1 / 25

Sorav Bansal IIT Delhi

Looking Inside the Virtualization Layer for Performance, Security and Software Fault-Tolerance. Sorav Bansal IIT Delhi. Virtualization Software. VMware Workstation/ESX Server Citrix XenServer Microsoft Hyper-V Virtual Iron Parallels Desktop …. Classification of Virtual Machine Monitors.

gram
Download Presentation

Sorav Bansal IIT Delhi

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Looking Inside the Virtualization Layer for Performance, Security and Software Fault-Tolerance SoravBansal IIT Delhi

  2. Virtualization Software • VMware Workstation/ESX Server • Citrix XenServer • Microsoft Hyper-V • Virtual Iron • Parallels Desktop • …

  3. Classification of Virtual Machine Monitors • Binary Translation • VMware (1998) • Hardware-Assisted Virtualization • VMware, Hyper-V, XenServer, Virtual Iron, … • Para-virtualization • XenServer

  4. Missing Features • Optimize code • Security • Bug-tolerance

  5. What are we doing • A virtualization layer for x86 from grounds-up • Runs unmodified OS • Can dynamically optimize code (binary translation) • Can specify security policies enforceable at instruction-level granularity • Can record and replay an execution • Can install on an existing OS • Transparent to user • Simple

  6. Traditional Picture Application 1 Application 2 OS Hardware

  7. Virtualized Picture Application 1 Application 2 OS Optimizing VMM

  8. Translation Blocks • Divide code into “translation blocks” • A translation block ends if • Reach a control-flow instruction • Or, MAX_INSNS instructions have been translated

  9. A Simple Scheme x: tx: Original code fragment Translated code fragment Binary Translator

  10. Use a Cache x: tx: Original code fragment Translated code fragment Binary Translator save Lookup using x found Translation Cache not-found

  11. Direct Jump Chaining Ta a lookup(b) lookup(c) b c Tb Tc d lookup(d) lookup(d) Td

  12. Indirect Jumps push b jmp Tf call Ta Tf f a b tmp JTABLE[retaddr & MASK] if (tmp.src == retaddr) goto tmp.dst ret pop retaddr lookup(retaddr) Tb

  13. Lower is Better

  14. Lower is Better

  15. logarithmic scale printf Overheads

  16. Effect of Maximum Size of Translation Block Overhead Max Size of Translation Block

  17. clock Effect of Translation Cache Size random Overhead Number of 4k pages in Translation Cache

  18. Optimizations • Peephole Optimizations • Trace Optimizations • Cross-layer optimizations

  19. An Example ld M, r1 ld M, r0 ld M, r0 mov r0, r1

  20. Interrupts ld M, r1 ld M, r0 ld M, r0 mov r0, r1 Delay Interrupt delivery till end of current translation

  21. Precise Exceptions ret ld (sp),t0 add $4, sp … jmp t0 Page fault rollback code sub $4, sp restore t0 page fault handler

  22. Security: A Simple Scheme to PreventStack-Overflows … push ra, shadow … call … ra pop ra1pop shadow if (ra != ra1) error … ret

  23. Record-Replay • Record • Direct I/O (in instructions) • Interrupts • Memory-mapped I/O • Can use this to tolerate certain classes of bugs

  24. Slowdowns with Record/Replay

  25. Conclusions • The virtualization layer is a good place to do many interesting things • Can we make the virtual machine appear __________________ than the real machine? faster more secure more reliable

More Related