Summary

  • 5 minutes
  • Virtualizing a physical CPU (pCPU) involves: (1) timesharing the pCPU among virtual CPUs (vCPUs) contained and executed in VMs (called vCPU scheduling) and (2) virtualizing the ISA of the pCPU to make it amenable to host vCPUs with different ISAs.
  • A vCPU acts as a proxy to a pCPU.
  • In principle, a VM can have one or many vCPUs.
  • A VM that includes more than one vCPU is called a symmetric multiprocessing (SMP) VM, while a VM with one vCPU is called a uniprocessor (UP) VM.
  • In principle, hypervisors can support three levels of scheduling: process, thread, and vCPU scheduling.
  • Examples of vCPU schedulers are Simple Earliest Deadline First (SEDF) and Credit Scheduler (CS) from Xen.
  • In addition to vCPU scheduling, virtualizing a pCPU requires virtualizing the instructions defined in its ISA.
  • Instructions in ISAs can generally be classified into two types: privileged and unprivileged instructions.
  • A privileged instruction is defined as one that traps in user mode and does not trap in system mode.
  • Instructions can be further classified into two different categories: sensitive and innocuous.
  • Sensitive instructions can be either control sensitive or behavior sensitive.
  • Control-sensitive instructions are those that attempt to modify the configuration of resources in a system (e.g., LPSW from IBM System/370).
  • Behavior-sensitive instructions are those whose behaviors are determined by the current configuration of resources in a system (e.g., POPF from Intel IA-32).
  • When the instruction is neither control sensitive nor behavior sensitive, it is innocuous.
  • Sensitive instructions can be privileged (e.g., LPSW) and unprivileged (e.g., POPF).
  • Popek and Goldberg (1974) suggested that a hypervisor can be constructed only if the set of sensitive instructions is a subset of the set of privileged instructions (i.e., sensitive instructions always trap in the user mode).
  • A problem arises when instructions that are sensitive but unprivileged are issued in VMs running in user mode (i.e., they will not trap as such).
  • The instructions that are sensitive and unprivileged are called critical instructions.
  • A hypervisor can still be constructed for ISAs that contain critical instructions.
  • Constructing a hypervisor with the presence of critical instructions can be achieved using code patching, full virtualization, and/or paravirtualization.
  • Code patching replaces all critical instructions with system calls to the hypervisor, thus enforcing them to trap.
  • Full virtualization emulates all instructions in the ISA.
  • Emulation is a popular technique in virtualizing CPUs. It allows the interfaces and functionalities of one system (the source) to be implemented on a system with different interfaces and functionalities (the target).
  • Emulation can be implemented using either interpretation or binary translation.
  • Interpretation techniques (e.g., decode and dispatch, indirect threaded, and direct threaded) translate source instructions to target instructions one at a time, while binary translation converts blocks of source instructions to target instructions and caches them for repeated use.
  • Paravirtualization rewrites every critical instruction as a hypercall that traps to the hypervisor (which typically requires modifying guest OSs).
  • As concrete examples, VMware uses full virtualization, while Xen employs paravirtualization.