AL3452 - OS

UNIT V VIRTUAL MACHINES AND MOBILE OS 7

Virtual Machines – History, Benefits and Features, Building Blocks,

Types of Virtual Machines and their Implementations, Virtualization
and Operating-System Components; Mobile OS - iOS and Android.

Prepared by
S.K. VIJAI ANAND
AP / AIDS
MNMJEC
Operating System Concepts – 10th Edition 18.1 Silberschatz, Galvin and Gagne ©2018
 Chapter 18: Virtual Machines

Operating System Concepts – 10th Edition Silberschatz, Galvin and Gagne ©2018
 Overview
 Virtualization is abstracting the hardware of a single computer into several
different execution environments
 Host – underlying hardware system
 Virtual machine manager (VMM) or hypervisor – creates and runs virtual
machines by providing interface that is identical to the host
 Guest – process provided with virtual copy of the host, usually an operating
system.

Non-virtual machine Virtual machine

Operating System Concepts – 10th Edition 18.3 Silberschatz, Galvin and Gagne ©2018
 Types of VMMs
 Type 0 hypervisors - Hardware-based solutions that provide support for
virtual machine creation and management via firmware. Eg. IBM LPARs
 Type 1 hypervisors – Operating system-like software built to provide
virtualization. Eg. VMware ESX. Also includes general-purpose operating
systems that provide standard functions as well as VMM functions. Examples
are Microsoft Windows Server with HyperV
 Type 2 hypervisors - Applications that run on standard operating systems
but provide VMM features to guest operating systems. Eg.VMware
Workstation and and Oracle VirtualBox
 Paravirtualization - Technique in which the guest operating system is
modified to work in cooperation with the VMM to optimize performance
 Programming-environment virtualization - VMMs do not virtualize real
hardware but instead create an optimized virtual system. Eg. Oracle Java
 Emulators – Allow applications written for one hardware environment to run
on a very different hardware environment, such as a different type of CPU
 Application containment - Provides virtualization-like features by
segregating applications from the operating system, making them more
secure, manageable. Eg. Oracle Solaris Zones
Operating System Concepts – 10th Edition 18.4 Silberschatz, Galvin and Gagne ©2018
 History
 Virtual Machines was introduced in IBM mainframes. IBM VM/370 divided a
mainframe into multiple virtual machines, each running its own OS.
 The virtualization requirements are:
1. Fidelity - A VMM provides an environment for programs that is essentially
identical to the original machine
2. Performance - Programs running within that environment show only
minor performance decreases
3. Safety - The VMM is in complete control of system resources
 In late 1990s Intel CPUs were fast enough to try virtualizing on general
purpose PCs
 Xen and VMware created technologies to allow guest OS to run
 Open-source Virtual Box project provides a program that runs on most
CPUs and various operating systems.

Operating System Concepts – 10th Edition 18.5 Silberschatz, Galvin and Gagne ©2018
 Benefits and Features
 Host system protected from VMs, VMs are protected from each other. A virus
inside a guest OS can neither affect host OS nor another guest OS.
 Sharing of resources can be done in two ways, through file system volumes
can be shared and network of virtual machines can be defined.
 A running virtual machine can be either Freeze or suspend, so that copies and
snapshot can be made of the guest.
• Copy is used to create a new VM or move it to another machine (clone)
• Snapshot of a given state, enable to restore back to that state
 VMs are highly useful for OS research and development. System programmers
are given their own VM, and system development is done on the virtual
machine instead of on a physical machine. Normal system operation is
disrupted only when a completed and tested change is ready.
 Multiple operating systems can run concurrently on the developer’s
workstation. This virtualized workstation allows for rapid porting and testing of
programs in varying environments.

Operating System Concepts – 10th Edition 18.6 Silberschatz, Galvin and Gagne ©2018
 Benefits and Features (Cont.)
 A major advantage of virtual machines in production data-center use is
system consolidation, which involves taking two or more separate systems
and running them in virtual machines on one system.
 Templating – in which one standard virtual machine image, including an
installed and configured guest operating system and applications, is saved
and used as a source for multiple running VMs.
 Live migration – a feature that moves a running VM from one physical
server to another without interrupting its operation. If a server is overloaded,
live migration can free resources on the host without disrupting the guest
 Virtualization has laid the foundation for many other advances in computer
facility implementation, management, and monitoring. Example Cloud
computing
 Application could be preinstalled on a tuned and customized operating
system in a virtual machine. Application management, installation and
redeployment becomes easier.

Operating System Concepts – 10th Edition 18.7 Silberschatz, Galvin and Gagne ©2018
 Building Blocks
 The ability to virtualize depends on the set of features provided by the CPU.
 For each guest, the VMM maintains a virtual CPU (VCPU) representing
that guest’s current CPU state.
 When the guest is context-switched onto a CPU by the VMM, information
from the VCPU is used to load the right context.
 VMMs use different techniques to implement virtualization. They are
1. Trap and Emulate
2. Binary Translation

1. Trap and Emulate

 Dual mode exists both for host and guest.
 Each VM has a virtual user mode and a virtual kernel mode, both of which
run in physical user mode.
 Actions in host that usually cause switch to kernel mode must also cause a
transfer to virtual kernel mode in an virtual machine.

Operating System Concepts – 10th Edition 18.8 Silberschatz, Galvin and Gagne ©2018
 1. Trap-and-Emulate (Cont.)
 The procedure to transfer from virtual user mode to virtual kernel mode is as
follows
1. When the kernel in the guest attempts to execute a privileged instruction,
it is an error since it is in user mode and causes a trap to the VMM
2. VMM gains control, analyzes error and executes (emulates) operation as
attempted by guest and returns control to the guest in user mode
 The above method is known as trap-and-emulate
 User mode code in guest runs at same speed as the host
 Privileged instructions create extra overhead, causing the guest to run more
slowly than it would be in the host.
 With the evolution of hardware, the performance of trap-and-emulate
functionality has been improved. Some CPUs provide guest CPU state
management in hardware, so the VMM need not supply that functionality,
removing the extra overhead.

Operating System Concepts – 10th Edition 18.9 Silberschatz, Galvin and Gagne ©2018
 Trap-and-Emulate Implementation

Operating System Concepts – 10th Edition 18.10 Silberschatz, Galvin and Gagne ©2018
 2. Binary Translation
 Some earlier CPUs such as Intel x86, don’t have clean separation between
privileged and non-privileged instructions.
 Consider Intel x86 popf instruction which replaces all flags in privileged
mode and some flags in user mode. No trap is generated.
 Such special instructions executable in both methods render trap and
emulate method useless.
 This is solved using binary translation. The steps are as follows:
1. If guest VCPU is in user mode, guest can run instructions natively on a
physical CPU
2. If guest VCPU is in kernel mode, it believes it is running in kernel mode
a) VMM examines every instruction guest is about to execute by
reading a few instructions ahead of program counter
b) Non-special-instructions run natively
c) Special instructions translated into new set of instructions that
perform equivalent task
 Simple concept but difficult to implement. Implemented by translation of
code within VMM
Operating System Concepts – 10th Edition 18.11 Silberschatz, Galvin and Gagne ©2018
 Binary Translation (Cont.)
 Code reads native instructions dynamically from guest, on demand,
generates native binary code that executes in place of original code
 Performance of this method would be poor without optimizations for special
instructions.
 VMware use caching. It translates once, and when guest executes code
containing special instruction, cached translation is used instead of
translating again

Operating System Concepts – 10th Edition 18.12 Silberschatz, Galvin and Gagne ©2018
 Nested Page Tables
 Memory management another general challenge to VMM implementations
 How can VMM keep page-table state for both guests believing they control
the page tables and VMM that does control the tables?
 Common method (for trap-and-emulate and binary translation) is nested
page tables (NPTs)
• Each guest maintains page tables to translate virtual to physical
addresses
• VMM maintains per guest NPTs to represent guest’s page-table state
• When guest is assigned CPU, VMM makes that guest’s NPTs as the
active system page tables
• When Guest tries to change page table, VMM makes equivalent
change to NPTs and its own page tables
 NPTs can cause many more TLB misses, resulting in much slower
performance

Operating System Concepts – 10th Edition 18.13 Silberschatz, Galvin and Gagne ©2018
 Hardware Assistance
 More the hardware support available, virtual machines can be more
feature-rich and stable and can perform better.
 All major general-purpose CPUs now provide extended hardware
support for virtualization. For example, AMD-V and Intel VT-x .
 Two new CPU modes, namely “guest” and “host” are defined. VMM can
enable host mode, define characteristics of each guest VM, switch to
guest mode and guest(s) on CPU(s). Hence binary translation is no
longer needed.
 With AMD’s RVI and Intel’s EPT memory-management enhancements,
VMMs no longer need to implement software Nested Page Tables.
 I/O is another area improved by hardware assistance. Intel CPUs with
VT-d provide hardware-assisted DMA.
 By providing an interrupt remapping feature, CPUs with virtualization
hardware assistance automatically deliver an interrupt destined for a
guest which is not visible to other guests.

Operating System Concepts – 10th Edition 18.14 Silberschatz, Galvin and Gagne ©2018
 Types of Virtual Machines and their Implementations
 Major types of virtual machines differ in how they use the building blocks to
create a virtual environment and in their functionality
Virtual Machine Life cycle
 When a VM is created, the parameters specified include number of CPUs,
amount of memory, networking and storage details, etc.
 The VMM then creates the virtual machine with those parameters
 When VM is deleted, the VMM frees the allocated resources.

1. Type 0 Hypervisor
 Type 0 hypervisors are a hardware feature that existed as partition / domain.
 OS need not do anything special to take advantage of their features.
 The VMM itself is encoded in the firmware and loaded at boot time.
 VMM then loads the guest images to run in each partition.
 The feature set of a type 0 hypervisor is smaller than other types because it is
implemented in hardware.

Operating System Concepts – 10th Edition 18.15 Silberschatz, Galvin and Gagne ©2018
 1. Type 0 Hypervisor (Contd)
 Each guest has a dedicated Hardware but providing dedicated I/O is
challenging because it is difficult to have enough devices / controllers
 In such case, the hypervisor grants all devices to a control partition.
 In the control partition, a guest OS provides services via daemons to other
guests, and the hypervisor routes I/O requests appropriately.
 In type 0 hypervisor, since the guests are running on raw hardware, they
can in turn be VMMs.

Operating System Concepts – 10th Edition 18.16 Silberschatz, Galvin and Gagne ©2018
 2. Type 1 Hypervisor
 Type 1 hypervisors are commonly found in data centers
 They are special-purpose OS that runs natively on the hardware and create,
run, and manage guest OS.
 It can be run on type 0 hypervisors, but not on other type 1 hypervisors
 It runs in kernel mode, uses multiple modes for improved performance
 Because it is an OS, also provides CPU scheduling, memory management,
I/O management, protection & security. Eg. VMWare ESX
 Datacenter managers control and manage OSes in sophisticated ways by
controlling the Type 1 hypervisor. For instance, multiple operating systems
and applications can be consolidated into fewer systems.
 Another type of type 1 hypervisor includes various general-purpose
operating systems with VMM functionality. For example Red-Hat Enterprise
Linux performs its duties as well as providing a VMM allowing other OS to
run as guests.

Operating System Concepts – 10th Edition 18.17 Silberschatz, Galvin and Gagne ©2018
 3. Type 2 Hypervisor
 Type 2 hypervisors are less interesting from an OS perspective
 This type of VMM is simply another process run and managed by the
host,
 Type 2 hypervisors have limits. If the VMM is run by a standard user
without administrative privileges, then it cannot take advantage of
Hardware features of modern CPUs. Hence type 2 hypervisors have poor
performance than type 0 or type 1.
 They run on a variety of general-purpose operating systems, and requires
no change to the host operating system. For example, on a laptop, a
student can run different operating systems such as Windows, Linux, etc
for learning and experimentation.

Operating System Concepts – 10th Edition 18.18 Silberschatz, Galvin and Gagne ©2018
 4. Paravirtualization
 Paravirtualization works differently than the other types of virtualization.
 It presents the guest with a system that is similar but not identical. The guest
must be modified to run on the paravirtualized virtual hardware.
 Xen VMM has became the leader in paravirtulization by implementing
techniques to optimize the performance of guests as well as host system.
 Xen VMM presents clean and simple device abstractions that allow efficient
I/O and good communication between the guest and VMM.
 For each device used by each guest, a circular buffer was shared by the
guest and the VMM via shared memory.
 For memory management, Xen did not implement NPTs. When a page-table
change was needed, a hypercall was made from guest to the hypervisor.
 Xen allowed virtualization of x86 CPUs without the use of binary translation.
 Xen has taken advantage of hardware features supporting virtualization.
Hence it no longer requires modified guests and also does not need
paravirtualization method.

Operating System Concepts – 10th Edition 18.19 Silberschatz, Galvin and Gagne ©2018
 Xen I/O via Shared Circular Buffer

Operating System Concepts – 10th Edition 18.20 Silberschatz, Galvin and Gagne ©2018
 5. Programming Environment Virtualization
 In this kind of virtualization, a programming language is designed to run
within a custom-built virtualized environment.
 For example Oracle Java has features that run only in Java Virtual
Machine (JVM)
 A virtual environment can be defined based on APIs, that provides a set of
features needed for a particular language and programs written in that
language.
 Java programs run within the JVM environment, and the JVM is compiled to
be a native program on systems on which it runs. Hence Java programs are
written once and can run on any system on which a JVM is available.
 Similar to interpreted languages

Operating System Concepts – 10th Edition 18.21 Silberschatz, Galvin and Gagne ©2018
 6. Emulation
 if an application or operating system needs to run on a different CPU, then it
is necessary to translate all of the source CPU’s instructions into equivalent
instructions of the target CPU.
 Emulation is useful when the host system has one system architecture and
the guest system was compiled for a different architecture.
 For example, company replacing outdated servers with new servers
containing different CPU architecture, but still want to run old applications
 Major challenge of emulation is performance. Instruction-set emulation may
run an order of magnitude slower than native instructions.
 Very popular in gaming circles, especially in video games written for
platforms no longer in production. For example, Apple iPhone has game
emulators

Operating System Concepts – 10th Edition 18.22 Silberschatz, Galvin and Gagne ©2018
 7. Application Containment
 If the applications are all compiled for the same operating system, then
complete virtualization is not needed to provide the features, instead
application containment can be used.
 Oracle Solaris has included containers / zones, that create a virtual layer
between OS and the applications.
 In this system, only one kernel is installed, and the hardware is not
virtualized.
 OS and its devices are virtualized, providing processes within the zone with
impression that they are only processes on system
 Each zone has its own applications, network stack, addresses, and ports,
user accounts, etc
 CPU and memory resources are divided among the zones and system-wide
processes
 Zone can have its own scheduler to optimize the performances of its
application.

Operating System Concepts – 10th Edition 18.23 Silberschatz, Galvin and Gagne ©2018
 Solaris with Two Zones - Example

 Containers are much light weight than other virtualization methods. They
use fewer system resources and are faster to instantiate and destroy.
 Containers are also easy to automate and manage, leading to orchestration
tools like Docker and Kubernetes.
Operating System Concepts – 10th Edition 18.24 Silberschatz, Galvin and Gagne ©2018
 Virtualization and OS Components
 VMM provides core OS functions like CPU scheduling, memory management,
I/O, storage, and unique VM migration feature

1. CPU Scheduling
 The VMM has a number of physical CPUs available and a number of threads
to run on those CPUs.
 Guests are configured with certain number of VCPUs at creation time and it
can be adjusted throughout life of VM
 When enough CPUs are available as requested by each guest, the VMM
allocates CPUs dedicated to guests.
 In case of CPU over commitment wherein guests are configured with more
CPUs than existing in the system, VMM can use standard scheduling
algorithms to assign threads to CPUs with some fairness.
 For example, if there are six hardware CPUs and twelve guests, the VMM can
allocate CPU resources proportionally, giving each guest half of the CPU
resources .

Operating System Concepts – 10th Edition 18.25 Silberschatz, Galvin and Gagne ©2018
 1. CPU Scheduling (Cont.)
 Hence individual virtualized OS receive only a portion of the available CPU
cycles, even though they believe they are receiving all of the cycles.
 Consider a time-sharing operating system that tries to allot 100 ms for each
time slice. The time-of-day clocks are incorrect in virtual machines and take
longer to trigger, resulting in poor response times for users on that VM. Hence
VMMs provide application to run in each guest to correct clock drifts.

Operating System Concepts – 10th Edition 18.26 Silberschatz, Galvin and Gagne ©2018
 2. Memory Management
 VMMs usually overcommit memory, i.e., total memory allocated to guests
exceeds the total amount of physically memory. Hence measures are required
to ensure optimal use of memory.
 VMware ESX computes a target real-memory allocation for each guest. It then
uses three low-level mechanisms to reclaim memory from the guests
1. VMM maintains a nested page table that translates guest page table to the
real page table. Using this indirection and Double-paging, VMM moves some
pages to backing store, which the guest page table believes to be in memory.
It is not the preferred approach.
2. VMM installs and controls a pseudo-device driver ( kernel module) in each
guest. This Balloon memory manager communicates with VMM for
allocation / de-allocation. For allocation, it informs OS to pin the allocated
pages onto physical memory to create memory pressure. This causes guest
OS to free up some memory. VMM removes those physical pages and
allocates memory to another guest.
3. Multiple guests could be running the same set of applications. De-duplication
by VMM determines if same page is loaded more than once by using hash
value of the page. If so, VMM reduces the number of copies of the page to
one and maps all other users of the page to that one copy.
Operating System Concepts – 10th Edition 18.27 Silberschatz, Galvin and Gagne ©2018
 3. I/O
 I/O in virtual environments is complicated and requires careful VMM design
and implementation.
 If device is dedicated to a guest and hypervisor such as Type 0 that provide
direct access, then I/O performance is same as native OS.
 Direct access for Type 1 and 2 hypervisors with DMA hardware support such
as VT-d can produce performance similar to native OS.
 VMMs provide shared access to devices with protection, assuring that a guest
can access only the blocks specified in the guest’s configuration.
 With virtualization, each guest needs at least one IP address. VMM acts as a
virtual switch to route network packets to the addressed guests.
 VMM can bridge guests to network allowing direct access and / or provide
network address translation (NAT)
 VMM also provides firewalling to guard connections.

Operating System Concepts – 10th Edition 18.28 Silberschatz, Galvin and Gagne ©2018
 4. Storage Management
 Both boot disk and general data access needs to be provided by VMM for
each guest.
 Type 0 hypervisors allow root disk partitioning, since it runs with few guests.
 Type 1 hypervisors stores the guest root disk in the file systems provided by
VMM.
 Type 2 hypervisors store the same information in the host OS file system.
 If the administrator wants a duplicate of the guest, simply make copy of the
associated disk image, inform VMM and boot it.
 Moving a virtual machine between same VMMs is by halting the guest,
copying the image to the other system, and starting the guest there.
 Physical-to-virtual (P-to-V) converts native disk blocks into VMM format
 Virtual-to-physical (V-to-P) procedure convert a guest to a physical system.
 VMM also needs to provide access to network attached storage and other
disk images, disk partitions, disks, etc.

Operating System Concepts – 10th Edition 18.29 Silberschatz, Galvin and Gagne ©2018
 5. Live Migration
 In live migration, a guest running on one system is copied to another system
running the same VMM such that users logged in continue without any disruption.
 Useful to reduce load of an overloaded system, hardware / system changes can
be made.
 The VMM migrates a guest via the following steps:
1. The source VMM establishes a connection with the target VMM and confirms
that it is allowed to send a guest.
2. The target creates a new guest by creating a new VCPU, NPTs and storage.
3. The source sends all read-only guest memory pages to the target
4. The source sends all read-write pages to the target, marking them as clean
5. The source repeats step 4, as during that step some pages were probably
modified by the guest and are now dirty. These pages need to be sent again
and marked again as clean.
6. When cycle of steps 4 and 5 becomes very short, source VMM freezes guest,
sends VCPU’s final state, other state details, final dirty pages, and tells target
to start running the guest.
7. Once target acknowledges that guest is running, source terminates the guest

Operating System Concepts – 10th Edition 18.30 Silberschatz, Galvin and Gagne ©2018
 Live Migration of Guest Between Servers

 For live migration, network connections must continue uninterrupted. Hence

MAC must be movable.
 Live migration is not possible on general purpose OS without shutting down
processes and warning users.

Operating System Concepts – 10th Edition 18.31 Silberschatz, Galvin and Gagne ©2018