 All right everybody Friday the last Friday. Good morning Excuse me, what did you say? Good morning, Vietnam. Oh, does it feel that way? Yeah, you guys like feel your Really this is is that a description of your assignment three submission or All right, so so today my goal is to Kind of reboot Wednesday's lecture and try to have things make more sense, right? I Realized as I was lecturing Wednesday that I had made these terrible Inclumsy mistakes and how the material was presented and I think things didn't make any sense How many people thought the things made sense on Wednesday? Oh, okay. Well, good Maybe maybe what I've actually done is is you know Sometimes when you can't remember what someone's name is and like you know It's one of two things and then you kind of outthink yourself So maybe what I've done is I've confused the material to agree that nobody will understand it So okay, but anyway, so today we're really just going to try to focus on finishing up our discussion of full Virtualization right I gave up on preventing presenting para virtualization. We just don't have time. It's fine But we'll talk about full virtualization. We'll go through a couple of examples of how Traps are handled and we'll talk a little bit about some of the you know if we have time at the end we'll talk a little bit about some of the go ugly gory details of The x86 architecture in particular what makes this difficult and some of what VM wearers has innovated. All right, so All right, so Monday Monday morning, I will be here at 8 a.m. And I will have a I mean, I don't know what I'm going to prepare But I think I'll be able to answer questions about the exam will do kind of a general free flowing Freewheeling sort of review session and that's going to be what we'll do on Monday I'll probably what I'll do is I'll just put together a compilation of slides from the from throughout the class And we'll walk through kind of you know things from day one We'll take a journey down memory lane and talk about all the great and wonderful things that we've learned this semester and you know Whatever or maybe we'll just show a movie if nobody comes right That's probably so if nobody's here at 80 and I'm gonna turn on the matrix and start watching But you know, please show up This is your practice at getting up at 8 a.m. Which is something that you know even even I will have to work out a little bit So but anyway, I'll be here. Maybe we'll have some goodies You know for people who show up To sort of help you guys wake up a little bit, but but we're gonna do review 8 a.m. 8 to 10 8 to 10 2 hours a special double episode All right, so and then and so remember we I made you guys this deal about the Course feedback so I went and and I made this deal after looking at the feedback rates because there's like one person from 421 That just filled out the feedback right there's like us actually 521 people are doing better There were multiple people that filled out the form for 521 But they must be angry or something They got in there right away But but yeah, so the combined the combined participate who remembers what the deal is that the combined participation rate for both classes Goes above 70% what will happen? I will release one of the exam questions on You know, let's see the exam is Monday So I would release it like Saturday night Right giving you guys a day to look at it and prepare an answer that you can write when you come and take the exam Monday morning, right and if the participation level crosses 80% what will happen two questions 90% There is no way we're gonna do 100% but in the bizarre likelihood that that happens what would happen no final exam Sure, okay. No, I'm not gonna I'm not gonna promise that Got some skilled hackers in this room You know some ballot stuffing if you okay, how about this if you get the participation rate If you get the participation rate to 110% Then maybe we'll give we'll give an exam All right, so so please fill out the form. This is really useful You know and it's kind of sad to see that no one has filled it out yet, but I don't know. I don't know what it looks like I don't know what it asks you but you know Have have fun with it and and leave leave feedback that'll help us improve the class as we move forward All right, so assignment three is due on Wednesday Okay, you know watch your email This week we might have Try to take some of the TA time and sort of move it all into the front half of the week So we give you guys a chance to come in and get some sort of last-minute help on assignment three You know if you're in a good place for assignment three You're at the point now where your system works with a lot of memory Right without swapping, but you know if you put eight or sixteen megabytes in it You can run all the tests and things work right if you're in that place you're in a good place if you're not You're not in a good place. So it's time to get to work because the swapping will take a little while All right any questions about logistics incentives Etc. All right Okay, so on Monday really the only thing I think that I presented coherently was potentially some reasons why we might think about virtualizing hardware creating a virtual machine and creating a virtual machine that was real enough that we could actually run a Operating system inside right so so operating systems inside operating systems I guess maybe you could even run little mini operating systems inside your operating system, right? So it ends up being this like Russian egg sort of thing right Russian doll sort of Stacking sort of situation, but who remembers some of the reasons that we might we might want to do this, right? Or or who has okay? Sorry questions first. Who has any questions about Mondays materials a lot of it is gonna Sorry Wednesday, right Wednesday's material a lot of it's going to reappear in about ten minutes So any questions about what we covered on? Wednesday as far as motivations for virtualization All right, so let's review what were some of the problems with operating systems that we Identified together particularly in the area of hardware coupling So so what are some of the the weaknesses that operating systems have that would lead us to? Create little virtual machines for them to live in rather than the physical machines that were perhaps more common 10 20 years So what are what are some of the problems with the in the the physical the real physical environment? What what what can you what are the things that become hard to do or one of the problems when you actually? install a real operating system on a real machine Hard for multiple operating systems run. It's really impossible, right? Because the operating system is used to being in charge, right? It's the boss So it doesn't like to have or doesn't really understand it really has no way of Tolerating the presence of other other systems, right? You know, it's going to say this is my machine You know and if you try to run another operating system, then I don't even know what would happen I just say they don't think that's even possible, right? It just doesn't it can be sent right So yeah, so I have this You know problem where you know, I might want to run multiple operating systems, okay? And again, that's a little that the rational is a little semi-keke, right? What else? What are other problems? Start calling on people. All right left side of the room Picking on you guys again today. What were some of the other problems with this? Coupling between hardware Isolation okay, no you're getting ahead of me. We're gonna come back to isolation, right? We're gonna come back to isolation in the next slide But what are some of the other problems with with really with creating this weird sort of marriage between hardware and the operating? This this group of three somebody will contribute no ideas anybody from the left side of the Right side of the room Again, maybe people weren't here and went there right what about What about if you're you know, so this has happened to some people in this class, right? What about if your machine dies? Right Carl Yeah, I mean transfer itself in one machine to another so so some of you guys have had this unfortunate Incident where like your your machine is crashed, okay? now if you had been Snapshotting the state of your CS 421 virtual machine You would have been able to reload that on another machine And I think people have actually done this when they've bought a new machine to transfer You know basically the entire system on to a new machine. That's possible right works Does it work? It does work, right? Yeah, very easy very nice, right? Take an entire machine. You just move it easy The problem you guys have had when your machines have died is you haven't been snapshotting the virtual machine So that becomes more hard right so if your machine dies and you lose the virtual machine state Then you're then you're in trouble right but in general the ability to put your arms around an entire machine That's being implemented at software just pick it up as a bunch of bytes and dump it on to another machine is kind of nice, right? So what else it was like at least one more thing here. Maybe I'll give people another hint What do you know what about? You know provisioning your system. How do you give resources or grant resources to to your system when it's running on bare metal? Yeah, you know if I if I want to add memory or do other things, you know It ends up being really difficult and what this means is that I have to really try to make a best-guess effort up front to provision machines Right so this so on on real hardware You know, I'm limited to the capabilities of the actual bare metal right and if I want to change capabilities I've got to change metal right on virtualized setup if I want to change You know if I want to add memory to my EC2 instance I Shut it down. I click a different box and I reboot it and suddenly it's you know got twice as much memory Right, that's pretty cool All right What about application isolation? You brought this up so so to what degree do operating systems not so so okay one thing that operates systems do well when it comes to isolation What's one resource that operates systems are good at isolating between multiple processes potential exam question What's that? Processors memory right I mean processors kind of clean right a yank something off the processor There's no trace that it was ever there right memory if I do properly I can allow some sharing in memory, which is nice But in general usually most the default settings for memory Hopefully for when you guys are doing your virtual memory system should be unshared right and certainly we don't want any accidental share But in many ways, you know operating systems leak a lot of information through a variety of channels right that the causes other Applications to be aware of the presence of other applications on the system right so what's one way in which this happens? files ah, all right You know and and of course the file system actually in some ways gives birth to all of these other problems Right, I've got software setups that are very specific to a machine You know I might need to tune the kernel for a particular application And then as we talked about when we talked about performance that tuning process It's if it's too specific to that application might end up breaking things for other applications right so there's a whole host of different problems right and again There are certain cases where you can't actually even get a certain application supported Now in our modern virtualized world if it's running alongside anything right so essentially What what has happened right before we had this vision of you know Operating systems supporting multiple applications multi-programming multiple users multiple different things happening. What what have we regressed to? What do we what do we have now? Carl you're waving a finger in the air Yeah, I mean it's kind of that way right I mean you have a you have this this it's literally like a machine That is built and customized for a single application, right? so you know you get this virtual machine image that comes with SQL server and a kernel that is customized Exactly for SQL server and that's it right and you put that thing up and it's got a port number and that's all it does Right and and but yeah, so we've had this interesting Progression where we've essentially started to link these two things very very very very directly right and virtualization is part of what makes that possible Okay, all right, so any other questions about motivation? Why do this crazy virtualization thing in the first we're gonna we're gonna get kind of you know Really trappy and down into the belly of the beast today with how this stuff actually works out at the you know At the instruction by instruction levels, so this is good chance to try to wrap your mind around why this is a good idea, right? All right Okay, so so let me back up a little bit. I think last time I got a little bit ahead of ahead of this right so Remember that our overall goal here when we're talking about full virtualization is to take an unmodified operating system Right, so if I could simply stop your your machine that you have running Take you know the disk and load it into a file on another machine and start that up running in a virtual machine I want to run a complete unmodified operating system inside that virtual. I don't want to have to make any Changes to the operating system. I don't want the operating system to know at all right and do you guys remember? I mean why why is this difficult? I? Don't think I should have this I have this thing up on about BM where I feel like I'm kind of hawking their product Anyway, I mean VMware is the thing that people are familiar with but there's a lot of other ways to do this VMware was Responsible for some I think their earlier idea is about how to do this specifically for x86, but but in no way am I endorsing BM All right, let's say give me a lot of money, and I'll endorse them happily So so why why is this difficult? What's hard about this right? I mean operating systems are used to running with kernel privilege right this is the big challenge They're used to running in privileged mode the use time and access to all the resources on the system And the challenge in virtualization is how do we relax that require and allow them to run? essentially in it so so again think about this way once you create a virtual machine and start an operating system up running in it You have two operating systems running on the system. They're both used to running in privileged mode They both think that they should be privileged right you know your your window you know your windows 7 guest OS doesn't Want you to tell it that it's not a real operating system You know it's not the operating system that you've chosen to manage your precious hardware It's just running in a VM because you need it to do like two things a month It doesn't it doesn't want to know that it doesn't it would hurt its feelings, right? So so it's it's like it wants to think it's special wants to think like I'm the operating system I this is and again like I don't know why my machine is so dinky and slow But hey, you know it's the best machine. I've got I'm gonna now I'm gonna do my best so So there's a couple of problems here, right? So the first is is really the guest to us is going to try to execute these privileged instructions right the second problem is that we now we're playing the shell game because there are traps that are going to be Created inside the virtual machine that will need to be handled by the guest operating system All right, so so really there's two there's two type of situations that the virtual machine monitor needs to handle pop The first situation is traps by applications running in inside the virtual machine now. What has to happen so I'm you know, I've created a little MIPS virtual machine and my MIPS application called system call Who is supposed to handle that system call who has to handle that system call the host of us or the guest of us Hear people whisper it anybody want to venture a guess. What's that? The guest OS is has to handle it. Why does the guest OS have to handle it? Yeah, I mean you might you might be a total you might be running a totally different operating system with a different calling Could you know different calling conventions for your system calls system call numbers that do different things, right? What's the other reason right? Let's say let's say I'm running an identical copy of Ubuntu inside a virtual machine running on Ubuntu I don't know actually there's a lot of good reasons to do it But but why still why would I why does the guest OS have to eventually handle this trap? Then okay, so so so save that answer and come back to it because we'll get to that with the next level of traps But they got so sort of more fundamental Right, so does the host OS like again? Does the host OS know anything about the applications that are running inside the guest OS that really right? It just knows that all it knows is that someone told me that I should send the traps that are generated by this application to this virtual machine Monitor, right? That's all it knows. It doesn't have any idea that there's an application. So you're you know your host OS What does the entire virtual machine look like to the host OS in a full virtualization scenario? What does it look like? key Looks like an application right all it knows is that application generated a fault of some kind Right, and the only thing we're going to do special here is we're going to have the host OS Use the virtual machine monitor to handle those faults that are generated by that application That's the only thing because the host OS cannot handle those. It doesn't know doesn't know what's happening There's all sorts of state inside the virtual machine. That's completely opaque. Right, so that's that's the only thing we have to do All right sec second thing. So what happens if? Then we're coming to your answer, right? So so the guest OS is going to try to execute these privileged instructions, right? Who who has to hand so when the guest OS tries to like make a change the TLB or? Modify page tables or change the privilege level Who has to handle that? Who who needs to handle that that that trap that? Who's respond what application or what process is responsible for the state of the virtual machine? virtual machine monitor Right, so this is the reason that all these traps created by this application have to be handed to the virtual machine monitor, right? because if for example, the the guest OS tries to modify some state about the machine the machine state that has to get modified is Actually the virtual machine state not the physical in most cases, right? In some cases we talked about instructions that were safe to execute on the virtual on the real machine, right? but in some cases the virtual machine monitor needs to know that it tried to load a TLB entry, right? Because the virtual machine monitor needs to check to make sure that's safe, right? So so again one of the ways that we keep isolation between the virtual machine and the physical machine is that? We make sure that the virtual machine monitor sees any changes to the machine state that the guest of us tries to make Because those changes need to be to be checked, right? All right, so so I think we talked about this a little bit, right? If we run the guest of us with kernel privileges We just can't do this, right? There's no way to there's no real no way to do this safely because this means that the guest of us is even if you know in the best case, right? the guest of us is completely functional and well-behaved Right, but the problem is that this this this violates our safety requirement that we had for virtual machines, right? This means that the guest of us can essentially load So for example if I if I create a virtual machine that uses, you know 512 megabytes of the memory on my system If I allow the guest OS inside that virtual machine to run with privileged mode It can load TLB entries that point to any memory address anywhere on the machine, right? So I can't do this, right? So this is this is why I can't run this the guest of us with in privileged mode, okay? now Just again, I think we went over this a little bit last time So what happens if we run the guest of us with user privileges, right? This is our this is our big trick, right? We're going to take the kernel and we're just going to execute it with user privileges What happens now? What's what's the kernel? What's gonna you know if you just took your kernel and you you yanked away its privilege level behind its back What what would happen eventually? What would happen it? What happens if a user program tries to execute an instruction that requires some sort of privilege that it doesn't have? How does it get killed? What's the first thing that happens an exception, right? Or this is what needs to happen, right? So if your You know you can try this on MIPS, right? If your user program tries to you know, write to the TLB Without the correct privileges that will cause an exception, right? And it will jump to the gut it will jump to the operate system and start handling the exception, right? And the operating system will see hey that user program is supposed to be able to modify the TLB And it will be killed, right? But the first thing that happens is that it is an exception occurs This is what needs to happen, right? This is critical because this is how the virtual machine monitor is going to get control of the system, right? So the critical trick here is that by running the guest operating system in user mode on a Machine that generates exceptions. This is the other critical part The machine has to generate an exception when I try to execute a privilege instruction As long as that happens I have a chance to run and the virtual machine monitor has a chance to inspect that instruction to make sure it's okay, right? If I didn't have this property I mean if the if the machine allows user programs to execute privileged instructions It's totally broke, right? Like that machine is just a bad machine, right? But if the machine doesn't cause an exception or if it like kills the process itself or something weird, right? Or if it does something weird to the state and machine when this happens that also causes problems, right? So keep this in mind when we come back a little bit later in class We'll talk a little bit about the x86 and part of why this is such a mess on the x86, right? All right So again, ideally what happens is when privileged instructions are run by the guest of us at user privilege at a user privilege level The CPU is going to trap, right? And what's going to happen? It's going to trap into which operating system? The host, right? It's going to trap in the host OS The host OS is going to hand this off to the virtual machine monitor and the virtual machine monitor is going to figure out what to do right The trap is handled by the VMM, right? And again, so so if and we'll come back to this example But if the virtual if the process is doing something, okay If the guest OS is doing something, okay to the virtual machine Then the instruction is allowed to complete, right? But because I need to preserve safety. I need to inspect those instructions, right? So this whole approach is Known as trap and emulate Right, I trap in order to run a virtual machine in order to run privileged code inside that virtual machine I trap instructions that change the state of the machine and I emulate or inspect those instructions to make sure that they're okay, right? And so and we also if we if a particular hardware instructions that has this property, right? that when privileged instructions are executed they cause an exception and The other thing is that privileged instructions have to work the same way in user mode and in kernel mode, right? That's another requirement for an architecture to be considered classically virtualize it, right? These architectures are easy to virtualize because what happens is the guest the virtual machine monitor gets control from the host OS any time a trap happens, right and These so and these can be virtualized using this approach of we a trap and emulate a trap and inspect, okay? So again, now I'm the virtual machine monitor, right? And the host OS has been talked into handling to to handing traps to me to hand Right, so I'm the virtual machine on our application and I get a trap, right? The host OS has trapped into and it's handed off the trap to me What two things could have happened, right or what two broad classes of things in general? There's two categories of traps that the virtual machine monitor is going to see What's the first category? So so what's what are one of the normal category of traps that happen even on physical machines, right? When do traps occur and what happens when a trap? It's things like system calls and hardware exceptions and stuff like that and where do those traps have to go Where does the VMM have to send those types of traps the guest OS, right? So any trap that would normally be handled by the operating system has to be vectored to the guest operating system, right? That includes you know changes to hardware state that the guest operating system needs to know about and system calls and other requests by Processes running inside the virtual machine for a guest OS support What class of traps is handled by the virtual machine monitor directly? No, what class of traps so again a virtual machine monitor, right? I'm running the guest OS in user mode Normally operating systems just are allowed to change that any state of hardware they want to right? That's that's kind of what kernel privilege allows me to do on a virtual machine. What happens? So the second class of traps actually up on the slide, right? If the trap is caused by an application I need to pass the trap to the guest OS. This is not Completely true, right? The other class of traps I would need to pass to the guest OS Where be traps that would be caused by virtualized hardware in the virtual machine, right? So if my virtual disk has completed a right then I need to trap back into the guest OS so that it can update You know state indicating that the right is complete, right? But if the trap is caused by the guest OS trying to adjust the state of the machine, right? Then the virtual machine monitor will handle that directly, right? Because the virtual machine monitor is is monitoring the state of the virtual machine This is making more sense to me now. Maybe you guys are bored, but but just for my own sanity Okay, so let's so let's talk about how this works, right? We'll go through two examples So so again the requirement here is that traps and exceptions originate inside the VM must be handled by the VM Virtual machine model, right passed off to the virtual machine monitor to hand, okay? and remember most instructions that Are executed both by the guest OS and by applications running inside the guest OS are allowed to simply use the processor normally They don't if I was emulated every instruction this be way too slow So who could give me some examples of of an instruction that would be safe to execute Without without involving the virtual machine monitor at all An ad right all I'm changing is the register state Right. I'm a process. I'm allowed to change the register state on the machine, right? What what's another example? Subdract, okay fairly multiply divide, you know, yeah You know and any things that you know Moving arguments between registers, etc. Etc. What about okay, so second category. What about stuff that accesses memory? What about addresses that access memory load word store word? What do I what what's a little bit tricky about those? What's that? So they have to be translated But but what do I need to do before I allow the virtual machine monitor to? To execute or or things running inside the virtual machine monitor to execute those instructions the first time they're executed Right, so the first time that there's a trap in the virtual machine monitor that needs to gain access to memory What do I need to make sure in the in the virtual machine monitor or in the host operating system? Yeah, then it has permission to access that memory So I've carved off a chunk of memory on the system for the virtual machine to use And if the virtual machine tries to access a page in another part of the system I can't allow that right so that needs to be stopped right and then What what are some applicants? What are some instructions that we probably need to trap and inspect every time, right? So what's what's one that you guys are using for assignment three? That's a That's an example What's the what's the main piece of hardware you guys are manipulating for assignment three? the T.O.B. And Here's the thing right so I had this I realized this after last class I was talking to somebody and I realized that We want the guest operating system and applications inside the guest operating system to use the T.O.B. On the system, they have to use the T.O.B. If they don't use the T.O.B. Memory access is way too slow. Okay, so I'm not going to trap ever that that's why I'm not going to trap and inspect Every load and store word if I did that essentially like I'd be pre virtual memory and the system would be so dog slow You'd never be able to use right So what I do is that when the guest operating system tries to modify the T.O.B. Of the real machine That's the point at which the virtual machine monitor steps in and makes sure that that modification is okay But if the modification is okay, it's allowed to proceed right so while the guest OS and Applications are running inside the virtual machine. They're using the T.O.B. Just like a process would right The only change is that the guest operating system is allowed to modify the T.O.B. But all modifications to the T.O.B. That the guest operating system tries to perform have to be looked at by the virtual machine monitor to make sure that they're okay That I'm not trying to map some piece of memory that the virtual machine hasn't regretted Alright So again, so so what are the steps what happens first example application running inside the virtual machine makes a system call Right, so syscall instruction on MIPS right. What's the first thing that happens? We went over this on this is an example from Wednesday, so I think I was trying to cover this at the end of class But I don't think it made any sense. All right first thing that happens. I execute syscall application running inside my guest OS Yeah, so it calls as a trap. Where does it trap to? The host OS all traps are handled by the host OS, right? Where does the trap go next? To the VMM Carl has this habit of whispering But they're usually right. That's the thing you're whispering, right? All right, so the VMM inspects the so the VMM it looks at the trap, right? So remember there's two classes of traps that the VMM is going to handle, right? This is one and the VMM knows the state of the machine right the VMM knows Hey right now the virtual machine is running an application and it just tried to make a system call, right and So now the next thing I need to do is they need to pass that trap into the guest operating system, okay? So the guest operating system starts to run Right and the guest operating system is going to write, you know, run the code that you guys wrote for assignment, too It's going to handle the system call, right? If there are any exceptions that are produced those would be need to be handled in the way that we'll talk about next But let's say that all the mappings are there So it just copies the data out and then it calls return from exception So assuming MIPS is a virtualizable architecture, and I'm actually not even sure it is but what is RF? What does that instruction have to do, right? So the operating system is done now it executes this return from exception instruction that's supposed to lower the privilege level, right? The funny thing is the privilege level is not even high, right? The privilege of it hasn't even been set, but now I'm executing RFE. So what needs to happen now? so essentially I need to get back to the VMM and Hopefully the way this happens is that I trap back into the host operating system that trap is handled back to the VMM and the VMM sees Okay, the guest operating system is done executing the system call. I know where the caller was I'll just pass the arguments back to the caller when we start the intro, right? All right So let's do a more fun example, right? What about a TLB fault? caused by an application running inside the guest operates Okay, so process executes an instruction a load word or a store That tries to map a piece of memory that it hasn't used before but it has access to this is a valid mapping It's not in the TLB. So it's the first thing that happens, right? Got a trap to the host OS Okay, next thing that happens Goes to the VMM right hand the trap to the VMM. What does the VMM say? Who needs to handle this? Guest operating system, right January by an application Put the guest operating system in charge right the guest operating system is the one it's storing all the information about the process address Translation so the guest OS or the VMM isn't going to handle this fault. There's no idea You know like you're then there's a guest operating system running in there It has its own idea of what all these mappings are and that's who's maintaining the map, right? So it you know the host OS can't translate The TLB fault the guest the VMM can't translate it either right the only person that knows how to translate This is the guest OS right so I get to the guest OS pass the control now What is the guest OS going to do? I'm on the fault-handling path. I look up the translation. I find a translation What do I do? I write it in the TLB and what happens when I write it into the TLB? Carl's whispering again. I fault back to the host OS, right? I just tried to execute a privileged instruction and I'm not a privileged You know I'm not in privileged mode, right now. What happens? Back to the VMM now. What does the VMM do? Seize if it's okay, right? This is an instruction that is doing what it's trying to modify the state of the virtual machine That's what this instruction is doing Okay, I look at it. I say it's a generated by the host OS. Sorry the guest OS And it adjusts the state of the virtual machine appropriate and essentially what's gonna happen? What's it gonna? What's it gonna allow to occur? I did a TLB write or something, right? What's gonna happen? It's just gonna allow the right to happen, right? It's gonna look at it. It's gonna say, okay This is a page that's inside the virtual machine. That's okay, and it's just gonna allow that right to take place Right, so this is this is essentially how this would happen, right? Yeah, so the the VMM That's a good point, right? So the VM I don't know exactly how this works The VMM has to have some ability at least You know you can imagine the minimal ability the VMM has to have is the guest The host operate system has to be willing to handle traps to the VMM that are only generated by that application So this is kind of this this is potentially safe, right? Like but I made yeah the VMM has to has to I think run in kernel mode, right? So usually some kernel drivers you have to install to get this to work, right? All right any other questions about full virtualization. All right, so unfortunately So so keep in mind right when we talk about a hardware virtualization virtual machines What we're talking about virtualizing is an instruction set, right? So some people talk about virtualizing the x86 architecture. It's really hard to virtualize. I mean, that's what we're doing here We're actually virtualizing the machine the machine interface is the hardware instructions Unfortunately the x86 is Really, you know if you were choosing an architecture to virtualize I think most people would have said the x86 would be one of the last choices, right? Unfortunately, what was also true about x86? Everybody uses it, right? So You know there there were there was so if you look at the x86 instruction set it's not classically virtualizable and There's a number of instructions that cause problems of various kinds So there's some instructions that behave differently if you execute them in user or kernel mode Like they set part of a register or they don't set part of a register or whatever And then there's other instructions that don't trap correctly, right? They actually don't generate an exception when they should they just fail in some weird way, right? So if you run them in in in user mode again They try to write part of a register that that register is privileged and so that right fails But the instruction just completes right having written only part of the registers anyway, so so there were all these problems of the x86 right and and VMware was the Yeah, and so, you know and but you know I mean fair enough, right? I mean when when the x86 was being designed Well, actually that's not true. I mean virtualization as an idea hardware virtualization as I did it goes back to the 70s Right, so I don't want to give these guys too much credit But x86 wasn't clearly designed to be virtualizable in this nice way, right? And and what what VMware did to allow the x86 to be virtualizable I'm not getting too many details here, but there's a lot of information actually It's pretty cool. There's they've actually written some really nice papers about this and they've got a lot of information up on their website It's kind of neat to look at especially if you're kind of like a low-level hardware person and you like this stuff They came up with this clever solution to this problem and and what it involves is is but is actually doing on-the-fly binary translation, right? So how many people are familiar with like jit and other sort of like on-the-fly code Munging techniques, right? So so the Java has a just-in-time compilation Technique that is in similar in certain, you know intellectual ways to this, but what I'm going to do is As the virtual machine is executing as the virtual machine monitor is is handling faults and remember the virtual machine monitor Sees all the faults and all the memory there to be accessed by anything inside the virtual machine any Code page that's being run is first going to be seen by the VMM before it is allowed to be used by anything inside The virtual machine, right? So this gives us the ability to do this When the virtual machine monitor sees code pages being loaded and potentially executed it translates them, right? and what it does is it removes or Works around these kinks in the oh In the x86 architecture, right? So it loads up the page and it looks to see if that page is executing any instructions that have these unfortunate problems And then it generates new binary sequences, right? Which are then executed by things inside the virtual machine, right? This is very clever, right? It's in it and you know if you if you read their marketing literature It's like at the time people believe that the x86 was impossible to virtualize, right? And and you know and they got to work. So that's that's pretty neat and You know and there's all these nice tricks that you can use to improve performance, right? And one of the things they do that's kind of obvious is they cash the translations, right? So they don't perform the translation multiple times once they've translated a code page They store that code, right and you can imagine that there's all sorts of Goring details here that probably will thrill people who are interested in this stuff like for example, you know You have to still you have to adjust all the relocation things anyway So so I'll let you guys look at the details, but it's a neat idea, right conceptually. It's a simple idea, you know look at the code Find instructions that are likely to cause problems or that I know are going to cause problems and rewrite them to Safe instruction sequences, right? And that's kind of this is how this is done, right? And you know, hopefully if I can do this well I don't take too much of a performance hit, right? And depending on what you're doing They have you know numbers that indicate that the performance overhead of this is is okay, right? Because the nice thing about x86 or any other architecture is that most instructions do not First of all most instructions don't modify the machine state, right? And second of all most instructions in on x86 are virtualized and I can just allow them to run directly and wait for them to cause traps All right, I just I just pointed this out. Okay. Oh, I like this kind. Okay, so so just step back a minute I want to drop a parallel here that might be instructive with with virtual memory, right? so Virtual memory is another area where I am virtualizing Hardware right hardware here is memory RAM The the virtualized the virtualization is virtual memory right virtual addresses, okay? So what's the member who members with the memory interfaces? Interface the full hardware is the full instruction set memory Load in store right simple Load word store word, you know and you know different instructions that have different collection of addresses I'm sorry different collections of instructions that modify memory, but basically they're loads and stores, right? Put and get how do we ensure safety? For virtual memory how do we how do we make sure you know one of the reasons for virtualizing this is to be able to provide? Isolation right, so how do we ensure that this is happening safely other than write good code for a time at three? I mean, I mean again remember What what does the operating system get to do anytime a virtual address is is is accessed or at least the first time? It's access. I mean in many ways. This is the same approach. I'm translating every on privileged memory access But I'm it's also it's trap and inspect right when I access something the first time in a process The operating system gets involved and the operating system is allowed to look at that and say okay This is okay, or it's not okay, right? That's what you guys are doing first time three How do we get good performance here? How do we get this to not be incredibly slow? Cache right and what what do we call a cache in virtual memory? Tlb right All right, and so now now we brought in the interface. We need to virtualize right full hardware virtualization So now what's the interface that that I that I need to virtualize? What's that? No, and it's not the same actually load store. What's what's the what's the potential interface that I might need to look at the whole thing? It's the whole hardware instruction set right the instruction set architecture any any Instruction I mean what do instructions do they modify the state of the machine right otherwise You wouldn't execute them right You know MIPS has a no-op, but it seems kind of dumb right like don't do anything right, but but the point is that most instructions Modified the state of the machine. That's why you would that's why you do them in the first place. This is computing How do we ensure that things are safe? What's that use VMware? Yeah, we use the virtual machine monitor, but but what is the virtual machine monitor have to be able to do What's this idea of classical virtualization? So unsafe instructions right instructions that could pierce the VM right instructions that could Essentially access allow things running inside the VM to see other parts of the sheen They're not supposed to be able to see have to be caught right and there's variety of different ways to do it depends a lot on What the instructions that architecture is trap and emulate is the kind of classic way and then VMware also does some binary Translation and there are other ways to do this right but the point is that I have to be able to stop Things running inside the virtual machine from seeing things outside the virtual machine Otherwise, they don't have a virtual machine. I just have a leaky process that has weird semantics And then how do we get good performance? What's what's the nice trick here that that we that we can do the nice trick that we can play What's the thing that distinguishes virtualization from emulation right so most instructions I can run directly on the physical heart right So most instructions do not trap most instructions do not need to be inspected most instruction sequences don't need to be written right So what what what's a just to make sure everybody's awake? Well, what's what's what's a what's an important consequence of this? What what what can I not do with the virtualization technology right? Or what would make virtualization incredibly slow? Can I write a like a MIPS virtual machine that runs on an x86 architecture? Right, so I need a match right I need essentially what I need is what I what I want for good performance Is I want the instruction set of things that can be run inside the VM safely? It's always a subset of the full instruction stuff But I want it to be as large a subset as possible if I start running a totally different instruction set then the Intersection is zero right and essentially would mean I would have to translate every address right and that would be terrible I mean that that that essentially you're doing emulation Maybe you can improve it by doing some caching of things you've already translated But yeah, so the point is that you know I emulate I virtualize x86 on top of x86 heart Right, I don't virtualize MIPS on top of x86 heart That's no longer virtualization because I can there are no instructions that I can just allow to run on the bare metal Because they don't make any sense to the x86 right like you try to call syscall on x86 thinks This is some sort of weird pop operation or whatever. It just doesn't make any sense. All right so There's again if you like this sort of stuff if you're interested in hardware if you think this is cool I mean there's still a lot of really interesting research going on in this area There's a lot of companies who are using this stuff, but there is just really a lot of details that we haven't been able to cover In the two days that we spent talking about this right so x86 has these privilege rings Right, so I don't know if we talked about this at all but x86 has more than just user in kernel mode it actually has ring zero ring one ring two and ring three and Some virtualization technologies use those multi and each one has access to a different subset of the art of the instruction set right so some Virtualization approaches use that in order to run the operating system like the guest OS and ring one and then the host OS And ring zero or something like that There are there's all this interesting stuff that goes into handling page faults, right Because remember on x86 the hardware is walking the page tables So I need to have parallel page table structures that are maintained by the VMM that are called shadow page tables If you like page translation, this will really blow your mind, right? Because this is like translating accesses to translated accesses to translated accesses, right? It gets like, you know the diagrams get like whoa, you know and And and so and again as virtualization has caught on there's been changes to the instructions on x86 to make virtualization Easy, right and and and some of these instructions are and this is still happening, right? This is still an active, you know Conversation between the hardware and software communities, right? All right, so on Monday 8 a.m. Here we're going to do exam review will walk to the entire semester Maybe I'll have some idea of things that are on the exam by them, but I'm not going to promise anything but yeah, but I mean in general the exam is going to cover things that we've talked about in class and Monday we will be here at 8 a.m Or I will be here at 8 a.m. And you're welcome to come to as much as you would like Good luck on assignment 3. We'll also talk a little bit about Monday on you know If you're sticking around you be what to do next what other courses you might want to take and How to continue your budding love affair with operating systems. So I'll see you then