TDDB68 Concurrent programming and operating systems Operating System Structures How to manage OS complexity? Operating System Structures and Virtual Machines Divide-and-conquer! Decompose into smaller components with well-defined interfaces and dependences Layered Approach Microkernels Modules [SGG7/8] Chapter 2.7-2.8 [SGG9] Chapter 2.7, 1.11.6 Virtual Machines Copyright Notice: The lecture notes are mainly based on Silberschatz’s, Galvin’s and Gagne’s book (“Operating System Concepts”, 7th ed., Wiley, 2005). No part of the lecture notes may be reproduced in any form, due to the copyrights reserved by Wiley. These lecture notes should only be used for internal teaching purposes at the Linköping University. Christoph Kessler, IDA, Linköpings universitet. TDDB68, C. Kessler, IDA, Linköpings universitet. Simple Structure Layered Approach MS-DOS – written to provide the most functionality in the least The operating system is space Not divided into modules Although MS-DOS has some structure, its interfaces and levels of functionality are not well separated divided into a number of layers (levels, rings), each built on top of lower layers. Bottom layer (0) = hardware Top layer (N) = user interface Functions in layer i call only functions/services in layers < i (strict layering: only in i or i-1) Modularity TDDB68, C. Kessler, IDA, Linköpings universitet. Silberschatz, Galvin and Gagne ©2005 13.2 13.3 Silberschatz, Galvin and Gagne ©2005 System and application programs UNIX System Structure: 3 Layers Layer i+1 Interface of a layer: upwards-exposed services + downwards-required services TDDB68, C. Kessler, IDA, Linköpings universitet. Layer i 13.4 Layer i-1 Silberschatz, Galvin and Gagne ©2005 THE OS: 6 Layers A layered design was first used in the THE operating system [Dijkstra’68, Technische Hogeschool at Eindhoven, NL] layer 5: user programs layer 4: buffering for input and output layer 3: operator-console device driver layer 2: memory management layer 1: CPU scheduling layer 0: hardware see SGG7 Ch. 23.4, p. 847 TDDB68, C. Kessler, IDA, Linköpings universitet. 13.5 Silberschatz, Galvin and Gagne ©2005 TDDB68, C. Kessler, IDA, Linköpings universitet. 13.6 Silberschatz, Galvin and Gagne ©2005 1 Problems of the layered approach Microkernel System Structure Cyclic dependences between different OS components “Lean kernel”: Moves as much service functionality as Example: Backing store driver for swapping should be able to call CPU scheduler to release the CPU while waiting for I/O CPU scheduler needs to know about memory needs of all active processes, on a large system this information resides in memory that is possibly swapped out... Long call chains (e.g. I/O) down to system calls, possibly with parameter copying/modification at several levels Compromise solution: Have few layers TDDB68, C. Kessler, IDA, Linköpings universitet. Easier to extend a microkernel Easier to port the operating system to new architectures More reliable (less code is running in kernel mode) More secure Detriments: Performance overhead of user space to kernel space communication Silberschatz, Galvin and Gagne ©2005 Less efficient possible from the kernel into “user” space Kernel: Minimal process and memory management; IPC Communication between user modules by message passing Example: Mach kernel, used e.g. in Tru64 Unix or Mac OS-X Benefits: 13.7 Silberschatz, Galvin and Gagne ©2005 TDDB68, C. Kessler, IDA, Linköpings universitet. 13.8 Modules Example: Mac-OS X ”Darwin” Most modern operating systems implement kernel modules Hybrid structure: Layering + Microkernel + Modules Component-based approach: Each core component is separate Each talks to the others over known interfaces Each is loadable as needed within the kernel Application environments, common services, GUI services BSD Unix kernel: Command-line interface, networking, file system support, POSIX implem. Example: Solaris loadable kernel modules, Linux, Mac-OS X Kernel extensions: device drivers, dynamically loadable modules Mach Microkernel: Memory mgmt, thread scheduling, IPC, RPC Overall, similar to layers but more flexible TDDB68, C. Kessler, IDA, Linköpings universitet. 13.9 Silberschatz, Galvin and Gagne ©2005 Virtual Machines TDDB68, C. Kessler, IDA, Linköpings universitet. 13.10 Silberschatz, Galvin and Gagne ©2005 Virtual Machines (Cont.) A virtual machine provides an interface identical to the underlying bare hardware (or to some other real or fictive machine). Example: Multitasking OS creates the illusion that each process executes on its own (virtual) processor with its own (virtual) memory. Example: qemu (used in Pintos labs) simulates x86 hardware Example: The Java VM simulates an abstract computer that executes Java bytecode. guest OS Virtual machine implementation (VM monitor, hypervisor) intercepts operations and interprets them. Several virtual machines may share the resources of a physical computer: CPU scheduling: create illusion that users have their own processor Virtual disks with virtual file systems on physical disk / file system A normal user time-sharing terminal serves as the virtual machine operator’s console Can run multiple and different OS’s on the same physical computer Examples: VMware, Xen TDDB68, C. Kessler, IDA, Linköpings universitet. Non-virtual Machine Virtual Machine Monitor (VMM), Hypervisor (a) Nonvirtual machine 13.11 Silberschatz, Galvin and Gagne ©2005 TDDB68, C. Kessler, IDA, Linköpings universitet. Virtual Machine (b) Virtual machines 13.12 Silberschatz, Galvin and Gagne ©2005 2 Virtual Machines – Advantages, Drawbacks VMware Architecture Complete protection of system resources since each virtual machine is isolated from all other virtual machines. however, permits no direct sharing of resources. Perfect vehicle for operating-systems research, development, teaching System development is done on the virtual machine, instead of on a physical machine and so does not disrupt normal system operation. Portability across multiple platforms (host OS, hardware) Java VM Legacy binary codes for obsolete hardware still operational Saves appl.-server hardware costs if clients demand a private system ”Most servers today run at <15% utilization, TCO ~10k$/yr/server” [Xen] Difficult to implement to provide an exact duplicate to the underlying machine Old idea! 1972 by IBM on System/360 TDDB68, C. Kessler, IDA, Linköpings universitet. Silberschatz, Galvin and Gagne ©2005 13.13 Virtualization technology overview Lightweight virtualization: Paravirtualization Lightweight virtualization: OS-level virtualization Hardware virtualization Emulates real or fictitious hardware ”Almost” same hardware (barring speed and size) Virtualization done by the host OS Guest HW != host HW + guest HW != host HW possible + different host and guest OSs possible No VMM + diff. guest OSs possible - VMM needed + guest OS is not aware of the host OS beneath - guest OS to be rewritten + Multiple instances of to be VMM-aware same OS possible (fix privileged + Low overhead instructions) + Can scale up to - still overhead hundreds of VMs # of VMs limited e.g. for virtual private On-the-fly instruction translation in hardware - VMM needed to dispatch virtual kernel mode privileged instructions - translation overhead servers VM/370 (IBM), VMware, Xen Bochs, QEMU, Parallels, UML Microsoft Virtual Server, Denali Java JVM, C#/.NET CLR TDDB68, C. Kessler, IDA, Linköpings universitet. 13.15 (binary translation) + Fast - Only one OS (NB - different goal) Solaris 10 ”Zones” Transmeta (Containers), Crusoe OpenVZ, Virtuozzo, Linux- processor VServer, (x86 on VLIW FreeBSD-Jails - more power efficient) Silberschatz, Galvin and Gagne ©2005 virtualized OS-Level Virtualization Example: Solaris 10 Containers (”Zones”) User programs System programs CPU resources Memory resources Global zone Silberschatz, Galvin and Gagne ©2005 13.14 Paravirtualization Example: Xen Traditional virtualization: Virt. machine/Emulation Guest OS = Host OS (and same HW) TDDB68, C. Kessler, IDA, Linköpings universitet. Control Plane Software User software User software User software Guest OS (XenoLinux) Guest OS (XenoLinux) Guest OS (XenoBSD) Guest OS (XenoXP) Xeno-Aware Device Drivers Xeno-Aware Device Drivers Xeno-Aware Device Drivers Xeno-Aware Device Drivers Domain0 control interface Virtual x86 CPU Virtual MMU Virtual physical memory Virtual network Virtual blockdevices XEN hyper visor Hardware (SMP x86, MMU, physical memory, network access, SCSI/IDE) TDDB68, C. Kessler, IDA, Linköpings universitet. 13.16 Adapted from: P. Barham et al.: Xen and the Art Silberschatz, Galvin and Gagne ©2005 of Virtualization. Proc. SOSP 2003 The Java Virtual Machine User programs System programs Network addresses Device access CPU resources Memory resources User programs System programs Network addresses Device access CPU resources Memory resources Zone 1 Zone 2 Possibly untrusted applets from internet JVM Virtual platform Device management All accesses to system resources mediated by JVM ”Sandbox” Zone Management Solaris Kernel Network addresses Devices TDDB68, C. Kessler, IDA, Linköpings universitet. 13.17 Silberschatz, Galvin and Gagne ©2005 TDDB68, C. Kessler, IDA, Linköpings universitet. 13.18 Silberschatz, Galvin and Gagne ©2005 3 Hardware support for virtualization Summary: Operating System Structures Simulate mode bit, system call effects, … in software??? How to manage OS complexity? Second hardware mode bit in status register Physical mode bit used only by VMM / host kernel Virtual machine incl. guest OS runs in physical user mode kernel mode vs virtual user mode Access Decompose into smaller components with well-defined interfaces and dependences Approach Modules Virtual Virtual machines run in guest mode Completely Microkernels AMD: host mode vs guest mode Divide-and-conquer! Layered Virtual mode bit used by guest OS Virtual unaware of the virtualization to virtualized devices traps to VMM/host OS VMM / virtualizing kernel13.19 can switch to host mode Silberschatz, Galvin and Gagne ©2005 TDDB68, C. Kessler, IDA, Linköpings universitet. Machines – Traditional Virtualization – Light-Weight Virtualization (Paravirtualization, OS-level virtualization) TDDB68, C. Kessler, IDA, Linköpings universitet. 13.20 Silberschatz, Galvin and Gagne ©2005 Literature: Virtual Machines, Virtualization IEEE Computer May 2005 special issue on Virtual Machines e.g. R. Uhlig et al.: Intel Virtualization Technology. IEEE Computer, May 2005, pp. 48-56. XenSource: XenTM: Enterprise Grade Open Source Virtualization: Inside XenTM 3.0. White Paper V06012006, www.xensource.com P. Barham et al.: Xen and the Art of Virtualization. Proc. of SOSP 2003, pp. 164-177, ACM press. S. Bellovin: Virtual Machines, Virtual Security? Communications of the ACM 49(10): 104, Oct. 2006 M. Price: The Paradox of Security in Virtual Environments. IEEE Computer Nov. 2008, pp. 22-28. And many others... TDDB68, C. Kessler, IDA, Linköpings universitet. 13.21 Silberschatz, Galvin and Gagne ©2005 4