CPU virtualization is the core of computer virtualization, CPU virtualization has many ways, summarized into three categories: software virtualization, class virtualization and complete hardware virtualization, in order to better and better performance.

1.CPU software virtualization

Operating systems are designed to run directly on bare-metal hardware, so it’s natural to assume that you “own” all of your computer hardware. The x86 architecture provides four levels of privileges for operating systems and applications, called Ring 0/1/2/3, to manage access to computer hardware resources.

Figure 3.28 CPU virtualization

As shown in Figure 3.28(a), there is no virtualization. User-level applications typically run in Ring 3, and for the operating system to access memory and hardware directly, it must execute its privileged instructions in Ring 0.

There are three types of SOFTWARE virtualization for CPUS:

  1. Explain execution. Also known as full software simulation, that is, take out an instruction, simulate the effect of the execution of this instruction, and then proceed to the next instruction. Because each instruction is emulated, which means that each instruction of the virtual machine is “stuck” in the Hypervisor, interpretation execution performance is very poor.
  2. Scan and patch. Let most of the instructions run directly on the physical CPU, and replace the operating system sensitive instructions with jump instructions or instructions that will be stuck in the Hypervisor. When the system sensitive instructions are executed, they will enter the Hypervisor and be simulated by the Hypervisor. Scanning and patching techniques are relatively simple to implement, and most of the client operating system and application code can be executed on physical cpus with relatively little performance penalty. Scanning and patching also bring some problems: privileged and sensitive instructions are emulated, so some instructions take a short time to be emulated while others take a very long time; Additional jumps introduced by privileged and sensitive instructions reduce code locality; Two sets of code need to be maintained, and then the code needs to be restored to its original state.
  3. Binary translation. Create a code cache in the Hypervisor, where code is translated so that client operating system code is not executed directly by the physical CPU, but all code that is to be executed is stored in the code cache. Binary translation, by contrast, is the most complex and has performance differences with scan and patch.

As shown in Figure 3.28(b), VMware developed binary conversion technology in 1998 that allowed the Hypervisor to run in Ring 0 for isolation and performance, while migrating the operating system to user-level Ring1 with higher permissions than applications in Ring 3 but lower than virtual machines. VMware can virtualize x86 operating systems using a combination of binary conversion and direct execution techniques, which translates kernel code to replace non-virtualized instructions with new sequences of instructions that have the desired impact on virtual hardware. At the same time, user-level code executes directly on the processor to achieve high performance virtualization.

2.CPU class virtualization

Para-virtualization requires modifying the existing operating system to replace non-virtualized instructions with HyperCall by coordinating communication between the client operating system and Virtualization management. In this way, we can improve the efficiency of virtualization and break the homogeneity requirement of traditional virtualization.

In Figure 3.28(c), the operating system kernel is modified to completely avoid instructions that are difficult to virtualize, so that the operating system does not have to run at the Ring0 privilege level, but can run at the next level. When the operating system tries to execute a privileged instruction, a protection exception is raised, allowing the Hypervisor to intercept it.

In traditional full software virtualization, the client operating system is unaware that it is running on top of a virtual environment. But in class virtualization, the upper layer operating system knows that it is running on top of a virtual environment, so it can better cooperate with the Hypervisor. Class virtualization has the following advantages:

  1. Compared to traditional software virtualization, class virtualization can provide maximum performance optimization, including reducing redundant code, reducing address space borrowing and cross-privilege switching, and reducing memory replication.
  2. Class virtualization eliminates semantic gap between virtualization layer and upper layer operating system to a certain extent, making system management more effective.
  3. Class virtualization technology can also provide hardware abstraction at different levels of abstraction, and even more powerful hardware abstraction interfaces to optimize performance and provide new functionality.
  4. The biggest problem of class virtualization is that the operating system source code needs to be modified, which will increase the workload of operating system development and debugging, and reduce the stability of system operation.

3.CPU hardware virtualization

Take Intel for example. In 2005, Intel launched VT-X technology, which provides hardware support for processor virtualization technology. Mainly reflected in:

Two operating modes are introduced: Root Mode, the Mode in which the Hypervisor runs; Non-root Mode, the Mode in which the client runs. As shown in Figure 3.28(d), we know that instruction virtualization is realized by falling into re-simulation. The most intuitive solution is to enable sensitive instructions to trigger exceptions, but this will lead to incompatibility with the original software, so it is not desirable. In non-root mode, the behavior of some sensitive instructions is redefined to trigger trap for processing. The behavior of these instructions does not change in root mode.

The VM – – Entry and Exit and the VM. The trap caused by sensitive instructions in non-root mode is called VM-exit. When VM-exit occurs, the processor switches from non-root mode to root mode. In addition, vT-X technology defines new instructions VMLAUCH and VMRESUME to trigger VM-entry, causing the processor to switch from root mode to non-root mode.

Vt-x technology also introduces Virtual Machine Control Structure (VMCS). The VM stores the state of the virtual CPU. Similar to interrupts, interrupts need to save the current process Context on entry and reload the process Context on return. During VM-exit and VM-entry, we need to operate on the virtual machine context. In order to improve the efficiency of virtual machine context, hardware-supported VMCS is introduced, which is essentially used for hardware-accelerated VM context switching. CPU hardware virtualization with VT-X technology almost eliminates the cost of virtualization. With the support of hardware virtualization technology, VMS can achieve almost the same performance as physical machines.

How can the software and hardware of cloud computing mix more efficiently?

How will the data center of the future be built? Let’s learn about Fusion of Hardware and Software.