0
Intel Virtualization Technology: Hardware Support for Efficient Processor Virtualizatio n Gil Neiger, Amy Santoni, Felix L...
Overview <ul><li>Background </li></ul><ul><ul><li>X86 memory management review </li></ul></ul><ul><li>Software-only virtua...
Overview <ul><li>Background </li></ul><ul><ul><li>X86 memory management review </li></ul></ul><ul><li>Software-only virtua...
IA-32 Architecture overview
Memory Management on IA-32
Privilege level (ring 0,1,2,3) ‏ Memory Management on IA-32: segments
Memory Management on IA-32: multi-segments
Memory Management on IA-32: flat model <ul><li>Paging protection </li></ul><ul><ul><li>User / Supervisor bit </li></ul></u...
<ul><ul><li>Use flat model </li></ul></ul><ul><ul><li>Paging isolates kernel / user space </li></ul></ul><ul><ul><li>OS ru...
Overview <ul><li>Background </li></ul><ul><ul><li>X86 memory management review </li></ul></ul><ul><li>Software-only virtua...
Challenges <ul><li>Ring Aliasing </li></ul><ul><ul><li>The problem that arise when software is run at a privilege level ot...
Challenges <ul><li>Address-Space Compression  </li></ul><ul><ul><li>VMM must use some of the guest’s virtual-address space...
Challenges <ul><li>Non-Faulting Access to Privileged State </li></ul><ul><ul><li>In most cases, accessing privileges state...
Challenges <ul><li>Interrupt Virtualization </li></ul><ul><ul><li>A VMM may manage external interrupts and deny guest to c...
Challenges <ul><li>Access to Hidden State </li></ul><ul><ul><li>Some processor states are not software-accessible </li></u...
Challenges <ul><li>Ring Compression </li></ul><ul><ul><li>Segment protections do not apply in 64-bit </li></ul></ul><ul><u...
Overview <ul><li>Background </li></ul><ul><ul><li>X86 memory management review </li></ul></ul><ul><li>Software-only virtua...
<ul><ul><li>Paravirtualization </li></ul></ul><ul><ul><ul><li>Modify the guest OS to cooperate with VMM </li></ul></ul></u...
Overview <ul><li>Background </li></ul><ul><ul><li>X86 memory management review </li></ul></ul><ul><li>Software-only virtua...
VT-x Architecture Overview Intel Virtualization Architecture Overview <ul><li>Two new forms of CPU operation </li></ul><ul...
Intel Virtualization Architecture Overview <ul><li>VMCS (Virtual Machine Control Structure)‏ </li></ul><ul><ul><li>A new d...
Intel Virtualization Architecture Overview <ul><li>A new PSR (Processor Status Register) bit:  PSR.vm </li></ul><ul><ul><l...
Overview <ul><li>Background </li></ul><ul><ul><li>X86 memory management review </li></ul></ul><ul><li>Software-only virtua...
Solving Challenges with VT <ul><li>Address-Space Compression </li></ul><ul><ul><li>With VT-x </li></ul></ul><ul><ul><ul><l...
Solving Challenges with VT <ul><li>Nonfaulting Access to Privileged State </li></ul><ul><ul><li>With VT-x and VT-i, such a...
Solving Challenges with VT <ul><li>Access to Hidden State </li></ul><ul><ul><li>VT-x includes those state in the guest-sta...
Overview <ul><li>Background </li></ul><ul><ul><li>X86 memory management review </li></ul></ul><ul><li>Software-only virtua...
VMM Usage of Intel VT Features <ul><li>Exception Handling </li></ul><ul><ul><li>When VM exits, the cause of exception is a...
Overview <ul><li>Background </li></ul><ul><ul><li>X86 memory management review </li></ul></ul><ul><li>Software-only virtua...
Future of VT Architecture <ul><li>NMI-window VM exiting </li></ul><ul><ul><li>Similar to the interrupt-window exiting, but...
 
Upcoming SlideShare
Loading in...5
×

slides

438

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
438
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
34
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "slides"

  1. 1. Intel Virtualization Technology: Hardware Support for Efficient Processor Virtualizatio n Gil Neiger, Amy Santoni, Felix Leung, Dion Rodgers, Rich Uhlig Intel Technology Journal Volume 10, Issue 3, 2006 Presenter: Weiming Zhao
  2. 2. Overview <ul><li>Background </li></ul><ul><ul><li>X86 memory management review </li></ul></ul><ul><li>Software-only virtualization </li></ul><ul><ul><li>Challenges </li></ul></ul><ul><ul><li>Solutions </li></ul></ul><ul><li>Intel virtualization technology (VT) ‏ </li></ul><ul><ul><li>VT-x / VT-i architecture </li></ul></ul><ul><ul><li>Hardware-based Solutions </li></ul></ul><ul><li>Usages of VT-x and VT-i </li></ul><ul><li>Future of VT </li></ul>
  3. 3. Overview <ul><li>Background </li></ul><ul><ul><li>X86 memory management review </li></ul></ul><ul><li>Software-only virtualization </li></ul><ul><ul><li>Challenges </li></ul></ul><ul><ul><li>Solutions </li></ul></ul><ul><li>Intel virtualization technology (VT) ‏ </li></ul><ul><ul><li>VT-x / VT-i architecture </li></ul></ul><ul><ul><li>Hardware-based Solutions </li></ul></ul><ul><li>Usages of VT-x and VT-i </li></ul><ul><li>Future of VT </li></ul>
  4. 4. IA-32 Architecture overview
  5. 5. Memory Management on IA-32
  6. 6. Privilege level (ring 0,1,2,3) ‏ Memory Management on IA-32: segments
  7. 7. Memory Management on IA-32: multi-segments
  8. 8. Memory Management on IA-32: flat model <ul><li>Paging protection </li></ul><ul><ul><li>User / Supervisor bit </li></ul></ul><ul><ul><li>Read / Write bit </li></ul></ul><ul><ul><li>Works well for unvirtualized OS </li></ul></ul><ul><li>In 64-bit mode, segmentation is generally disabled </li></ul>
  9. 9. <ul><ul><li>Use flat model </li></ul></ul><ul><ul><li>Paging isolates kernel / user space </li></ul></ul><ul><ul><li>OS runs in “supervisor mode” </li></ul></ul><ul><ul><li>App runs in “user mode” </li></ul></ul>Without VMM With VMM <ul><ul><li>On 32-bit: </li></ul></ul><ul><ul><ul><ul><li>Use segments to isolate VMM/OS/App </li></ul></ul></ul></ul><ul><ul><ul><ul><li>0/1/3 model </li></ul></ul></ul></ul><ul><ul><li>On 64-bit : </li></ul></ul><ul><ul><ul><ul><li>0/3/3 model </li></ul></ul></ul></ul>The privileges of VMM, OS and Apps
  10. 10. Overview <ul><li>Background </li></ul><ul><ul><li>X86 memory management review </li></ul></ul><ul><li>Software-only virtualization </li></ul><ul><ul><li>Challenges </li></ul></ul><ul><ul><li>Solutions </li></ul></ul><ul><li>Intel virtualization technology (VT) ‏ </li></ul><ul><ul><li>VT-x / VT-i architecture </li></ul></ul><ul><ul><li>Hardware-based Solutions </li></ul></ul><ul><li>Usages of VT-x and VT-i </li></ul><ul><li>Future of VT </li></ul>
  11. 11. Challenges <ul><li>Ring Aliasing </li></ul><ul><ul><li>The problem that arise when software is run at a privilege level other than the privilege level for which it was written </li></ul></ul><ul><ul><li>An existing OS may be written to run with ring 0 </li></ul></ul><ul><ul><li>VMM must run with ring 0 </li></ul></ul><ul><ul><li>Guest OS: be deprivileged </li></ul></ul><ul><ul><ul><li>0/1/3 (32-bit)‏ </li></ul></ul></ul><ul><ul><ul><li>0/3/3 (64-bit)‏ </li></ul></ul></ul><ul><ul><li>A guest OS can know its run level </li></ul></ul><ul><ul><ul><li>PUSH CS: CS contains the Current Privilege Level (CPL)‏ </li></ul></ul></ul>
  12. 12. Challenges <ul><li>Address-Space Compression </li></ul><ul><ul><li>VMM must use some of the guest’s virtual-address space to manage transition between guest OS and VMM </li></ul></ul><ul><ul><ul><li>For IA-32, IDT (interrupt descript table) uses linear address (virtual address)‏ </li></ul></ul></ul><ul><ul><ul><li>For Itanium, interrupt vector table (IVT) resides in virtual address space </li></ul></ul></ul><ul><ul><li>VMM’s address spaces must be protected </li></ul></ul><ul><ul><ul><li>Guest could detect that it is running in a VM </li></ul></ul></ul>
  13. 13. Challenges <ul><li>Non-Faulting Access to Privileged State </li></ul><ul><ul><li>In most cases, accessing privileges states result in faults </li></ul></ul><ul><ul><li>However, some instructions can access privilege states without faulting </li></ul></ul><ul><ul><ul><li>For IA-32, GDTR, IDTR, etc are only writable at ring 0. But they are readable without causing faulting </li></ul></ul></ul><ul><ul><ul><li>For Itanium, PTA (page-table address) register is only writable at ring 0. thrash instruction indirectly exposes the value </li></ul></ul></ul><ul><ul><li>A guest OS may find the inconsistency by attempting to write first and then reading </li></ul></ul><ul><li>Adverse Impact on Guest System Calls </li></ul><ul><ul><li>System calls are made via SYSENTER/SYSEXIT </li></ul></ul><ul><ul><ul><li>Lower latency than the traditional software interrupt (INT 80H)‏ </li></ul></ul></ul><ul><ul><ul><li>SYSENTER always transits to ring 0 </li></ul></ul></ul><ul><ul><ul><li>SYSEXITS faults if executed outside ring 0 </li></ul></ul></ul><ul><ul><ul><li>VMM must emulate every guest execution of SYSENTER/SYSEXIT </li></ul></ul></ul>
  14. 14. Challenges <ul><li>Interrupt Virtualization </li></ul><ul><ul><li>A VMM may manage external interrupts and deny guest to control interrupt masking </li></ul></ul><ul><ul><ul><li>To support “virtual interrupt”, VMM must intercept guest’s attempt of masking/unmasking </li></ul></ul></ul><ul><ul><ul><li>Some OS frequently mask and unmask, intercepting them significantly affect performance </li></ul></ul></ul><ul><ul><li>Deliver &quot;virtual interrupt&quot; to a guest in a timely way </li></ul></ul><ul><ul><ul><li>A guest may mask the interrupt (not ready to receive)‏ </li></ul></ul></ul>
  15. 15. Challenges <ul><li>Access to Hidden State </li></ul><ul><ul><li>Some processor states are not software-accessible </li></ul></ul><ul><ul><li>In IA-32, no mechanism for saving/restoring the hidden component of segment registers </li></ul></ul><ul><ul><ul><li>e.g. segmen registers </li></ul></ul></ul><ul><ul><ul><li>required for guest switching to set the hidden value </li></ul></ul></ul><ul><ul><li>In Itanium, no direct write to a Current Frame Load Enabled (CFLE) field in Register State Engine (RSE)‏ </li></ul></ul><ul><ul><ul><li>After external interrupt handling, VMM wants to return to guest OS with CFLE = 0 </li></ul></ul></ul><ul><ul><ul><li>The return from interrupt instruction forces it to be 1 </li></ul></ul></ul>
  16. 16. Challenges <ul><li>Ring Compression </li></ul><ul><ul><li>Segment protections do not apply in 64-bit </li></ul></ul><ul><ul><li>Paging does not distinguish ring 0-2 </li></ul></ul><ul><ul><ul><li>Guest OS must run at ring 3 (0/3/3 model)‏ </li></ul></ul></ul><ul><ul><ul><li>Guest OS runs at the same privilege level as applications </li></ul></ul></ul><ul><li>Frequent Access to Privileged Resources </li></ul><ul><ul><li>Performance is compromised by excessive faults </li></ul></ul><ul><ul><li>Task-priority register: it may be frequently accessed to control interrupt priority </li></ul></ul>
  17. 17. Overview <ul><li>Background </li></ul><ul><ul><li>X86 memory management review </li></ul></ul><ul><li>Software-only virtualization </li></ul><ul><ul><li>Challenges </li></ul></ul><ul><ul><li>Solutions </li></ul></ul><ul><li>Intel virtualization technology (VT) ‏ </li></ul><ul><ul><li>VT-x / VT-i architecture </li></ul></ul><ul><ul><li>Hardware-based Solutions </li></ul></ul><ul><li>Usages of VT-x and VT-i </li></ul><ul><li>Future of VT </li></ul>
  18. 18. <ul><ul><li>Paravirtualization </li></ul></ul><ul><ul><ul><li>Modify the guest OS to cooperate with VMM </li></ul></ul></ul><ul><ul><ul><li>Pros: offers high performance </li></ul></ul></ul><ul><ul><ul><li>Cons: need the source code of an OS </li></ul></ul></ul><ul><ul><ul><li>Example: Xen </li></ul></ul></ul><ul><ul><li>Binary translation </li></ul></ul><ul><ul><ul><li>Transforming guest OS binaries on-the-fly </li></ul></ul></ul><ul><ul><ul><li>Pros: support unmodified OS </li></ul></ul></ul><ul><ul><ul><li>Cons: slow </li></ul></ul></ul><ul><ul><ul><li>Examples: VMware, Virtual PC </li></ul></ul></ul>Two Main solutions
  19. 19. Overview <ul><li>Background </li></ul><ul><ul><li>X86 memory management review </li></ul></ul><ul><li>Software-only virtualization </li></ul><ul><ul><li>Challenges </li></ul></ul><ul><ul><li>Solutions </li></ul></ul><ul><li>Intel virtualization technology (VT) ‏ </li></ul><ul><ul><li>VT-x / VT-i architecture </li></ul></ul><ul><ul><li>Hardware-based Solutions </li></ul></ul><ul><li>Usages of VT-x and VT-i </li></ul><ul><li>Future of VT </li></ul>
  20. 20. VT-x Architecture Overview Intel Virtualization Architecture Overview <ul><li>Two new forms of CPU operation </li></ul><ul><ul><li>VMX root operation – for use by a VMM </li></ul></ul><ul><ul><li>VMX non-root operation – similar to that of IA-32 w/o VT-x </li></ul></ul><ul><ul><li>Both forms of operation support all four privilege levels </li></ul></ul><ul><ul><li>Guest OS can run at its intended privilege level </li></ul></ul><ul><li>Two new transitions </li></ul><ul><ul><li>VM entry – from VMX root operation to non-root operation </li></ul></ul><ul><ul><li>VM exit – from VMX non-root operation to root operation </li></ul></ul><ul><li>Under VMX non-root operation, Many instructions/events cause VM exits </li></ul>
  21. 21. Intel Virtualization Architecture Overview <ul><li>VMCS (Virtual Machine Control Structure)‏ </li></ul><ul><ul><li>A new data structure </li></ul></ul><ul><ul><li>VMCS includes guest-state area and host-state area </li></ul></ul><ul><ul><li>At transition, corresponding state is loaded/saved VM Exiting events control </li></ul></ul><ul><ul><li>External-interrupt exiting </li></ul></ul><ul><ul><ul><li>If set, all external interrupts causes VM exits </li></ul></ul></ul><ul><ul><ul><li>Guest is not able to mask them </li></ul></ul></ul><ul><ul><li>Interrupt-window exiting </li></ul></ul><ul><ul><ul><li>If set, a VM exit occurs whenever guest OS is ready to receive interrupts </li></ul></ul></ul><ul><ul><li>Use TPR shadow </li></ul></ul><ul><ul><ul><li>“ MOV CR8” (to set TPR) accesses a TPR shadow </li></ul></ul></ul><ul><ul><ul><li>A VM exit occurs if any TPR is set to a value below some threshold </li></ul></ul></ul><ul><ul><li>Exception bitmap </li></ul></ul><ul><ul><ul><li>which exception should cause VM exits and which should not </li></ul></ul></ul><ul><ul><li>I/O bitmap </li></ul></ul><ul><ul><ul><li>which port access attempts cause VM exit </li></ul></ul></ul><ul><ul><li>MSR bitmap </li></ul></ul><ul><ul><ul><li>To which Model Specific Register access attempts cause VM exit </li></ul></ul></ul>VT-x Architecture Overview
  22. 22. Intel Virtualization Architecture Overview <ul><li>A new PSR (Processor Status Register) bit: PSR.vm </li></ul><ul><ul><li>Guest OS runs with the bit set to 1 </li></ul></ul><ul><ul><li>VMM runs with the bit set to 0 </li></ul></ul><ul><ul><li>When PRS.vm=1, execution of privileged instructions causes control transfer to VMM </li></ul></ul><ul><ul><li>When PRS.vm=1, the uppermost virtual-address bit is not available </li></ul></ul><ul><ul><li>PSR.vm is orthogonal to the privilege level </li></ul></ul><ul><li>Virtual process desciptor (VPD) table </li></ul><ul><ul><li>Virtualization-acceleration field </li></ul></ul><ul><ul><ul><li>e.g. Interception control for reads of CPUID etc. </li></ul></ul></ul><ul><ul><li>Virtualization-disable field </li></ul></ul><ul><ul><ul><li>Disable virtualization of a particular resource of instruction </li></ul></ul></ul><ul><li>Control virtualization interception </li></ul><ul><ul><li>Virtualization vector </li></ul></ul><ul><ul><li>Virtual external interrupt vector </li></ul></ul>VT-i Architecture Overview
  23. 23. Overview <ul><li>Background </li></ul><ul><ul><li>X86 memory management review </li></ul></ul><ul><li>Software-only virtualization </li></ul><ul><ul><li>Challenges </li></ul></ul><ul><ul><li>Solutions </li></ul></ul><ul><li>Intel virtualization technology (VT) ‏ </li></ul><ul><ul><li>VT-x / VT-i architecture </li></ul></ul><ul><ul><li>Hardware-based Solutions </li></ul></ul><ul><li>Usages of VT-x and VT-i </li></ul><ul><li>Future of VT </li></ul>
  24. 24. Solving Challenges with VT <ul><li>Address-Space Compression </li></ul><ul><ul><li>With VT-x </li></ul></ul><ul><ul><ul><li>VM Exits / VM Entries change the linear address space </li></ul></ul></ul><ul><ul><ul><li>VMM and guests resides in separate virtual address space </li></ul></ul></ul><ul><ul><li>With VT-i </li></ul></ul><ul><ul><ul><li>The VMM has a virtual-address bit that guest OS cannot use </li></ul></ul></ul><ul><ul><ul><li>VMM has exclusive use of half of virtual-address space </li></ul></ul></ul><ul><li>Ring Aliasing </li></ul><ul><li>Ring Compression </li></ul><ul><ul><ul><li>VT-x and VT-i allow guest OS to run at its intended privilege level </li></ul></ul></ul>
  25. 25. Solving Challenges with VT <ul><li>Nonfaulting Access to Privileged State </li></ul><ul><ul><li>With VT-x and VT-i, such access: </li></ul></ul><ul><ul><ul><li>Either causes transition to VMM </li></ul></ul></ul><ul><ul><ul><li>Or becomes unimportant to VMM </li></ul></ul></ul><ul><ul><ul><ul><li>E.g. allow guests to write IDT (VMCS controls the interrupts/exceptions)‏ </li></ul></ul></ul></ul><ul><li>Guest System Calls </li></ul><ul><ul><ul><li>With VT-x, a guest OS can run at privilege level 0 </li></ul></ul></ul><ul><ul><ul><li>Eliminates the problem associated with SYSENTER/SYSEXIT </li></ul></ul></ul><ul><li>Interrupt Virtualization </li></ul><ul><ul><li>External interrupt exiting VM control </li></ul></ul><ul><ul><li>Interrupt-window exiting VM control </li></ul></ul>
  26. 26. Solving Challenges with VT <ul><li>Access to Hidden State </li></ul><ul><ul><li>VT-x includes those state in the guest-state area of VMCS </li></ul></ul><ul><ul><ul><li>Processor load/restore the values on every VM entry or exit </li></ul></ul></ul><ul><ul><li>VT-i provides a way for VMM to write the CFLE bit </li></ul></ul><ul><li>Frequent Access to Privileged Resources </li></ul><ul><ul><li>VT-x provides TPR shadow. VMM is only involved when the value drops below the threshold </li></ul></ul><ul><ul><li>VT-i allows guest write the interruption-control register. VMM can revise them before the guest interrupt handler returns </li></ul></ul>
  27. 27. Overview <ul><li>Background </li></ul><ul><ul><li>X86 memory management review </li></ul></ul><ul><li>Software-only virtualization </li></ul><ul><ul><li>Challenges </li></ul></ul><ul><ul><li>Solutions </li></ul></ul><ul><li>Intel virtualization technology (VT) ‏ </li></ul><ul><ul><li>VT-x / VT-i architecture </li></ul></ul><ul><ul><li>Hardware-based Solutions </li></ul></ul><ul><li>Usages of VT-x and VT-i </li></ul><ul><li>Future of VT </li></ul>
  28. 28. VMM Usage of Intel VT Features <ul><li>Exception Handling </li></ul><ul><ul><li>When VM exits, the cause of exception is accessible to VMM </li></ul></ul><ul><ul><ul><li>If the exception should be handled by guest OS, a VM entry with the event (event injection) is executed </li></ul></ul></ul><ul><ul><ul><li>Or eliminate the cause of the exception and then perform a plain VM entry </li></ul></ul></ul><ul><li>Lazy Floating-Point State Processing </li></ul><ul><ul><li>A feature of IA-32 </li></ul></ul><ul><ul><ul><li>Restoring the floating-point state is time-consuming </li></ul></ul></ul><ul><ul><ul><li>It can be avoided if a user process does not use the FPU </li></ul></ul></ul><ul><ul><ul><li>When FPU is needed, an exception occurs to trigger state restoring </li></ul></ul></ul><ul><ul><li>VT-x supports the guest OS to utilize this feature by using its exception handling </li></ul></ul>
  29. 29. Overview <ul><li>Background </li></ul><ul><ul><li>X86 memory management review </li></ul></ul><ul><li>Software-only virtualization </li></ul><ul><ul><li>Challenges </li></ul></ul><ul><ul><li>Solutions </li></ul></ul><ul><li>Intel virtualization technology (VT) ‏ </li></ul><ul><ul><li>VT-x / VT-i architecture </li></ul></ul><ul><ul><li>Hardware-based Solutions </li></ul></ul><ul><li>Usages of VT-x and VT-i </li></ul><ul><li>Future of VT </li></ul>
  30. 30. Future of VT Architecture <ul><li>NMI-window VM exiting </li></ul><ul><ul><li>Similar to the interrupt-window exiting, but for non-maskable interrupts (NMI)‏ </li></ul></ul><ul><li>Virtual-processor identifiers (VPIDs) </li></ul><ul><ul><li>Allow a VMM to assign a VPID to each virtual processor </li></ul></ul><ul><ul><li>CPU can use VPIDs to tag translations in TLB </li></ul></ul><ul><ul><li>So the need of TLB flash on every VM entry/exit can be eliminated </li></ul></ul><ul><li>Extended page table (EPT)‏ </li></ul><ul><ul><li>A separate set of pate tables to translate from guest-physical address to host-physical address </li></ul></ul><ul><ul><li>Guest OS can modify its own page tables and directly handle PF </li></ul></ul><ul><ul><li>VMM can avoid the VM Exits associated with page-table virtualization, which are a major source of overhead </li></ul></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×