系统虚拟化:了解IO虚拟化和虚拟机管理程序的作用 [英] System Virtualization : Understanding IO virtualization and role of hypervisor
问题描述
我想对I/O虚拟化有一个正确的了解.上下文是纯/完全虚拟化,而不是半虚拟化.
I would like to obtain a correct understanding of I/O virtualization. The context is pure/full virtualization and not para-virtualization.
我的理解是,管理程序可以虚拟化硬件,并为每个沙盒应用程序提供虚拟资源.每个沙盒都认为其正在访问底层硬件,但实际上并非如此.而是由虚拟机管理程序执行所有访问.这是我需要更好地理解的方面.
My understanding is that a hypervisor virtualizes hardware and offers virtual resources to each sandboxed application. Each sandbox thinks its accessing the underlying hardware, but in reality it is not. Instead it is the hypervisor which does all the accesses. It is this aspect I need to understand better.
让我们假设芯片具有一个硬件计时器,该内核计时器将由OS内核用作滴答计时器.假设在虚拟机管理程序之上运行2个虚拟机(例如Windows和Linux).
Let assume a chip has a hardware timer meant to be used by OS kernel as a tick timer. Lets assume that there are 2 virtual machines (E.g Windows and Linux) running atop the hypervisor.
没有一个虚拟机已修改其源代码.因此,他们继续吐出直接对计时器资源进行编程的指令.
None of the virtual machines have modified their source code. So they continue to spit out instructions that directly program the timer resource.
虚拟机管理程序实际上在这里扮演什么角色?如何真正阻止这两个操作系统访问实际内容?
What is the role of the hypervisor really here? How are the two OSes really prevented from accessing the real stuff?
推荐答案
经过一番阅读,我已经达到一定的理解水平,描述如下:
After a bit of reading, I have reached a certain level of understanding described at:
https://stackoverflow.com/a/13045437/1163200
我在这里全部复制:
这是试图回答我自己的问题.
This is an attempt to answer my own question.
虚拟化作为一种概念,使多个/不同的应用程序可以共存于同一基础硬件上,而无需彼此了解.
Virtualization as a concept enables multiple/diverse applications to co-exist on the same underlying hardware without being aware of each other.
例如,Windows,Linux,Symbian等功能完善的操作系统及其应用程序可以共存于同一平台上.所有计算资源均已虚拟化.
As an example, full blown operating systems such as Windows, Linux, Symbian etc along with their applications can coexist on the same platform. All computing resources are virtualized.
这意味着上述机器均无权访问物理资源.唯一有权访问物理资源的实体是称为虚拟机监视器(aka Hypervisor)的程序.
What this means is none of the aforesaid machines have access to physical resources. The only entity having access to physical resources is a program known as Virtual Machine Monitor (aka Hypervisor).
现在这很重要.请仔细阅读并重新阅读.
Now this is important. Please read and re-read carefully.
虚拟机管理程序为上述每台计算机提供虚拟化环境.由于这些计算机无法访问物理硬件,但不能访问虚拟化硬件,因此它们被称为虚拟机.
The hypervisor provides a virtualized environment to each of the machines above. Since these machines access NOT the physical hardware BUT virtualized hardware, they are known as Virtual Machines.
作为示例,Windows内核可能要启动物理计时器(系统资源).假定该计时器是内存映射的IO. Windows内核在计时器地址上发出一系列加载/存储"指令.在非虚拟化环境中,这些加载/存储"将导致对计时器硬件进行编程.
As an example, the Windows kernel may want to start a physical timer (System Resource). Assume that ther timer is memory mapped IO. The Windows kernel issues a series of Load/Store instructions on the Timer addresses. In a Non-Virtualized environment, these Load/Store would have resulted in programming of the timer hardware.
但是,在虚拟化环境中,这些基于加载/存储的物理资源访问将导致陷阱/故障.陷阱由管理程序处理.系统管理程序知道Windows尝试对计时器进行编程.系统管理程序为每个虚拟机维护Timer数据结构.在这种情况下,系统管理程序将更新它为Windows创建的计时器数据结构.然后,它对真实计时器进行编程.计时器生成的任何中断都首先由系统管理程序处理.更新虚拟机的数据结构,并调用后者的中断服务例程.
However in a virtualized environment, these Load/Store based accesses of physical resources will result in a trap/Fault. The trap is handled by the hypervisor. The Hypervisor knows that windows tried to program timer. The hypervisor maintains Timer data structures for each of the virtual machines. In this case, the hypervisor updates the timer data structure which it has created for Windows. It then programs the real timer. Any interrupt generated by the timer is handled by the hypervisor first. Data structures of virtual machines are updated and the latter's interrupt service routines are called.
总而言之,Windows做了它在非虚拟化环境中所做的一切.在这种情况下,其操作不会导致实际系统资源的更新,而是导致虚拟资源(上述数据结构)的更新.
To cut a long story short, Windows did everything that it would have done in a Non-Virtualized environment. In this case, its actions resulted in NOT the real system resource being updated, but virtual resources (The data structures above) getting updated.
因此,所有虚拟机都认为它们正在访问底层硬件;实际上,对于他们而言,未知的是,对物理硬件的所有访问都是由管理程序介导的.
Thus all virtual machines think they are accessing the underlying hardware; In reality unknown to them, all accesses to physical hardware is mediated through by the hypervisor.
上述所有内容都是完整/经典的虚拟化.大多数现代CPU不适合经典虚拟化.陷阱/故障并不适用于所有指令.因此,管理程序很容易在现代设备上被绕开.
Everything described above is full/classic virtualization. Most modern CPUs are unfit for classic virtualization. The trap/fault does not apply to all instructions. So the hypervisor is easily bypassed on modern devices.
在这里,准虚拟化应运而生.虚拟机源代码中的敏感指令被对Hypervisor的调用所替代.上面的加载/存储代码段可以替换为
Here is where para-virtualization comes into being. The sensitive instructions in the source code of virtual machines are replaced by a call to Hypervisor. The load/store snippet above may be replaced by a call such as
Hypervisor_Service(Timer Start, Windows, 10ms);
仿真
仿真是与虚拟化相关的主题.想象一下一个场景,其中最初为ARM编译的程序被制作为可以在ATMEL CPU上运行. ATMEL CPU运行一个模拟器程序,该程序解释每个ARM指令并在ATMEL平台上模拟必要的动作.因此,仿真器提供了虚拟化的环境.
EMULATION
Emulation is a topic related to virtualization. Imagine a scenario where a program originally compiled for ARM is made to run on ATMEL CPU. The ATMEL CPU runs an Emulator program which interprets each ARM instruction and emulates necessary actions on ATMEL platform. Thus the Emulator provides a virtualized environment.
在这种情况下,不会通过陷阱和执行模型来执行系统资源的虚拟化.
In this case, virtualization of system resources is NOT performed via trap and execute model.
这篇关于系统虚拟化:了解IO虚拟化和虚拟机管理程序的作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
