for the virtual network addresses to ensure that guest VMs
receive only messages intended for them.
An Example VMM: The Xen Virtual Machine
Early in the development of VMs, a number of inefficiencies became apparent. For example, a
guest OS manages its virtual to real page mapping, but this mapping is ignored by the VMM,
which performs the actual mapping to physical pages. In other words, a significant amount
of wasted effort is expended just to keep the guest OS happy. To reduce such inefficiencies
VMM developers decided that it may be worthwhile to allow the guest OS to be aware that
it is running on a VM. For example, a guest OS could assume a real memory as large as its
virtual memory so that no memory management is required by the guest OS.
Allowing small modifications to the guest OS to simplify virtualization is referred to as
para-
virtualization
, and the open source Xen VMM is a good example. The Xen VMM, which is used
in Amazon's Web services data centers, provides a guest OS with a virtual machine abstrac-
tion that is similar to the physical hardware, but it drops many of the troublesome pieces. For
example, to avoid flushing the TLB, Xen maps itself into the upper 64 MB of the address space
of each VM. It allows the guest OS to allocate pages, just checking to be sure it does not vi-
olate protection restrictions. To protect the guest OS from the user programs in the VM, Xen
takes advantage of the four protection levels available in the 80x86. The Xen VMM runs at the
highest privilege level (0), the guest OS runs at the next level (1), and the applications run at
the lowest privilege level (3). Most OSes for the 80x86 keep everything at privilege levels 0 or
3.
For subseting to work properly, Xen modiies the guest OS to not use problematic portions
of the architecture. For example, the port of Linux to Xen changes about 3000 lines, or about
1% of the 80x86-specific code. These changes, however, do not affect the application-binary in-
terfaces of the guest OS.
To simplify the I/O challenge of VMs, Xen assigned privileged virtual machines to each
hardware I/O device. These special VMs are called
driver domains
. (Xen calls its VMs “do-
mains.”) Driver domains run the physical device drivers, although interrupts are still handled
by the VMM before being sent to the appropriate driver domain. Regular VMs, called
guest
domains
, run simple virtual device drivers that must communicate with the physical device
drivers in the driver domains over a channel to access the physical I/O hardware. Data are sent
between guest and driver domains by page remapping.
2.5 Crosscutting Issues: The Design of Memory
Hierarchies
This section describes three topics discussed in other chapters that are fundamental to
memory hierarchies.
Protection And Instruction Set Architecture
Protection is a joint effort of architecture and operating systems, but architects had to modify
some awkward details of existing instruction set architectures when virtual memory became
popular. For example, to support virtual memory in the IBM 370, architects had to change the
successful IBM 360 instruction set architecture that had been announced just 6 years before.
Similar adjustments are being made today to accommodate virtual machines.
Search WWH ::
Custom Search