https://homeostasis.scs.carleton.ca/wiki/api.php?action=feedcontributions&feedformat=atom&user=CsullivaSoma-notes - User contributions [en]2026-04-23T01:56:39ZUser contributionsMediaWiki 1.42.1https://homeostasis.scs.carleton.ca/wiki/index.php?title=COMP_3000_Essay_2_2010_Question_9&diff=6557COMP 3000 Essay 2 2010 Question 92010-12-02T22:56:04Z<p>Csulliva: /* Macro optimizations */</p>
<hr />
<div>'''''Go to discussion for group members confirmation, general talk and paper discussions.'''''<br />
<br />
<br />
=Paper=<br />
<br />
<center><big><big>'''"The Turtles Project: Design and Implementation of Nested Virtualization"'''</big></big></center><br />
<br />
'''Authors:'''<br />
* Muli Ben-Yehuday + <br />
* Michael D. Day ++ <br />
* Zvi Dubitzky + <br />
* Michael Factor + <br />
* Nadav Har’El + <br />
* Abel Gordon +<br />
* Anthony Liguori ++<br />
* Orit Wasserman +<br />
* Ben-Ami Yassour +<br />
<br />
'''Research labs:'''<br />
<br />
+ IBM Research – Haifa<br />
<br />
++ IBM Linux Technology Center<br />
<br />
<br />
'''Website:''' http://www.usenix.org/events/osdi10/tech/full_papers/Ben-Yehuda.pdf<br />
<br />
'''Video presentation:''' http://www.usenix.org/multimedia/osdi10ben-yehuda [Note: username and password are required for entry]<br />
<br />
<br />
=Background Concepts=<br />
<br />
Before we delve into the details of our research paper, its essential that we provide some insight and background to the concepts <br />
and notions discussed by the authors.<br />
<br />
===Virtualization===<br />
<br />
In essence, virtualization is creating an emulation of the underlying hardware for a guest operating system, program or a process to operate on. [1] Usually referred to as a virtual machine, this emulation usually consists of a guest hypervisor and a virtualized environment, giving the guest operating system the illusion that its running on the bare hardware. But the reality is, we're running the virtual machine as an application on the host OS.<br />
<br />
The term virtualization has become rather broad, associated with a number of areas where this technology is used like data virtualization, storage virtualization, mobile virtualization and network virtualization. For the purposes and context of our assigned paper, we shall focus our attention on hardware virtualization within the context of operating systems.<br />
<br />
====Hypervisor==== <br />
Also referred to as VMM (Virtual machine monitor), is a software module that exists one level above the supervisor and runs directly on the bare hardware to monitor the execution and behaviour of the guest virtual machines. The main task of the hypervior is to provide an emulation of the underlying hardware (CPU, memory, I/O, drivers, etc.) to the guest virtual machines and to take care of the possible issues that may rise due to the interaction of those guests among one another, and with the host hardware and operating system. It also controls host resources.<br />
<br />
====Nested virtualization====<br />
The concept of recursively running one virtual machine inside another. For instance, the main operating system (L1) runs a VM called L2. In turn, L2 runs another VM L3; L3 then runs L4 and so on.<br />
[[File:VirtualizationDiagram-MH.png|thumb|right|Nested virtualization|left|400px]]<br />
<br />
====Para-virtualization====<br />
A virtualization model that requires the guest OS kernel to be modified in order to have some direct access to the host hardware. In contrast to full-virtualization that we discussed in the beginning of the article, para-virtualization does not simulate the entire hardware, it rather relies on a software interface that we must implement in the guest so that it can have some privileged hardware access via special instructions called hypercalls. The advantage here is that we have less environment switches and interaction between the guest and host hypervisors, thus more efficiency. However, portability is an obvious issue, since a system can be para-virtualized to be compatible with only one hypervisor. Another thing to note is that some operating systems such as Windows don't support para-virtualization.<br />
<br />
===Models of virtualization===<br />
<br />
=====Trap and emulate model=====<br />
A model of virtualization based on the idea that when a guest hypervisor attempts to execute higher level instructions like creating its own virtual machine, it triggers a trap or a fault which gets handled or caught by the host hypervisor. Based on the hardware model of virtualization support, the host hypervisor (L0) then determines whether it should handle the trap or whether it should forwards it to the the responsible parent of that guest hypervisor at a higher level.<br />
<br />
====Protection rings====<br />
In modern operating system, there are four levels of access privilge, called Rings, that range from 0 to 4.<br />
Ring 0 is the most privilged level, allowing access to the bare hardware components. The operating system kernel must <br />
execute at Ring 0 in order to access the hardware and secure control. User programs execute at Ring 3. Ring 1 and Ring 2 are dedciated to device drivers and other operations.<br />
<br />
In virtualization, the host hypervisor executes at Ring 0. While the guest virtual machine executes at Ring 3 because its treated as a running application. This is why when a virtual machine attempts to gain hardware privilges or executes higher level instructions, a trap occurs and the hypervisor comes into play and handles the trap.<br />
<br />
====Models of hardware support====<br />
<br />
=====Multiple-level architecture=====<br />
Every parent hypervisor handles every other hypervisor running on top of it. For instance, assume that L0 (host hypervisor) runs the VM L1. When L1 attempts to execute a privileged instruction and a trap occurs, then the parent of L1, which is L0 in this case, will handle the trap. If L1 runs L2, and L2 attempts to execute privileged instructions as well, then L1 will act as the trap handler. More generally, every parent hypervisor at level Ln will act as a trap handler for its guest VM at level Ln+1. This model is not supported by the x86 based systems that are discussed in our research paper.<br />
<br />
=====Single-level architecture=====<br />
The model supported by x86 based systems. In this model, everything must go back to the main host hypervisor at the L0 level. For instance, if the host hypervisor (L0) runs L1, when L1 attempts to run its own virtual machine L2, this will trigger a trap that goes down to L0. Then L0 sends the result of the requested instruction back to L1. Generally, a trap at level Ln will be handled by the host hypervisor at level L0 and then the resulting emulated instruction goes back to Ln.<br />
<br />
===The uses of nested virtualization===<br />
<br />
====Compatibility====<br />
A user can run an application thats not compatible with the existing or running OS as a virtual machine. Operating systems could also provide the user a compatibily mode of other operating systems or applications, an example of this is the Windows XP mode thats available in Windows 7, where Windows 7 runs Windows XP as a virtual machine.<br />
<br />
====Cloud computing====<br />
A cloud provider, more fomally referred to as Infrastructure-as-a-Service (IAAS) provider, could use nested virtualization to give the ability to customers to host their own preferred user-controlled hypervisors and run their virtual machines on the provider hardware. This way both sides can benefit, the provider can attract customers and the customer can have freedom implementing its system on the host hardware without worrying about compatibility issues.<br />
<br />
The most well known example of an IAAS provider is Amazon Web Services (AWS). AWS presents a virtualized platform for other services and web sites to host their API and databases on Amazon's hardware.<br />
<br />
====Security==== <br />
We can also use nested virtualization for security purposes. One common example is virtual honeypots. A honeypot is basically a hollow program or network that appears to be functioning to outside users, but in reality, its only there as a security tool to watch or trap hacker attacks. By using nested virtualization, we can create a honeypot of our system as virtual machines and see how our virtual system is being attacked or what kind of features are being exploited. We can take advantage of the fact that those virtual honeypots can easily be controlled, manipulated, destroyed or even restored.<br />
<br />
====Migration/Transfer of VMs====<br />
Nested virtualization can also be used in live migration or transfer of virtual machines in cases of upgrade or disaster <br />
recovery. Consider a scenarion where a number of virtual machines must be moved to a new hardware server for upgrade, instead of having to move each VM sepertaely, we can nest those virtual machines and their hypervisors to create one nested entity thats easier to deal with and more manageable.<br />
In the last couple of years, virtualization packages such as VMWare and VirtualBox have adapted this notion of live migration and developed their own embedded migration/transfer agents.<br />
<br />
====Testing====<br />
Using virtual machines is convenient for testing, evaluation and bechmarking purposes. Since a virtual machine is essentially<br />
a file on the host operating system, if corrupted or damaged, it can easily be removed, recreated or even restored since we can<br />
can create a snapshot of the running virtual machine.<br />
<br />
<br />
<br />
=Research problem=<br />
<br />
'''Rough version. Let me know of any comments/improvements that can be made on the talk page'''--[[User:Mbingham|Mbingham]] 19:51, 30 November 2010 (UTC)<br />
<br />
Nested virtualization has been studied since the mid 1970s (see paper citations 21,22 and 36). Early reasearch in the area assumes that there is hardware support for nested virtualization. Actual implementations of nested virtualization, such as the z/VM hypervisor in the early 1990s, also required architectural support. Other solutions assume the hypervisors and operating systems being virtualized have been modified to be compatabile with nested virtualization. There have also recently been software based solutions (see citation 12), however these solutions suffer from significant performance problems.<br />
<br />
The main barrier to having nested virtualization without architectural support is that, as you increase the levels of virtualization, the numer of control switches between different levels of hypervisors increases. A trap in a highly nested virtual machine first goes to the bottom level hypervisor, which can send it up to the second level hypervisor, which can in turn send it up (or back down), until it potentially in the worst case reaches the hypervisor that is one level below the virtual machine itself. The trap instruction can be bounced between different levels of hypervisor, which results in one trap instruction multiplying to many trap instructions. <br />
<br />
Generally, solutions that requie architectural support and specialized software for the guest machines are not practically useful because this support does not always exist, such as on x86 processors. Solutions that do not require this suffer from significant performance costs because of how the number of traps expands as nesting depth increases. This paper presents a technique to reconcile the lack of hardware support on available hardware with efficiency. It solves the problem of a single nested trap expanding into many more trap instructions, which allows efficient virtualization without architectural support.<br />
<br />
More specifically, virtualization deals with how to share the resources of the computer between multiple guest operating systems. Nested virtualization must share these resources between multiple guest operating systems and guest hypervisors. The authors acknowledge the CPU, memory, and IO devices as the three key resources that they need to share. Combining this, the paper presents a solution to the problem of how to multiplex the CPU, memory, and IO efficiently between multiple virtual operating systems and hypervisors on a system which has no architectural support for nested virtualization.<br />
<br />
=Contribution=<br />
What are the research contribution(s) of this work? Specifically, what are the key research results, and what do they mean? (What was implemented? Why is it any better than what came before?)<br />
<br />
<br />
The non stop evolution of computers entices intricate designs that are virtualized and harmonious with cloud computing. The paper contributes to this belief by allowing consumers and users to inject machines with '''their''' choice of hypervisor/OS combination that provides grounds for security and compatibility. The sophisticated abstractions presented in the paper such as shadow paging and isolation of a single OS resources authorize programmers for further development and ideas which use this infrastructure. For example the paper Accountable Virtual Machines wraps programs around a particular state VM which could most definitely be placed on a separate hypervisor for ideal isolation.<br />
<br />
==Theory==<br />
<br />
==CPU Virtualization==<br />
How does the Nest VMX virtualization work for the turtle project: L0(the lowest most hypervisor) runs L1 with VMCS0->1(virtual machine control structure).The VMCS is the fundamental data structure that hypervisor per pars, describing the virtual machine, which is passed along to the CPU to be executed. L1(also a hypervisor) prepares VMCS1->2 to run its own virtual machine which executes vmlaunch. vmlaunch will trap and L0 will have the handle the tape because L1 is running as a virtual machine do to the fact that L0 is using the architectural mod for a hypervisor. So in order to have multiplexing happen by making L2 run as a virtual machine of L1. So L0 merges VMCS's; VMCS0->1 merges with VMCS1->2 to become VMCS0->2(enabling L0 to run L2 directly). L0 will now launch a L2 which cause it to trap. L0 handles the trap itself or will forward it to L1 depending if it L1 virtual machines responsibility to handle. The way it handles a single L2 exit, L1 need to read and write to the VMCS disable interrupts which wouldn't normally be a problem but because it running in guest mode as a virtual machine all the operation trap leading to a signal high level L2 exit or L3 exit causes many exits(more exits less performance). Problem was corrected by making the single exit fast and reduced frequency of exits with multi-dimensional paging. In the end L1 or L0 base on the trap will finish handling it and resumes L2. this Process is repeated over again contentiously. -csulliva<br />
<br />
==Memory virtualization==<br />
<br />
How Multi-dimensional paging work on the turtle project. The main idea with n = 2 nest virtualization there are three logical translations: L2 to Virtual to physical address, from an L2 physical to L1 physical and form a L1 physical to L0 physical address. 3 levels of translations however there is only 2 MMU page table in the Hardware that called EPT; which takes virtual to physical and guest physical to host physical. They compress the 3 translations onto the two tables going from the being to end in 2 hopes instead of 3. This is done by shadow page table for the virtual machine and shadow-on-EPT. The Shadow-on-EPT compress three logical translations to two pages. The EPT tables rarely changer were the guest page table changes frequently. L0 emulates EPT for L1 and it uses EPT0->1 and EPT1->2 to construct EPT0->2. this process results in less Exits.<br />
<br />
==I/O virtualization==<br />
<br />
How does I/O virtualization work on the turtle project? There are 3 fundamental way to virtual machine access the I/O, Device emulation(sugerman01), Para-virtualized drivers which know it on a driver(Barham03, Russell08) and Direct device assignment( evasseur04,Yassour08) which results in the best performance. to get the best performance they used a IOMMU for safe DMA bypass. With nested 3X3 options for I/O virtualization they had the many options but they used multi-level device assignment giving L2 guest direct access to L0 devices bypassing both L0 and L1. To do this they had to memory map I/O with program I/0 with DMA with interrupts. the idea with DMA is that each of hiperyzisor L0,L1 need to used a IOMMU to allow its virtual machine to access the device to bypass safety. There is only one plate for IOMMU so L0 need to emulates an IOMMU. then L0 compress the Multiple IOMMU into a single hardware IOMMU page table so that L2 programs the device directly. the Device DMA's are stored into L2 memory space directly<br />
<br />
==Macro optimizations==<br />
How they implement the Micro-Optimizations to make it go faster on the turtle project? The two main places where guest of a nested hypervisor is slower then the same guest running on a baremetal hypervisor are the second transition between L1 to L2 and the exit handling code running on the L1 hypervirsor. Since L1 and L2 are assumed to be unmodified required charges were found in L0 only. They Optimized the transitions between L1 and L2. This involves an exit to L0 and then an entry. In L0 the most time is spent in merging VMC's, so they optimize this by copying data between VMC's if its being modified and they carefully balance full copying versus partial copying and tracking. The VMCS are optimized further by copying multiple VMCS fields at once. Normally by intel's specification read or writes must be performed using vmread and vmwrite instruction (operate on a single field). VMCS data can be accessed without ill side-effects by bypassing vmread and vmwrite and copying multiple fields at once with large memory copies. (might not work on processors other than the ones they have tested).The main cause of this slowdown exit handling are additional exits caused by privileged instructions in the exit-handling code. vmread and vmwrite are used by the hypervisor to change the guest and host specification ( causing L1 exit multiple times while it handles a single l2 exit). By using AMD SVM the guest and host specifications can be read or written to directly using ordinary memory loads and stores( L0 does not intervene while L1 modifies L2 specifications).<br />
<br />
=Critique=<br />
<br />
=== The good ===<br />
<br />
<br />
<br />
<br />
=== The bad ===<br />
<br />
<br />
<br />
=== The style of paper ===<br />
<br />
The paper presents an elaborate description of the concept of nested virtualization in a very specific manner. It does a good job to convey the technical details. Depending on the level of enlightenment towards the background knowledge it appears very complex and personally it required quite some research before my fully delving into the theory of the design. For instance the paragraph 4.1.2 "Impact of Multidimensional paging" attempts to illustrate the technique by an example with terms such as ETP and L1. All in all, the provided video highly in depth increased my awareness in the subject of nested hypervisors.<br />
<br />
=== Conclusion ===<br />
<br />
Bottom line, the research showed in the paper is the first to achieve efficient x86 nested-virtualization without altering the hardware, relying on software-only techniques and mechanisms. They also won the Jay Lepreau best paper award.<br />
<br />
=References=<br />
[1] Tanenbaum, Andrew (2007).'' Modern Operating Systems (3rd edition)'', page 569.</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=COMP_3000_Essay_2_2010_Question_9&diff=6556COMP 3000 Essay 2 2010 Question 92010-12-02T22:55:30Z<p>Csulliva: /* I/O virtualization */</p>
<hr />
<div>'''''Go to discussion for group members confirmation, general talk and paper discussions.'''''<br />
<br />
<br />
=Paper=<br />
<br />
<center><big><big>'''"The Turtles Project: Design and Implementation of Nested Virtualization"'''</big></big></center><br />
<br />
'''Authors:'''<br />
* Muli Ben-Yehuday + <br />
* Michael D. Day ++ <br />
* Zvi Dubitzky + <br />
* Michael Factor + <br />
* Nadav Har’El + <br />
* Abel Gordon +<br />
* Anthony Liguori ++<br />
* Orit Wasserman +<br />
* Ben-Ami Yassour +<br />
<br />
'''Research labs:'''<br />
<br />
+ IBM Research – Haifa<br />
<br />
++ IBM Linux Technology Center<br />
<br />
<br />
'''Website:''' http://www.usenix.org/events/osdi10/tech/full_papers/Ben-Yehuda.pdf<br />
<br />
'''Video presentation:''' http://www.usenix.org/multimedia/osdi10ben-yehuda [Note: username and password are required for entry]<br />
<br />
<br />
=Background Concepts=<br />
<br />
Before we delve into the details of our research paper, its essential that we provide some insight and background to the concepts <br />
and notions discussed by the authors.<br />
<br />
===Virtualization===<br />
<br />
In essence, virtualization is creating an emulation of the underlying hardware for a guest operating system, program or a process to operate on. [1] Usually referred to as a virtual machine, this emulation usually consists of a guest hypervisor and a virtualized environment, giving the guest operating system the illusion that its running on the bare hardware. But the reality is, we're running the virtual machine as an application on the host OS.<br />
<br />
The term virtualization has become rather broad, associated with a number of areas where this technology is used like data virtualization, storage virtualization, mobile virtualization and network virtualization. For the purposes and context of our assigned paper, we shall focus our attention on hardware virtualization within the context of operating systems.<br />
<br />
====Hypervisor==== <br />
Also referred to as VMM (Virtual machine monitor), is a software module that exists one level above the supervisor and runs directly on the bare hardware to monitor the execution and behaviour of the guest virtual machines. The main task of the hypervior is to provide an emulation of the underlying hardware (CPU, memory, I/O, drivers, etc.) to the guest virtual machines and to take care of the possible issues that may rise due to the interaction of those guests among one another, and with the host hardware and operating system. It also controls host resources.<br />
<br />
====Nested virtualization====<br />
The concept of recursively running one virtual machine inside another. For instance, the main operating system (L1) runs a VM called L2. In turn, L2 runs another VM L3; L3 then runs L4 and so on.<br />
[[File:VirtualizationDiagram-MH.png|thumb|right|Nested virtualization|left|400px]]<br />
<br />
====Para-virtualization====<br />
A virtualization model that requires the guest OS kernel to be modified in order to have some direct access to the host hardware. In contrast to full-virtualization that we discussed in the beginning of the article, para-virtualization does not simulate the entire hardware, it rather relies on a software interface that we must implement in the guest so that it can have some privileged hardware access via special instructions called hypercalls. The advantage here is that we have less environment switches and interaction between the guest and host hypervisors, thus more efficiency. However, portability is an obvious issue, since a system can be para-virtualized to be compatible with only one hypervisor. Another thing to note is that some operating systems such as Windows don't support para-virtualization.<br />
<br />
===Models of virtualization===<br />
<br />
=====Trap and emulate model=====<br />
A model of virtualization based on the idea that when a guest hypervisor attempts to execute higher level instructions like creating its own virtual machine, it triggers a trap or a fault which gets handled or caught by the host hypervisor. Based on the hardware model of virtualization support, the host hypervisor (L0) then determines whether it should handle the trap or whether it should forwards it to the the responsible parent of that guest hypervisor at a higher level.<br />
<br />
====Protection rings====<br />
In modern operating system, there are four levels of access privilge, called Rings, that range from 0 to 4.<br />
Ring 0 is the most privilged level, allowing access to the bare hardware components. The operating system kernel must <br />
execute at Ring 0 in order to access the hardware and secure control. User programs execute at Ring 3. Ring 1 and Ring 2 are dedciated to device drivers and other operations.<br />
<br />
In virtualization, the host hypervisor executes at Ring 0. While the guest virtual machine executes at Ring 3 because its treated as a running application. This is why when a virtual machine attempts to gain hardware privilges or executes higher level instructions, a trap occurs and the hypervisor comes into play and handles the trap.<br />
<br />
====Models of hardware support====<br />
<br />
=====Multiple-level architecture=====<br />
Every parent hypervisor handles every other hypervisor running on top of it. For instance, assume that L0 (host hypervisor) runs the VM L1. When L1 attempts to execute a privileged instruction and a trap occurs, then the parent of L1, which is L0 in this case, will handle the trap. If L1 runs L2, and L2 attempts to execute privileged instructions as well, then L1 will act as the trap handler. More generally, every parent hypervisor at level Ln will act as a trap handler for its guest VM at level Ln+1. This model is not supported by the x86 based systems that are discussed in our research paper.<br />
<br />
=====Single-level architecture=====<br />
The model supported by x86 based systems. In this model, everything must go back to the main host hypervisor at the L0 level. For instance, if the host hypervisor (L0) runs L1, when L1 attempts to run its own virtual machine L2, this will trigger a trap that goes down to L0. Then L0 sends the result of the requested instruction back to L1. Generally, a trap at level Ln will be handled by the host hypervisor at level L0 and then the resulting emulated instruction goes back to Ln.<br />
<br />
===The uses of nested virtualization===<br />
<br />
====Compatibility====<br />
A user can run an application thats not compatible with the existing or running OS as a virtual machine. Operating systems could also provide the user a compatibily mode of other operating systems or applications, an example of this is the Windows XP mode thats available in Windows 7, where Windows 7 runs Windows XP as a virtual machine.<br />
<br />
====Cloud computing====<br />
A cloud provider, more fomally referred to as Infrastructure-as-a-Service (IAAS) provider, could use nested virtualization to give the ability to customers to host their own preferred user-controlled hypervisors and run their virtual machines on the provider hardware. This way both sides can benefit, the provider can attract customers and the customer can have freedom implementing its system on the host hardware without worrying about compatibility issues.<br />
<br />
The most well known example of an IAAS provider is Amazon Web Services (AWS). AWS presents a virtualized platform for other services and web sites to host their API and databases on Amazon's hardware.<br />
<br />
====Security==== <br />
We can also use nested virtualization for security purposes. One common example is virtual honeypots. A honeypot is basically a hollow program or network that appears to be functioning to outside users, but in reality, its only there as a security tool to watch or trap hacker attacks. By using nested virtualization, we can create a honeypot of our system as virtual machines and see how our virtual system is being attacked or what kind of features are being exploited. We can take advantage of the fact that those virtual honeypots can easily be controlled, manipulated, destroyed or even restored.<br />
<br />
====Migration/Transfer of VMs====<br />
Nested virtualization can also be used in live migration or transfer of virtual machines in cases of upgrade or disaster <br />
recovery. Consider a scenarion where a number of virtual machines must be moved to a new hardware server for upgrade, instead of having to move each VM sepertaely, we can nest those virtual machines and their hypervisors to create one nested entity thats easier to deal with and more manageable.<br />
In the last couple of years, virtualization packages such as VMWare and VirtualBox have adapted this notion of live migration and developed their own embedded migration/transfer agents.<br />
<br />
====Testing====<br />
Using virtual machines is convenient for testing, evaluation and bechmarking purposes. Since a virtual machine is essentially<br />
a file on the host operating system, if corrupted or damaged, it can easily be removed, recreated or even restored since we can<br />
can create a snapshot of the running virtual machine.<br />
<br />
<br />
<br />
=Research problem=<br />
<br />
'''Rough version. Let me know of any comments/improvements that can be made on the talk page'''--[[User:Mbingham|Mbingham]] 19:51, 30 November 2010 (UTC)<br />
<br />
Nested virtualization has been studied since the mid 1970s (see paper citations 21,22 and 36). Early reasearch in the area assumes that there is hardware support for nested virtualization. Actual implementations of nested virtualization, such as the z/VM hypervisor in the early 1990s, also required architectural support. Other solutions assume the hypervisors and operating systems being virtualized have been modified to be compatabile with nested virtualization. There have also recently been software based solutions (see citation 12), however these solutions suffer from significant performance problems.<br />
<br />
The main barrier to having nested virtualization without architectural support is that, as you increase the levels of virtualization, the numer of control switches between different levels of hypervisors increases. A trap in a highly nested virtual machine first goes to the bottom level hypervisor, which can send it up to the second level hypervisor, which can in turn send it up (or back down), until it potentially in the worst case reaches the hypervisor that is one level below the virtual machine itself. The trap instruction can be bounced between different levels of hypervisor, which results in one trap instruction multiplying to many trap instructions. <br />
<br />
Generally, solutions that requie architectural support and specialized software for the guest machines are not practically useful because this support does not always exist, such as on x86 processors. Solutions that do not require this suffer from significant performance costs because of how the number of traps expands as nesting depth increases. This paper presents a technique to reconcile the lack of hardware support on available hardware with efficiency. It solves the problem of a single nested trap expanding into many more trap instructions, which allows efficient virtualization without architectural support.<br />
<br />
More specifically, virtualization deals with how to share the resources of the computer between multiple guest operating systems. Nested virtualization must share these resources between multiple guest operating systems and guest hypervisors. The authors acknowledge the CPU, memory, and IO devices as the three key resources that they need to share. Combining this, the paper presents a solution to the problem of how to multiplex the CPU, memory, and IO efficiently between multiple virtual operating systems and hypervisors on a system which has no architectural support for nested virtualization.<br />
<br />
=Contribution=<br />
What are the research contribution(s) of this work? Specifically, what are the key research results, and what do they mean? (What was implemented? Why is it any better than what came before?)<br />
<br />
<br />
The non stop evolution of computers entices intricate designs that are virtualized and harmonious with cloud computing. The paper contributes to this belief by allowing consumers and users to inject machines with '''their''' choice of hypervisor/OS combination that provides grounds for security and compatibility. The sophisticated abstractions presented in the paper such as shadow paging and isolation of a single OS resources authorize programmers for further development and ideas which use this infrastructure. For example the paper Accountable Virtual Machines wraps programs around a particular state VM which could most definitely be placed on a separate hypervisor for ideal isolation.<br />
<br />
==Theory==<br />
<br />
==CPU Virtualization==<br />
How does the Nest VMX virtualization work for the turtle project: L0(the lowest most hypervisor) runs L1 with VMCS0->1(virtual machine control structure).The VMCS is the fundamental data structure that hypervisor per pars, describing the virtual machine, which is passed along to the CPU to be executed. L1(also a hypervisor) prepares VMCS1->2 to run its own virtual machine which executes vmlaunch. vmlaunch will trap and L0 will have the handle the tape because L1 is running as a virtual machine do to the fact that L0 is using the architectural mod for a hypervisor. So in order to have multiplexing happen by making L2 run as a virtual machine of L1. So L0 merges VMCS's; VMCS0->1 merges with VMCS1->2 to become VMCS0->2(enabling L0 to run L2 directly). L0 will now launch a L2 which cause it to trap. L0 handles the trap itself or will forward it to L1 depending if it L1 virtual machines responsibility to handle. The way it handles a single L2 exit, L1 need to read and write to the VMCS disable interrupts which wouldn't normally be a problem but because it running in guest mode as a virtual machine all the operation trap leading to a signal high level L2 exit or L3 exit causes many exits(more exits less performance). Problem was corrected by making the single exit fast and reduced frequency of exits with multi-dimensional paging. In the end L1 or L0 base on the trap will finish handling it and resumes L2. this Process is repeated over again contentiously. -csulliva<br />
<br />
==Memory virtualization==<br />
<br />
How Multi-dimensional paging work on the turtle project. The main idea with n = 2 nest virtualization there are three logical translations: L2 to Virtual to physical address, from an L2 physical to L1 physical and form a L1 physical to L0 physical address. 3 levels of translations however there is only 2 MMU page table in the Hardware that called EPT; which takes virtual to physical and guest physical to host physical. They compress the 3 translations onto the two tables going from the being to end in 2 hopes instead of 3. This is done by shadow page table for the virtual machine and shadow-on-EPT. The Shadow-on-EPT compress three logical translations to two pages. The EPT tables rarely changer were the guest page table changes frequently. L0 emulates EPT for L1 and it uses EPT0->1 and EPT1->2 to construct EPT0->2. this process results in less Exits.<br />
<br />
==I/O virtualization==<br />
<br />
How does I/O virtualization work on the turtle project? There are 3 fundamental way to virtual machine access the I/O, Device emulation(sugerman01), Para-virtualized drivers which know it on a driver(Barham03, Russell08) and Direct device assignment( evasseur04,Yassour08) which results in the best performance. to get the best performance they used a IOMMU for safe DMA bypass. With nested 3X3 options for I/O virtualization they had the many options but they used multi-level device assignment giving L2 guest direct access to L0 devices bypassing both L0 and L1. To do this they had to memory map I/O with program I/0 with DMA with interrupts. the idea with DMA is that each of hiperyzisor L0,L1 need to used a IOMMU to allow its virtual machine to access the device to bypass safety. There is only one plate for IOMMU so L0 need to emulates an IOMMU. then L0 compress the Multiple IOMMU into a single hardware IOMMU page table so that L2 programs the device directly. the Device DMA's are stored into L2 memory space directly<br />
<br />
==Macro optimizations==<br />
<br />
=Critique=<br />
<br />
=== The good ===<br />
<br />
<br />
<br />
<br />
=== The bad ===<br />
<br />
<br />
<br />
=== The style of paper ===<br />
<br />
The paper presents an elaborate description of the concept of nested virtualization in a very specific manner. It does a good job to convey the technical details. Depending on the level of enlightenment towards the background knowledge it appears very complex and personally it required quite some research before my fully delving into the theory of the design. For instance the paragraph 4.1.2 "Impact of Multidimensional paging" attempts to illustrate the technique by an example with terms such as ETP and L1. All in all, the provided video highly in depth increased my awareness in the subject of nested hypervisors.<br />
<br />
=== Conclusion ===<br />
<br />
Bottom line, the research showed in the paper is the first to achieve efficient x86 nested-virtualization without altering the hardware, relying on software-only techniques and mechanisms. They also won the Jay Lepreau best paper award.<br />
<br />
=References=<br />
[1] Tanenbaum, Andrew (2007).'' Modern Operating Systems (3rd edition)'', page 569.</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=COMP_3000_Essay_2_2010_Question_9&diff=6554COMP 3000 Essay 2 2010 Question 92010-12-02T22:54:54Z<p>Csulliva: /* Memory virtualization */</p>
<hr />
<div>'''''Go to discussion for group members confirmation, general talk and paper discussions.'''''<br />
<br />
<br />
=Paper=<br />
<br />
<center><big><big>'''"The Turtles Project: Design and Implementation of Nested Virtualization"'''</big></big></center><br />
<br />
'''Authors:'''<br />
* Muli Ben-Yehuday + <br />
* Michael D. Day ++ <br />
* Zvi Dubitzky + <br />
* Michael Factor + <br />
* Nadav Har’El + <br />
* Abel Gordon +<br />
* Anthony Liguori ++<br />
* Orit Wasserman +<br />
* Ben-Ami Yassour +<br />
<br />
'''Research labs:'''<br />
<br />
+ IBM Research – Haifa<br />
<br />
++ IBM Linux Technology Center<br />
<br />
<br />
'''Website:''' http://www.usenix.org/events/osdi10/tech/full_papers/Ben-Yehuda.pdf<br />
<br />
'''Video presentation:''' http://www.usenix.org/multimedia/osdi10ben-yehuda [Note: username and password are required for entry]<br />
<br />
<br />
=Background Concepts=<br />
<br />
Before we delve into the details of our research paper, its essential that we provide some insight and background to the concepts <br />
and notions discussed by the authors.<br />
<br />
===Virtualization===<br />
<br />
In essence, virtualization is creating an emulation of the underlying hardware for a guest operating system, program or a process to operate on. [1] Usually referred to as a virtual machine, this emulation usually consists of a guest hypervisor and a virtualized environment, giving the guest operating system the illusion that its running on the bare hardware. But the reality is, we're running the virtual machine as an application on the host OS.<br />
<br />
The term virtualization has become rather broad, associated with a number of areas where this technology is used like data virtualization, storage virtualization, mobile virtualization and network virtualization. For the purposes and context of our assigned paper, we shall focus our attention on hardware virtualization within the context of operating systems.<br />
<br />
====Hypervisor==== <br />
Also referred to as VMM (Virtual machine monitor), is a software module that exists one level above the supervisor and runs directly on the bare hardware to monitor the execution and behaviour of the guest virtual machines. The main task of the hypervior is to provide an emulation of the underlying hardware (CPU, memory, I/O, drivers, etc.) to the guest virtual machines and to take care of the possible issues that may rise due to the interaction of those guests among one another, and with the host hardware and operating system. It also controls host resources.<br />
<br />
====Nested virtualization====<br />
The concept of recursively running one virtual machine inside another. For instance, the main operating system (L1) runs a VM called L2. In turn, L2 runs another VM L3; L3 then runs L4 and so on.<br />
[[File:VirtualizationDiagram-MH.png|thumb|right|Nested virtualization|left|400px]]<br />
<br />
====Para-virtualization====<br />
A virtualization model that requires the guest OS kernel to be modified in order to have some direct access to the host hardware. In contrast to full-virtualization that we discussed in the beginning of the article, para-virtualization does not simulate the entire hardware, it rather relies on a software interface that we must implement in the guest so that it can have some privileged hardware access via special instructions called hypercalls. The advantage here is that we have less environment switches and interaction between the guest and host hypervisors, thus more efficiency. However, portability is an obvious issue, since a system can be para-virtualized to be compatible with only one hypervisor. Another thing to note is that some operating systems such as Windows don't support para-virtualization.<br />
<br />
===Models of virtualization===<br />
<br />
=====Trap and emulate model=====<br />
A model of virtualization based on the idea that when a guest hypervisor attempts to execute higher level instructions like creating its own virtual machine, it triggers a trap or a fault which gets handled or caught by the host hypervisor. Based on the hardware model of virtualization support, the host hypervisor (L0) then determines whether it should handle the trap or whether it should forwards it to the the responsible parent of that guest hypervisor at a higher level.<br />
<br />
====Protection rings====<br />
In modern operating system, there are four levels of access privilge, called Rings, that range from 0 to 4.<br />
Ring 0 is the most privilged level, allowing access to the bare hardware components. The operating system kernel must <br />
execute at Ring 0 in order to access the hardware and secure control. User programs execute at Ring 3. Ring 1 and Ring 2 are dedciated to device drivers and other operations.<br />
<br />
In virtualization, the host hypervisor executes at Ring 0. While the guest virtual machine executes at Ring 3 because its treated as a running application. This is why when a virtual machine attempts to gain hardware privilges or executes higher level instructions, a trap occurs and the hypervisor comes into play and handles the trap.<br />
<br />
====Models of hardware support====<br />
<br />
=====Multiple-level architecture=====<br />
Every parent hypervisor handles every other hypervisor running on top of it. For instance, assume that L0 (host hypervisor) runs the VM L1. When L1 attempts to execute a privileged instruction and a trap occurs, then the parent of L1, which is L0 in this case, will handle the trap. If L1 runs L2, and L2 attempts to execute privileged instructions as well, then L1 will act as the trap handler. More generally, every parent hypervisor at level Ln will act as a trap handler for its guest VM at level Ln+1. This model is not supported by the x86 based systems that are discussed in our research paper.<br />
<br />
=====Single-level architecture=====<br />
The model supported by x86 based systems. In this model, everything must go back to the main host hypervisor at the L0 level. For instance, if the host hypervisor (L0) runs L1, when L1 attempts to run its own virtual machine L2, this will trigger a trap that goes down to L0. Then L0 sends the result of the requested instruction back to L1. Generally, a trap at level Ln will be handled by the host hypervisor at level L0 and then the resulting emulated instruction goes back to Ln.<br />
<br />
===The uses of nested virtualization===<br />
<br />
====Compatibility====<br />
A user can run an application thats not compatible with the existing or running OS as a virtual machine. Operating systems could also provide the user a compatibily mode of other operating systems or applications, an example of this is the Windows XP mode thats available in Windows 7, where Windows 7 runs Windows XP as a virtual machine.<br />
<br />
====Cloud computing====<br />
A cloud provider, more fomally referred to as Infrastructure-as-a-Service (IAAS) provider, could use nested virtualization to give the ability to customers to host their own preferred user-controlled hypervisors and run their virtual machines on the provider hardware. This way both sides can benefit, the provider can attract customers and the customer can have freedom implementing its system on the host hardware without worrying about compatibility issues.<br />
<br />
The most well known example of an IAAS provider is Amazon Web Services (AWS). AWS presents a virtualized platform for other services and web sites to host their API and databases on Amazon's hardware.<br />
<br />
====Security==== <br />
We can also use nested virtualization for security purposes. One common example is virtual honeypots. A honeypot is basically a hollow program or network that appears to be functioning to outside users, but in reality, its only there as a security tool to watch or trap hacker attacks. By using nested virtualization, we can create a honeypot of our system as virtual machines and see how our virtual system is being attacked or what kind of features are being exploited. We can take advantage of the fact that those virtual honeypots can easily be controlled, manipulated, destroyed or even restored.<br />
<br />
====Migration/Transfer of VMs====<br />
Nested virtualization can also be used in live migration or transfer of virtual machines in cases of upgrade or disaster <br />
recovery. Consider a scenarion where a number of virtual machines must be moved to a new hardware server for upgrade, instead of having to move each VM sepertaely, we can nest those virtual machines and their hypervisors to create one nested entity thats easier to deal with and more manageable.<br />
In the last couple of years, virtualization packages such as VMWare and VirtualBox have adapted this notion of live migration and developed their own embedded migration/transfer agents.<br />
<br />
====Testing====<br />
Using virtual machines is convenient for testing, evaluation and bechmarking purposes. Since a virtual machine is essentially<br />
a file on the host operating system, if corrupted or damaged, it can easily be removed, recreated or even restored since we can<br />
can create a snapshot of the running virtual machine.<br />
<br />
<br />
<br />
=Research problem=<br />
<br />
'''Rough version. Let me know of any comments/improvements that can be made on the talk page'''--[[User:Mbingham|Mbingham]] 19:51, 30 November 2010 (UTC)<br />
<br />
Nested virtualization has been studied since the mid 1970s (see paper citations 21,22 and 36). Early reasearch in the area assumes that there is hardware support for nested virtualization. Actual implementations of nested virtualization, such as the z/VM hypervisor in the early 1990s, also required architectural support. Other solutions assume the hypervisors and operating systems being virtualized have been modified to be compatabile with nested virtualization. There have also recently been software based solutions (see citation 12), however these solutions suffer from significant performance problems.<br />
<br />
The main barrier to having nested virtualization without architectural support is that, as you increase the levels of virtualization, the numer of control switches between different levels of hypervisors increases. A trap in a highly nested virtual machine first goes to the bottom level hypervisor, which can send it up to the second level hypervisor, which can in turn send it up (or back down), until it potentially in the worst case reaches the hypervisor that is one level below the virtual machine itself. The trap instruction can be bounced between different levels of hypervisor, which results in one trap instruction multiplying to many trap instructions. <br />
<br />
Generally, solutions that requie architectural support and specialized software for the guest machines are not practically useful because this support does not always exist, such as on x86 processors. Solutions that do not require this suffer from significant performance costs because of how the number of traps expands as nesting depth increases. This paper presents a technique to reconcile the lack of hardware support on available hardware with efficiency. It solves the problem of a single nested trap expanding into many more trap instructions, which allows efficient virtualization without architectural support.<br />
<br />
More specifically, virtualization deals with how to share the resources of the computer between multiple guest operating systems. Nested virtualization must share these resources between multiple guest operating systems and guest hypervisors. The authors acknowledge the CPU, memory, and IO devices as the three key resources that they need to share. Combining this, the paper presents a solution to the problem of how to multiplex the CPU, memory, and IO efficiently between multiple virtual operating systems and hypervisors on a system which has no architectural support for nested virtualization.<br />
<br />
=Contribution=<br />
What are the research contribution(s) of this work? Specifically, what are the key research results, and what do they mean? (What was implemented? Why is it any better than what came before?)<br />
<br />
<br />
The non stop evolution of computers entices intricate designs that are virtualized and harmonious with cloud computing. The paper contributes to this belief by allowing consumers and users to inject machines with '''their''' choice of hypervisor/OS combination that provides grounds for security and compatibility. The sophisticated abstractions presented in the paper such as shadow paging and isolation of a single OS resources authorize programmers for further development and ideas which use this infrastructure. For example the paper Accountable Virtual Machines wraps programs around a particular state VM which could most definitely be placed on a separate hypervisor for ideal isolation.<br />
<br />
==Theory==<br />
<br />
==CPU Virtualization==<br />
How does the Nest VMX virtualization work for the turtle project: L0(the lowest most hypervisor) runs L1 with VMCS0->1(virtual machine control structure).The VMCS is the fundamental data structure that hypervisor per pars, describing the virtual machine, which is passed along to the CPU to be executed. L1(also a hypervisor) prepares VMCS1->2 to run its own virtual machine which executes vmlaunch. vmlaunch will trap and L0 will have the handle the tape because L1 is running as a virtual machine do to the fact that L0 is using the architectural mod for a hypervisor. So in order to have multiplexing happen by making L2 run as a virtual machine of L1. So L0 merges VMCS's; VMCS0->1 merges with VMCS1->2 to become VMCS0->2(enabling L0 to run L2 directly). L0 will now launch a L2 which cause it to trap. L0 handles the trap itself or will forward it to L1 depending if it L1 virtual machines responsibility to handle. The way it handles a single L2 exit, L1 need to read and write to the VMCS disable interrupts which wouldn't normally be a problem but because it running in guest mode as a virtual machine all the operation trap leading to a signal high level L2 exit or L3 exit causes many exits(more exits less performance). Problem was corrected by making the single exit fast and reduced frequency of exits with multi-dimensional paging. In the end L1 or L0 base on the trap will finish handling it and resumes L2. this Process is repeated over again contentiously. -csulliva<br />
<br />
==Memory virtualization==<br />
<br />
How Multi-dimensional paging work on the turtle project. The main idea with n = 2 nest virtualization there are three logical translations: L2 to Virtual to physical address, from an L2 physical to L1 physical and form a L1 physical to L0 physical address. 3 levels of translations however there is only 2 MMU page table in the Hardware that called EPT; which takes virtual to physical and guest physical to host physical. They compress the 3 translations onto the two tables going from the being to end in 2 hopes instead of 3. This is done by shadow page table for the virtual machine and shadow-on-EPT. The Shadow-on-EPT compress three logical translations to two pages. The EPT tables rarely changer were the guest page table changes frequently. L0 emulates EPT for L1 and it uses EPT0->1 and EPT1->2 to construct EPT0->2. this process results in less Exits.<br />
<br />
==I/O virtualization==<br />
==Macro optimizations==<br />
<br />
=Critique=<br />
<br />
=== The good ===<br />
<br />
<br />
<br />
<br />
=== The bad ===<br />
<br />
<br />
<br />
=== The style of paper ===<br />
<br />
The paper presents an elaborate description of the concept of nested virtualization in a very specific manner. It does a good job to convey the technical details. Depending on the level of enlightenment towards the background knowledge it appears very complex and personally it required quite some research before my fully delving into the theory of the design. For instance the paragraph 4.1.2 "Impact of Multidimensional paging" attempts to illustrate the technique by an example with terms such as ETP and L1. All in all, the provided video highly in depth increased my awareness in the subject of nested hypervisors.<br />
<br />
=== Conclusion ===<br />
<br />
Bottom line, the research showed in the paper is the first to achieve efficient x86 nested-virtualization without altering the hardware, relying on software-only techniques and mechanisms. They also won the Jay Lepreau best paper award.<br />
<br />
=References=<br />
[1] Tanenbaum, Andrew (2007).'' Modern Operating Systems (3rd edition)'', page 569.</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=COMP_3000_Essay_2_2010_Question_9&diff=6553COMP 3000 Essay 2 2010 Question 92010-12-02T22:54:38Z<p>Csulliva: /* Memory virtualization */</p>
<hr />
<div>'''''Go to discussion for group members confirmation, general talk and paper discussions.'''''<br />
<br />
<br />
=Paper=<br />
<br />
<center><big><big>'''"The Turtles Project: Design and Implementation of Nested Virtualization"'''</big></big></center><br />
<br />
'''Authors:'''<br />
* Muli Ben-Yehuday + <br />
* Michael D. Day ++ <br />
* Zvi Dubitzky + <br />
* Michael Factor + <br />
* Nadav Har’El + <br />
* Abel Gordon +<br />
* Anthony Liguori ++<br />
* Orit Wasserman +<br />
* Ben-Ami Yassour +<br />
<br />
'''Research labs:'''<br />
<br />
+ IBM Research – Haifa<br />
<br />
++ IBM Linux Technology Center<br />
<br />
<br />
'''Website:''' http://www.usenix.org/events/osdi10/tech/full_papers/Ben-Yehuda.pdf<br />
<br />
'''Video presentation:''' http://www.usenix.org/multimedia/osdi10ben-yehuda [Note: username and password are required for entry]<br />
<br />
<br />
=Background Concepts=<br />
<br />
Before we delve into the details of our research paper, its essential that we provide some insight and background to the concepts <br />
and notions discussed by the authors.<br />
<br />
===Virtualization===<br />
<br />
In essence, virtualization is creating an emulation of the underlying hardware for a guest operating system, program or a process to operate on. [1] Usually referred to as a virtual machine, this emulation usually consists of a guest hypervisor and a virtualized environment, giving the guest operating system the illusion that its running on the bare hardware. But the reality is, we're running the virtual machine as an application on the host OS.<br />
<br />
The term virtualization has become rather broad, associated with a number of areas where this technology is used like data virtualization, storage virtualization, mobile virtualization and network virtualization. For the purposes and context of our assigned paper, we shall focus our attention on hardware virtualization within the context of operating systems.<br />
<br />
====Hypervisor==== <br />
Also referred to as VMM (Virtual machine monitor), is a software module that exists one level above the supervisor and runs directly on the bare hardware to monitor the execution and behaviour of the guest virtual machines. The main task of the hypervior is to provide an emulation of the underlying hardware (CPU, memory, I/O, drivers, etc.) to the guest virtual machines and to take care of the possible issues that may rise due to the interaction of those guests among one another, and with the host hardware and operating system. It also controls host resources.<br />
<br />
====Nested virtualization====<br />
The concept of recursively running one virtual machine inside another. For instance, the main operating system (L1) runs a VM called L2. In turn, L2 runs another VM L3; L3 then runs L4 and so on.<br />
[[File:VirtualizationDiagram-MH.png|thumb|right|Nested virtualization|left|400px]]<br />
<br />
====Para-virtualization====<br />
A virtualization model that requires the guest OS kernel to be modified in order to have some direct access to the host hardware. In contrast to full-virtualization that we discussed in the beginning of the article, para-virtualization does not simulate the entire hardware, it rather relies on a software interface that we must implement in the guest so that it can have some privileged hardware access via special instructions called hypercalls. The advantage here is that we have less environment switches and interaction between the guest and host hypervisors, thus more efficiency. However, portability is an obvious issue, since a system can be para-virtualized to be compatible with only one hypervisor. Another thing to note is that some operating systems such as Windows don't support para-virtualization.<br />
<br />
===Models of virtualization===<br />
<br />
=====Trap and emulate model=====<br />
A model of virtualization based on the idea that when a guest hypervisor attempts to execute higher level instructions like creating its own virtual machine, it triggers a trap or a fault which gets handled or caught by the host hypervisor. Based on the hardware model of virtualization support, the host hypervisor (L0) then determines whether it should handle the trap or whether it should forwards it to the the responsible parent of that guest hypervisor at a higher level.<br />
<br />
====Protection rings====<br />
In modern operating system, there are four levels of access privilge, called Rings, that range from 0 to 4.<br />
Ring 0 is the most privilged level, allowing access to the bare hardware components. The operating system kernel must <br />
execute at Ring 0 in order to access the hardware and secure control. User programs execute at Ring 3. Ring 1 and Ring 2 are dedciated to device drivers and other operations.<br />
<br />
In virtualization, the host hypervisor executes at Ring 0. While the guest virtual machine executes at Ring 3 because its treated as a running application. This is why when a virtual machine attempts to gain hardware privilges or executes higher level instructions, a trap occurs and the hypervisor comes into play and handles the trap.<br />
<br />
====Models of hardware support====<br />
<br />
=====Multiple-level architecture=====<br />
Every parent hypervisor handles every other hypervisor running on top of it. For instance, assume that L0 (host hypervisor) runs the VM L1. When L1 attempts to execute a privileged instruction and a trap occurs, then the parent of L1, which is L0 in this case, will handle the trap. If L1 runs L2, and L2 attempts to execute privileged instructions as well, then L1 will act as the trap handler. More generally, every parent hypervisor at level Ln will act as a trap handler for its guest VM at level Ln+1. This model is not supported by the x86 based systems that are discussed in our research paper.<br />
<br />
=====Single-level architecture=====<br />
The model supported by x86 based systems. In this model, everything must go back to the main host hypervisor at the L0 level. For instance, if the host hypervisor (L0) runs L1, when L1 attempts to run its own virtual machine L2, this will trigger a trap that goes down to L0. Then L0 sends the result of the requested instruction back to L1. Generally, a trap at level Ln will be handled by the host hypervisor at level L0 and then the resulting emulated instruction goes back to Ln.<br />
<br />
===The uses of nested virtualization===<br />
<br />
====Compatibility====<br />
A user can run an application thats not compatible with the existing or running OS as a virtual machine. Operating systems could also provide the user a compatibily mode of other operating systems or applications, an example of this is the Windows XP mode thats available in Windows 7, where Windows 7 runs Windows XP as a virtual machine.<br />
<br />
====Cloud computing====<br />
A cloud provider, more fomally referred to as Infrastructure-as-a-Service (IAAS) provider, could use nested virtualization to give the ability to customers to host their own preferred user-controlled hypervisors and run their virtual machines on the provider hardware. This way both sides can benefit, the provider can attract customers and the customer can have freedom implementing its system on the host hardware without worrying about compatibility issues.<br />
<br />
The most well known example of an IAAS provider is Amazon Web Services (AWS). AWS presents a virtualized platform for other services and web sites to host their API and databases on Amazon's hardware.<br />
<br />
====Security==== <br />
We can also use nested virtualization for security purposes. One common example is virtual honeypots. A honeypot is basically a hollow program or network that appears to be functioning to outside users, but in reality, its only there as a security tool to watch or trap hacker attacks. By using nested virtualization, we can create a honeypot of our system as virtual machines and see how our virtual system is being attacked or what kind of features are being exploited. We can take advantage of the fact that those virtual honeypots can easily be controlled, manipulated, destroyed or even restored.<br />
<br />
====Migration/Transfer of VMs====<br />
Nested virtualization can also be used in live migration or transfer of virtual machines in cases of upgrade or disaster <br />
recovery. Consider a scenarion where a number of virtual machines must be moved to a new hardware server for upgrade, instead of having to move each VM sepertaely, we can nest those virtual machines and their hypervisors to create one nested entity thats easier to deal with and more manageable.<br />
In the last couple of years, virtualization packages such as VMWare and VirtualBox have adapted this notion of live migration and developed their own embedded migration/transfer agents.<br />
<br />
====Testing====<br />
Using virtual machines is convenient for testing, evaluation and bechmarking purposes. Since a virtual machine is essentially<br />
a file on the host operating system, if corrupted or damaged, it can easily be removed, recreated or even restored since we can<br />
can create a snapshot of the running virtual machine.<br />
<br />
<br />
<br />
=Research problem=<br />
<br />
'''Rough version. Let me know of any comments/improvements that can be made on the talk page'''--[[User:Mbingham|Mbingham]] 19:51, 30 November 2010 (UTC)<br />
<br />
Nested virtualization has been studied since the mid 1970s (see paper citations 21,22 and 36). Early reasearch in the area assumes that there is hardware support for nested virtualization. Actual implementations of nested virtualization, such as the z/VM hypervisor in the early 1990s, also required architectural support. Other solutions assume the hypervisors and operating systems being virtualized have been modified to be compatabile with nested virtualization. There have also recently been software based solutions (see citation 12), however these solutions suffer from significant performance problems.<br />
<br />
The main barrier to having nested virtualization without architectural support is that, as you increase the levels of virtualization, the numer of control switches between different levels of hypervisors increases. A trap in a highly nested virtual machine first goes to the bottom level hypervisor, which can send it up to the second level hypervisor, which can in turn send it up (or back down), until it potentially in the worst case reaches the hypervisor that is one level below the virtual machine itself. The trap instruction can be bounced between different levels of hypervisor, which results in one trap instruction multiplying to many trap instructions. <br />
<br />
Generally, solutions that requie architectural support and specialized software for the guest machines are not practically useful because this support does not always exist, such as on x86 processors. Solutions that do not require this suffer from significant performance costs because of how the number of traps expands as nesting depth increases. This paper presents a technique to reconcile the lack of hardware support on available hardware with efficiency. It solves the problem of a single nested trap expanding into many more trap instructions, which allows efficient virtualization without architectural support.<br />
<br />
More specifically, virtualization deals with how to share the resources of the computer between multiple guest operating systems. Nested virtualization must share these resources between multiple guest operating systems and guest hypervisors. The authors acknowledge the CPU, memory, and IO devices as the three key resources that they need to share. Combining this, the paper presents a solution to the problem of how to multiplex the CPU, memory, and IO efficiently between multiple virtual operating systems and hypervisors on a system which has no architectural support for nested virtualization.<br />
<br />
=Contribution=<br />
What are the research contribution(s) of this work? Specifically, what are the key research results, and what do they mean? (What was implemented? Why is it any better than what came before?)<br />
<br />
<br />
The non stop evolution of computers entices intricate designs that are virtualized and harmonious with cloud computing. The paper contributes to this belief by allowing consumers and users to inject machines with '''their''' choice of hypervisor/OS combination that provides grounds for security and compatibility. The sophisticated abstractions presented in the paper such as shadow paging and isolation of a single OS resources authorize programmers for further development and ideas which use this infrastructure. For example the paper Accountable Virtual Machines wraps programs around a particular state VM which could most definitely be placed on a separate hypervisor for ideal isolation.<br />
<br />
==Theory==<br />
<br />
==CPU Virtualization==<br />
How does the Nest VMX virtualization work for the turtle project: L0(the lowest most hypervisor) runs L1 with VMCS0->1(virtual machine control structure).The VMCS is the fundamental data structure that hypervisor per pars, describing the virtual machine, which is passed along to the CPU to be executed. L1(also a hypervisor) prepares VMCS1->2 to run its own virtual machine which executes vmlaunch. vmlaunch will trap and L0 will have the handle the tape because L1 is running as a virtual machine do to the fact that L0 is using the architectural mod for a hypervisor. So in order to have multiplexing happen by making L2 run as a virtual machine of L1. So L0 merges VMCS's; VMCS0->1 merges with VMCS1->2 to become VMCS0->2(enabling L0 to run L2 directly). L0 will now launch a L2 which cause it to trap. L0 handles the trap itself or will forward it to L1 depending if it L1 virtual machines responsibility to handle. The way it handles a single L2 exit, L1 need to read and write to the VMCS disable interrupts which wouldn't normally be a problem but because it running in guest mode as a virtual machine all the operation trap leading to a signal high level L2 exit or L3 exit causes many exits(more exits less performance). Problem was corrected by making the single exit fast and reduced frequency of exits with multi-dimensional paging. In the end L1 or L0 base on the trap will finish handling it and resumes L2. this Process is repeated over again contentiously. -csulliva<br />
<br />
==Memory virtualization==<br />
<br />
How Multi-dimensional paging work on the turtel project. The main idea with n = 2 nest virtualization there are three logical translations: L2 to Virtual to physical address, from an L2 physical to L1 physical and form a L1 physical to L0 physical address. 3 levels of translations however there is only 2 MMU page table in the Hardware that called EPT; which takes virtual to physical and guest physical to host physical. They compress the 3 translations onto the two tables going from the being to end in 2 hopes instead of 3. This is done by shadow page table for the virtual machine and shadow-on-EPT. The Shadow-on-EPT compress three logical translations to two pages. The EPT tables rarely changer were the guest page table changes frequently. L0 emulates EPT for L1 and it uses EPT0->1 and EPT1->2 to construct EPT0->2. this process results in less Exits.<br />
<br />
==I/O virtualization==<br />
==Macro optimizations==<br />
<br />
=Critique=<br />
<br />
=== The good ===<br />
<br />
<br />
<br />
<br />
=== The bad ===<br />
<br />
<br />
<br />
=== The style of paper ===<br />
<br />
The paper presents an elaborate description of the concept of nested virtualization in a very specific manner. It does a good job to convey the technical details. Depending on the level of enlightenment towards the background knowledge it appears very complex and personally it required quite some research before my fully delving into the theory of the design. For instance the paragraph 4.1.2 "Impact of Multidimensional paging" attempts to illustrate the technique by an example with terms such as ETP and L1. All in all, the provided video highly in depth increased my awareness in the subject of nested hypervisors.<br />
<br />
=== Conclusion ===<br />
<br />
Bottom line, the research showed in the paper is the first to achieve efficient x86 nested-virtualization without altering the hardware, relying on software-only techniques and mechanisms. They also won the Jay Lepreau best paper award.<br />
<br />
=References=<br />
[1] Tanenbaum, Andrew (2007).'' Modern Operating Systems (3rd edition)'', page 569.</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=COMP_3000_Essay_2_2010_Question_9&diff=6552COMP 3000 Essay 2 2010 Question 92010-12-02T22:53:41Z<p>Csulliva: /* CPU Virtualization */</p>
<hr />
<div>'''''Go to discussion for group members confirmation, general talk and paper discussions.'''''<br />
<br />
<br />
=Paper=<br />
<br />
<center><big><big>'''"The Turtles Project: Design and Implementation of Nested Virtualization"'''</big></big></center><br />
<br />
'''Authors:'''<br />
* Muli Ben-Yehuday + <br />
* Michael D. Day ++ <br />
* Zvi Dubitzky + <br />
* Michael Factor + <br />
* Nadav Har’El + <br />
* Abel Gordon +<br />
* Anthony Liguori ++<br />
* Orit Wasserman +<br />
* Ben-Ami Yassour +<br />
<br />
'''Research labs:'''<br />
<br />
+ IBM Research – Haifa<br />
<br />
++ IBM Linux Technology Center<br />
<br />
<br />
'''Website:''' http://www.usenix.org/events/osdi10/tech/full_papers/Ben-Yehuda.pdf<br />
<br />
'''Video presentation:''' http://www.usenix.org/multimedia/osdi10ben-yehuda [Note: username and password are required for entry]<br />
<br />
<br />
=Background Concepts=<br />
<br />
Before we delve into the details of our research paper, its essential that we provide some insight and background to the concepts <br />
and notions discussed by the authors.<br />
<br />
===Virtualization===<br />
<br />
In essence, virtualization is creating an emulation of the underlying hardware for a guest operating system, program or a process to operate on. [1] Usually referred to as a virtual machine, this emulation usually consists of a guest hypervisor and a virtualized environment, giving the guest operating system the illusion that its running on the bare hardware. But the reality is, we're running the virtual machine as an application on the host OS.<br />
<br />
The term virtualization has become rather broad, associated with a number of areas where this technology is used like data virtualization, storage virtualization, mobile virtualization and network virtualization. For the purposes and context of our assigned paper, we shall focus our attention on hardware virtualization within the context of operating systems.<br />
<br />
====Hypervisor==== <br />
Also referred to as VMM (Virtual machine monitor), is a software module that exists one level above the supervisor and runs directly on the bare hardware to monitor the execution and behaviour of the guest virtual machines. The main task of the hypervior is to provide an emulation of the underlying hardware (CPU, memory, I/O, drivers, etc.) to the guest virtual machines and to take care of the possible issues that may rise due to the interaction of those guests among one another, and with the host hardware and operating system. It also controls host resources.<br />
<br />
====Nested virtualization====<br />
The concept of recursively running one virtual machine inside another. For instance, the main operating system (L1) runs a VM called L2. In turn, L2 runs another VM L3; L3 then runs L4 and so on.<br />
[[File:VirtualizationDiagram-MH.png|thumb|right|Nested virtualization|left|400px]]<br />
<br />
====Para-virtualization====<br />
A virtualization model that requires the guest OS kernel to be modified in order to have some direct access to the host hardware. In contrast to full-virtualization that we discussed in the beginning of the article, para-virtualization does not simulate the entire hardware, it rather relies on a software interface that we must implement in the guest so that it can have some privileged hardware access via special instructions called hypercalls. The advantage here is that we have less environment switches and interaction between the guest and host hypervisors, thus more efficiency. However, portability is an obvious issue, since a system can be para-virtualized to be compatible with only one hypervisor. Another thing to note is that some operating systems such as Windows don't support para-virtualization.<br />
<br />
===Models of virtualization===<br />
<br />
=====Trap and emulate model=====<br />
A model of virtualization based on the idea that when a guest hypervisor attempts to execute higher level instructions like creating its own virtual machine, it triggers a trap or a fault which gets handled or caught by the host hypervisor. Based on the hardware model of virtualization support, the host hypervisor (L0) then determines whether it should handle the trap or whether it should forwards it to the the responsible parent of that guest hypervisor at a higher level.<br />
<br />
====Protection rings====<br />
In modern operating system, there are four levels of access privilge, called Rings, that range from 0 to 4.<br />
Ring 0 is the most privilged level, allowing access to the bare hardware components. The operating system kernel must <br />
execute at Ring 0 in order to access the hardware and secure control. User programs execute at Ring 3. Ring 1 and Ring 2 are dedciated to device drivers and other operations.<br />
<br />
In virtualization, the host hypervisor executes at Ring 0. While the guest virtual machine executes at Ring 3 because its treated as a running application. This is why when a virtual machine attempts to gain hardware privilges or executes higher level instructions, a trap occurs and the hypervisor comes into play and handles the trap.<br />
<br />
====Models of hardware support====<br />
<br />
=====Multiple-level architecture=====<br />
Every parent hypervisor handles every other hypervisor running on top of it. For instance, assume that L0 (host hypervisor) runs the VM L1. When L1 attempts to execute a privileged instruction and a trap occurs, then the parent of L1, which is L0 in this case, will handle the trap. If L1 runs L2, and L2 attempts to execute privileged instructions as well, then L1 will act as the trap handler. More generally, every parent hypervisor at level Ln will act as a trap handler for its guest VM at level Ln+1. This model is not supported by the x86 based systems that are discussed in our research paper.<br />
<br />
=====Single-level architecture=====<br />
The model supported by x86 based systems. In this model, everything must go back to the main host hypervisor at the L0 level. For instance, if the host hypervisor (L0) runs L1, when L1 attempts to run its own virtual machine L2, this will trigger a trap that goes down to L0. Then L0 sends the result of the requested instruction back to L1. Generally, a trap at level Ln will be handled by the host hypervisor at level L0 and then the resulting emulated instruction goes back to Ln.<br />
<br />
===The uses of nested virtualization===<br />
<br />
====Compatibility====<br />
A user can run an application thats not compatible with the existing or running OS as a virtual machine. Operating systems could also provide the user a compatibily mode of other operating systems or applications, an example of this is the Windows XP mode thats available in Windows 7, where Windows 7 runs Windows XP as a virtual machine.<br />
<br />
====Cloud computing====<br />
A cloud provider, more fomally referred to as Infrastructure-as-a-Service (IAAS) provider, could use nested virtualization to give the ability to customers to host their own preferred user-controlled hypervisors and run their virtual machines on the provider hardware. This way both sides can benefit, the provider can attract customers and the customer can have freedom implementing its system on the host hardware without worrying about compatibility issues.<br />
<br />
The most well known example of an IAAS provider is Amazon Web Services (AWS). AWS presents a virtualized platform for other services and web sites to host their API and databases on Amazon's hardware.<br />
<br />
====Security==== <br />
We can also use nested virtualization for security purposes. One common example is virtual honeypots. A honeypot is basically a hollow program or network that appears to be functioning to outside users, but in reality, its only there as a security tool to watch or trap hacker attacks. By using nested virtualization, we can create a honeypot of our system as virtual machines and see how our virtual system is being attacked or what kind of features are being exploited. We can take advantage of the fact that those virtual honeypots can easily be controlled, manipulated, destroyed or even restored.<br />
<br />
====Migration/Transfer of VMs====<br />
Nested virtualization can also be used in live migration or transfer of virtual machines in cases of upgrade or disaster <br />
recovery. Consider a scenarion where a number of virtual machines must be moved to a new hardware server for upgrade, instead of having to move each VM sepertaely, we can nest those virtual machines and their hypervisors to create one nested entity thats easier to deal with and more manageable.<br />
In the last couple of years, virtualization packages such as VMWare and VirtualBox have adapted this notion of live migration and developed their own embedded migration/transfer agents.<br />
<br />
====Testing====<br />
Using virtual machines is convenient for testing, evaluation and bechmarking purposes. Since a virtual machine is essentially<br />
a file on the host operating system, if corrupted or damaged, it can easily be removed, recreated or even restored since we can<br />
can create a snapshot of the running virtual machine.<br />
<br />
<br />
<br />
=Research problem=<br />
<br />
'''Rough version. Let me know of any comments/improvements that can be made on the talk page'''--[[User:Mbingham|Mbingham]] 19:51, 30 November 2010 (UTC)<br />
<br />
Nested virtualization has been studied since the mid 1970s (see paper citations 21,22 and 36). Early reasearch in the area assumes that there is hardware support for nested virtualization. Actual implementations of nested virtualization, such as the z/VM hypervisor in the early 1990s, also required architectural support. Other solutions assume the hypervisors and operating systems being virtualized have been modified to be compatabile with nested virtualization. There have also recently been software based solutions (see citation 12), however these solutions suffer from significant performance problems.<br />
<br />
The main barrier to having nested virtualization without architectural support is that, as you increase the levels of virtualization, the numer of control switches between different levels of hypervisors increases. A trap in a highly nested virtual machine first goes to the bottom level hypervisor, which can send it up to the second level hypervisor, which can in turn send it up (or back down), until it potentially in the worst case reaches the hypervisor that is one level below the virtual machine itself. The trap instruction can be bounced between different levels of hypervisor, which results in one trap instruction multiplying to many trap instructions. <br />
<br />
Generally, solutions that requie architectural support and specialized software for the guest machines are not practically useful because this support does not always exist, such as on x86 processors. Solutions that do not require this suffer from significant performance costs because of how the number of traps expands as nesting depth increases. This paper presents a technique to reconcile the lack of hardware support on available hardware with efficiency. It solves the problem of a single nested trap expanding into many more trap instructions, which allows efficient virtualization without architectural support.<br />
<br />
More specifically, virtualization deals with how to share the resources of the computer between multiple guest operating systems. Nested virtualization must share these resources between multiple guest operating systems and guest hypervisors. The authors acknowledge the CPU, memory, and IO devices as the three key resources that they need to share. Combining this, the paper presents a solution to the problem of how to multiplex the CPU, memory, and IO efficiently between multiple virtual operating systems and hypervisors on a system which has no architectural support for nested virtualization.<br />
<br />
=Contribution=<br />
What are the research contribution(s) of this work? Specifically, what are the key research results, and what do they mean? (What was implemented? Why is it any better than what came before?)<br />
<br />
<br />
The non stop evolution of computers entices intricate designs that are virtualized and harmonious with cloud computing. The paper contributes to this belief by allowing consumers and users to inject machines with '''their''' choice of hypervisor/OS combination that provides grounds for security and compatibility. The sophisticated abstractions presented in the paper such as shadow paging and isolation of a single OS resources authorize programmers for further development and ideas which use this infrastructure. For example the paper Accountable Virtual Machines wraps programs around a particular state VM which could most definitely be placed on a separate hypervisor for ideal isolation.<br />
<br />
==Theory==<br />
<br />
==CPU Virtualization==<br />
How does the Nest VMX virtualization work for the turtle project: L0(the lowest most hypervisor) runs L1 with VMCS0->1(virtual machine control structure).The VMCS is the fundamental data structure that hypervisor per pars, describing the virtual machine, which is passed along to the CPU to be executed. L1(also a hypervisor) prepares VMCS1->2 to run its own virtual machine which executes vmlaunch. vmlaunch will trap and L0 will have the handle the tape because L1 is running as a virtual machine do to the fact that L0 is using the architectural mod for a hypervisor. So in order to have multiplexing happen by making L2 run as a virtual machine of L1. So L0 merges VMCS's; VMCS0->1 merges with VMCS1->2 to become VMCS0->2(enabling L0 to run L2 directly). L0 will now launch a L2 which cause it to trap. L0 handles the trap itself or will forward it to L1 depending if it L1 virtual machines responsibility to handle. The way it handles a single L2 exit, L1 need to read and write to the VMCS disable interrupts which wouldn't normally be a problem but because it running in guest mode as a virtual machine all the operation trap leading to a signal high level L2 exit or L3 exit causes many exits(more exits less performance). Problem was corrected by making the single exit fast and reduced frequency of exits with multi-dimensional paging. In the end L1 or L0 base on the trap will finish handling it and resumes L2. this Process is repeated over again contentiously. -csulliva<br />
<br />
==Memory virtualization==<br />
==I/O virtualization==<br />
==Macro optimizations==<br />
<br />
=Critique=<br />
<br />
=== The good ===<br />
<br />
<br />
<br />
<br />
=== The bad ===<br />
<br />
<br />
<br />
=== The style of paper ===<br />
<br />
The paper presents an elaborate description of the concept of nested virtualization in a very specific manner. It does a good job to convey the technical details. Depending on the level of enlightenment towards the background knowledge it appears very complex and personally it required quite some research before my fully delving into the theory of the design. For instance the paragraph 4.1.2 "Impact of Multidimensional paging" attempts to illustrate the technique by an example with terms such as ETP and L1. All in all, the provided video highly in depth increased my awareness in the subject of nested hypervisors.<br />
<br />
=== Conclusion ===<br />
<br />
Bottom line, the research showed in the paper is the first to achieve efficient x86 nested-virtualization without altering the hardware, relying on software-only techniques and mechanisms. They also won the Jay Lepreau best paper award.<br />
<br />
=References=<br />
[1] Tanenbaum, Andrew (2007).'' Modern Operating Systems (3rd edition)'', page 569.</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:COMP_3000_Essay_2_2010_Question_9&diff=6113Talk:COMP 3000 Essay 2 2010 Question 92010-12-02T03:11:29Z<p>Csulliva: /* Implementation */</p>
<hr />
<div>=Group members=<br />
<br />
* Munther Hussain<br />
* Jonathon Slonosky<br />
* Michael Bingham<br />
* Chris Sullivan<br />
* Pawel Raubic<br />
<br />
=Group work=<br />
* Background concepts: Munther Hussain<br />
* Research problem: Michael Bingham<br />
* Contribution:<br />
* Critique:<br />
<br />
<br />
=General discussion=<br />
<br />
Hey there, this is Munther. The prof said that we should be contacting each other to see whos still on board for the course. So please<br />
if you read this, add your name to the list of members above. You can my find my contact info in my profile page by clicking my signature. We shall talk about the details and how we will approach this in the next few days --[[User:Hesperus|Hesperus]] 16:41, 12 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in -- JSlonosky<br />
<br />
----------------------<br />
<br />
Pawel has already contacted us so he still in for the course, that makes 3 of us. The other three members, please drop in and add your name. We need to confirm the members today by 1:00 pm. --[[User:Hesperus|Hesperus]] 12:18, 15 November 2010 (UTC)<br />
<br />
----------------------<br />
<br />
Checked in --[[User:Mbingham|Mbingham]] 15:08, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in --[[User:Smcilroy|Smcilroy]] 17:03, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
To the person above me (Smcilroy): I can see that you're assigned to group 7 and not this one. So did the prof move you to this group or something ? We haven't confirmed or emailed the prof yet, I will wait until 1:00 pm. --[[User:Hesperus|Hesperus]] 17:22, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
Alright, so I just emailed the prof the list of members that have checked in so far (the names listed above plus Pawel Raubic),<br />
Smcilroy: I still don't know whether you're in this group or not, though I don't see your name listed in the group assignments on the course webpage. To the other members: if you're still interested in doing the course, please drop in here and add your name or even email me, you can find my contact info in my profile page(just click my signature).<br />
<br />
Personally speaking, I find the topic of this article (The Turtle Project) to be quite interesting and approachable, in fact we've<br />
already been playing with VirtualBox and VMWare and such things, so we should be familiar with some of the concepts the article<br />
approaches like nested-virtualization, hypervisors, supervisors, etc, things that we even covered in class and we can in fact test on our machines. I've already started reading the article, hopefully tonight we'll start posting some basic ideas or concepts and talk about the article in general. I will be in tomorrow's tutorial session in the 4th floor in case some of you guys want to get to know one another. --[[User:Hesperus|Hesperus]] 18:43, 15 November 2010 (UTC)<br />
-----<br />
Yeah, it looks pretty good to me. Unfortunately, I am attending Ozzy Osbourne on the 25th, so I'd like it if we could get ourselves organized early so I can get my part done and not letting it fall on you guys. Not that I would let that happen --JSlonosky 02:51, 16 November 2010 (UTC)<br />
-----<br />
Why waste your money on that old man ? I'd love to see Halford though, I'm sure he'll do some classic Priest material, haven't checked the new record yet, but the cover looks awful, definitely the worst and most ridiculous cover of the year. Anyways, enough music talk. I think we should get it done at least on 24th, we should leave the last day to do the editing and stuff. I removed Smcilroy from the members list, I think he checked in here by mistake because I can see him in group 7. So far, we're 5, still missing one member. --[[User:Hesperus|Hesperus]] 05:36, 16 November 2010 (UTC)<br />
-----<br />
Yeah that would be pretty sweet. I figured I might as well see him when I can; Since he is going to be dead soon. How is he not already? Alright well, the other member should show up soon, or I'd guess that we are a group of 5. --JSlonosky 16:37, 16 November 2010 (UTC)<br />
<br />
-----<br />
Hey dudes. I think we need to get going here.. the paper is due in 4 days. I just did the paper intro section (provided the title, authors, research labs, links, etc.). I have read the paper twice so far and will be spending the whole day working on the background concepts and the research problem sections. <br />
<br />
I'm still not sure on how we should divide the work and sections among the members, especially regarding the research contribution and critique, I mean those sections should not be based or written from the perspective of one person, we all need to work and discuss those paper concepts together.<br />
<br />
If anyone wants to add something, then please add but don't edit or alter the already existing content. Lets try to get as many thoughts/ideas as possible and then we will edit and filter the redundancy later. And lets make sure that we add summary comments to our edits to make it easier to keep track of everything.<br />
<br />
Also, we're still missing one member: Shawn Hansen. Its weird because on last Wednesday's lab, the prof told me that he attended the lab and signed his name, so he should still be in the course. --[[User:Hesperus|Hesperus]] 18:07, 21 November 2010 (UTC)<br />
<br />
---------<br />
Yeah man. We really do need to get on this. Not going to ozzy so I got free time now. I am reading it again to refresh my memory of it and will put notes of what I think we can criticize about it and such. What kind of references do you think we will need? Similar papers etc?<br />
If you need to a hold of me. Best way is through email. jslonosk@connect.Carleton.ca. And if that is still in our group but doesn't participate, too bad for him--JSlonosky 14:42, 22 November 2010 (UTC)<br />
----------<br />
The section on the related work has all the things we need to as far as other papers go. Also, I was able to find other research papers that are not mentioned in the paper. I will definitely be adding those paper by tonight. For the time being, I will handle the background concepts. I added a group work section below to keep track of whos doing what. I should get the background concept done hopefully by tonight. If anyone want to help with the other sections that would be great, please add your name to the section you want to handle below.<br />
<br />
I added a general paper summary below just to illustrate the general idea behind each section. If anybody wants to add anything, feel free to do so. --[[User:Hesperus|Hesperus]] 18:55, 22 November 2010 (UTC)<br />
-----------<br />
I remember the prof mentioned the most important part of the paper is the Critique so we gotta focus on that altogether not just one person for sure.--[[User:Praubic|Praubic]] 19:22, 22 November 2010 (UTC)<br />
<br />
-------------<br />
Yeah absloutely, I agree. But first, lets pin down the crucial points. And then we can discuss them collectively. If anyone happens to come across what he thinks is good or bad, then you can add it below to the good/bad points. Maybe the group work idea is bad, but I just thought maybe if we each member focuses on a specific part in the beginning, we can maybe have a better overall idea of what the paper is about. --[[User:Hesperus|Hesperus]] 19:42, 22 November 2010 (UTC)<br />
--------------<br />
Ok, another thing I figured is that the paper doesn't directly hint at why nested virtualization is necessary? I posted a link in references and I'l try to research more into the purpose of nested virtualization.--[[User:Praubic|Praubic]] 19:45, 22 November 2010 (UTC)<br />
--------------<br />
Actually the paper does talk about that. Look at the first two paragraphs in the introduction section of the paper on page 1. But you're right, they don't really elaborate, I think its because its not the purpose or the aim of the paper in the first place. --[[User:Hesperus|Hesperus]] 20:31, 22 November 2010 (UTC) <br />
--------------<br />
The stuff that Michael provided are excellent. That was actually what I was planning on doing. I will start by defining virtualization, hypervisors, computer ring security, the need and uses of nested virtualization, the models, etc. --[[User:Hesperus|Hesperus]] 22:14, 22 November 2010 (UTC)<br />
-------------<br />
So here my question who doing what in the group work and where should I focus my attention to do my part?- Csulliva<br />
-------------<br />
I have posted few things regarding the background concepts on the main page. I will go back and edit it today and talk about other things like: nested virtualization, the need and advantages of NV, the models, the trap and emulate model of x86 machines, computer paging which is discussed in the paper, computer ring security which again they touch on at some point in the paper. I can easily move some of the things I wrote in the theory section to the main page, but I want to consult the prof first on some of those things.<br />
<br />
One thing that I'm still unsure of is how far should we go here ? should we provide background on the hardware architecture used by the authors like the x86 family and the VMX chips, or maybe some of the concepts discussed later on in the testing such as optimization, emulation, para-virtualization ?<br />
<br />
I will speak and consult the prof today after our lecture. If other members want to help, you guys can start with the related work and see how the content of the paper compares to previous or even current research papers. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
------------------------<br />
In response to what Michael mentioned above in the background section: we should definitely talk about that, from what I understood, they apply the same model (the trap and emulate) but they provide optimizations and ways to increase the trap calls efficiency between the nested environments, so thats definitely a contribution, but its more of a performance optimization kind of contribution I guess, which is why I mentioned the optimizations in the contribution section below. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
---------------------------<br />
'''Ok, so for those who didn't attend today's lecture, the prof was nice enough to give us an extension for the paper, the due date now is Dec 2nd.''' And thats really good, given that some of those concepts require time to sort of formulate. I also asked the prof on the approach that we should follow in terms of presenting the material, and he mentioned that you need to provide enough information for each section to make your follow student understand what the paper is about without them having to actually read the paper or go through it in detail. He also mentioned the need to distill some of the details, if the paper spends a whole page explaining multi-dimensional paging, we should probably explain that in 2 small paragraphs or something.<br />
<br />
Also, we should always cite resources. If the resource is a book, we should cite the page number as well. --[[User:Hesperus|Hesperus]] 15:16, 23 November 2010 (UTC)<br />
---------------------------<br />
Yeah I am really thankful he left us with another week to do it. I am sure we all have at least 3 projects due soon, other than this Essay. I'll type up the stuff that I had highlighted for Tuesday as a break tomorrow. I was going to do it yesterday but he gave us an extension, so I slacked off a bit. I also forgot :/ --JSlonosky 23:43, 24 November 2010 (UTC)<br />
---------------------------<br />
Hey dudes. I have posted the first part of the backgrounds concept here in the discussion and on the main page as well. This is just a rough version, so I will be constantly expanding it and adding resources later on today. I have also created and added a diagram for illustration, as far as I know, we should be allowed to do this. If anyone have any suggestions to what I have posted or any counter arguments, please discuss. I will also be moving some of the stuff I wrote here (the theory section) to the main page as well.<br />
<br />
Regarding the critique, I guess the excessive amount of exits can somehow be seen as a '''scalability''' constraint, maybe making the overall design somehow too complex or difficult to get a hold of, I'm not sure about this, but just guessing from a general programming point of view. I will email the prof today, maybe he can give us some hints for what can be considered a weakness or a bad spot if you will in the paper. <br />
<br />
Also, we're still missing the sixth member of the group: Shawn Hansen. --[[User:Hesperus|Hesperus]] 06:57, 29 November 2010 (UTC)<br />
<br />
----------------------------<br />
<br />
Hey guys. I can start working on the research problem part of the essay. I'll put it up here when I have a rough version than move it to the actual article. As for the critique section, how about we put a section on the talk page here and people can add in what they thought worked/didn't work with some explanation/references, and then we can get someone/some people to combine it and put it in the essay? <br />
--[[User:Mbingham|Mbingham]] 18:13, 29 November 2010 (UTC)<br />
<br />
----------------------------<br />
<br />
Yea really, great work on the Background. It's looking slick. I added some initial edit in the Contribution and Critique but I agree lets open a thread here and All collaborate. --[[User:Praubic|Praubic]] 18:24, 30 November 2010 (UTC)<br />
----------------------------<br />
<br />
Nice man. Sorry I haven't updated with anything that I have done yet, but I'll have it up later today or tomorrow. I got both an Essay and game dev project done for tomorrow, so after 1 I will be free to work on this until it is time for 3004--JSlonosky 13:41, 30 November 2010 (UTC)<br />
<br />
----------------------------<br />
<br />
I put up an initial version of the research problem section in the article. Let me know what you guys think. --[[User:Mbingham|Mbingham]] 19:53, 30 November 2010 (UTC)<br />
<br />
----------------------------<br />
Hey guys. Since I'm working on the backgrounds concepts and Michael is handling the research problem. The other members should handle the contribution part. I think everything we need for the contribution section is in section 3 of the article (3.1, 3.2, 3.3, 3.4, 3.5). You can also make use of the things we posted here. Just to be on the safe side, we need to get this done by tomorrow's night. I'm working on a couple of definitions as we speak and will hopefully be done by tomorrow's morning.<br />
<br />
PS: We should leave the critique to the end, there should not be a lot of writing for that part and we must all contribute.<br />
<br />
--[[User:Hesperus|Hesperus]] 01:45, 1 December 2010 (UTC)<br />
-----------------------------<br />
Just posted other bits that were missing in the backgrounds concepts section like the security uses, models of virtualization and para-virtualization. They're just a rough version however. I will edit them in the next few hours.I just need to write something for protection rings and that would be it I guess.<br />
<br />
I can help with the other sections for the rest of the day, I will try to post some summaries for performance and implementation or even the related work. --[[User:Hesperus|Hesperus]] 07:26, 1 December 2010 (UTC)<br />
<br />
-----------------------------<br />
Guys, we need to get moving here.. The contribution section still needs a lot. We need to talk about their innovations and the things they did there:<br />
CPU virtualization, Memory virtualization, I/O virtualization and the Macro-optimizations.<br />
<br />
I will be posting something regarding this in the next few hours. --[[User:Hesperus|Hesperus]] 22:53, 1 December 2010 (UTC)<br />
<br />
-----------------------------<br />
<br />
I have looked over the paper again and I am wondering about some things. How are we to critique it? By their methods, or by the paper itself?<br />
I find that in the organization of the paper, they give you the links and extra information to look more in depth on such things like the VMC technology, but they almost use that as an excuse for not explaining things in the paper.<br />
The VMC(0 ->1) annotation that isn't explained. I understand what they mean, but it seems that they assume that you already know some things. --JSlonosky 03:03, 2 December 2010 (UTC)<br />
<br />
=Paper summary=<br />
==Background Concepts and Other Stuff==<br />
<br />
<br />
<br />
<br />
<br />
<br />
===Virtualization===<br />
<br />
In essence, virtualization is creating an emulation of the underlying hardware for a guest operating system, program or a process to operate on. [1] Usually referred to as virtual machine, this emulation which includes a guest hypervisor and a virtualized environment, only gives an illusion to the guest virtual machine to make it think that its running directly on the main hardware. In other words, we can view this virtual machine as an application running on the host OS.<br />
<br />
The term virtualization has become rather broad, associated with a number of areas where this technology is used like data virtualization, storage virtualization, mobile virtualization and network virtualization. For the purposes and context of our assigned paper, we shall focus our attention on hardware virtualization within operating systems environments.<br />
<br />
====Hypervisor==== <br />
Also referred to as VMM (Virtual machine monitor), is a software module that exists one level above the supervisor and runs directly on the bare hardware to monitor the execution and behaviour of the guest virtual machines. The main task of the hypervior is to provide an emulation of the underlying hardware (CPU, memory, I/O, drivers, etc.) to the guest virtual machines and to take care of the possible issues that may rise due to the interaction of those guest virtual machines among one another, and the interaction with the host hardware and operating system. It also controls host resources.<br />
<br />
====Nested virtualization====<br />
Nested virtualization is the concept of recursively running one or more virtual machines inside one another. For instance, the main operating system (L1) runs a VM called L2, in turn, L2 runs another VM L3, L3 then runs L4 and so on.<br />
<br />
====Para-virtualization====<br />
[Coming....]<br />
<br />
<br />
===Trap and emulate model===<br />
A vitualization model based on the idea that when a guest hypervisor attempts to execute, gain or access privilged hardware context, it triggers a trap or a fault which gets handled or caught by the host hypervisor. The host hypervisor then determines whether this instruction should be allowed to execute or not. Then based on that, the host hypervisor provides an emulation of the requested outcome to the guest hypervisor. The x86 systems discussed in the Turtles Project research paper follows this model.<br />
<br />
===The uses of nested virtualization===<br />
<br />
====Compatibility====<br />
A system could provide the user with a compatibility mode for other operatng systems or applications. An example of this would<br />
be the Windows XP mode thats available in Windows 7, where Windows 7 runs Windows XP as a virtual machine.<br />
<br />
====Cloud computing====<br />
A cloud provider, more fomally referred to as Infrastructure-as-a-Service (IAAS) provider, could use nested virtualization to give the ability to customers to host their own preferred user-controlled hypervisors and run their virtual machines on the provider hardware. This way both sides can benefit, the provider can attract customers and the customer can have freedom implementing its system on the host hardware without worrying about compatibility issues.<br />
<br />
The most well known example of an IAAS provider is Amazon Web Services (AWS). AWS presents a virtualized platform for other services and web sites such as NetFlix to host their API and database on Amazon's hardware.<br />
<br />
====Security==== <br />
[Coming...]<br />
<br />
====Migration/Transfer of VMs====<br />
Nested virtualization can also be used in live migration or transfer of virtual machines in cases of upgrade or disaster <br />
recovery. Consider a scenarion where a number of virtual machines must be moved to a new hardware server for upgrade, instead of having to move each VM sepertaely, we can nest those virtual machines and their hypervisors to create one nested entity thats easier to deal with and more manageable.<br />
In the last couple of years, virtualization packages such as VMWare and VirtualBox have adapted this notion of live migration and developed their own embedded migration/transfer agents.<br />
<br />
====Testing====<br />
Using virtual machines is convenient for testing, evaluation and bechmarking purposes. Since a virtual machine is essentially<br />
a file on the host operating system, if corrupted or damaged, it can easily be removed, recreated or even restored since we can<br />
can create a snapshot of the running virtual machine.<br />
<br />
===Protection rings===<br />
[Coming....]<br />
<br />
<br />
EDIT: Just noticed that someone has put their name down to do the background concept stuff, so Munther feel free to use this as a starting point if you like.<br />
<br />
The above looks good. I thought id maybe start touching on some of the sections, so let me know what you guys think. Heres what I think would be useful to go over in the Background Concepts section:<br />
<br />
* Firstly, nested virtualization. Why we use nested virtualization (paper gives example of XP inside win 7). Maybe going over the trap and emulate model of nested virtualization.<br />
* Some of the terminology of nested virtualization. The difference between guest/host hypervisors (we're already familiar with guest/host OSs), the terminology of L0, ..., Ln with L0 being the bottom hypervisor, etc<br />
* x86 nested virtualization limitations. Single level architecture, guest/host mode, VMX instructions and how to emulate them. Some of this is in section 3.2of the paper.<br />
<br />
Again, anything else you guys think we should add would be great.<br />
<br />
Commenting some more on the above summary, under the "main contributions" part, do you think we should count the nested VMX virtualization part as a contribution? If we have multiplexing memory and multiplexing I/O as a main contribution, it would seem to make sense to have multiplexing the CPU as well, especially within the limitations of the x86 architecture. Unless they are using someone else's technique for virtualizing these instructions.--[[User:Mbingham|Mbingham]] 21:16, 22 November 2010 (UTC)<br />
==Research problem==<br />
The paper provides a solution for Nested-virtualization on x86 based computers. Their approach is software-based, meaning that, they're not really altering the underlying architecture, and this is basically the most interesting thing about the paper, since x86 computers don't support nested-virtualization in terms of hardware, but apparently they were able to do it.<br />
<br />
<br />
The goal of nested virtualization and multiple host hypervisors comes down to efficiency. Example: Virtualization on servers has been rapidly gaining popularity. The next evolution step is to extend a single level of memory management virtualization support to handle nested virtualization, which is critical for ''high performance''. [1]<br />
<br />
'''How does the concept apply to the quickly developing cloud computing?'''<br />
<br />
Cloud user manages his own virtual machine directly through a hypervisor of choice. In addition it provides increased security by hypervicsor-level intrusion detection.<br />
<br />
==Related work==<br />
<br />
Comparisons with other related/similar research and work:<br />
<br />
Refer to the following website and to the related work section in the paper regarding this section: <br />
http://www.spinics.net/lists/kvm/msg43940.html<br />
<br />
[This is a forum post by one of the authors of our assigned paper where he talks about more recent research work on virtualization, particularly in his first paragraph, he refers to some more recent research by the VMWare technical support team. He also talks about some of the research papers referred to in our assigned paper.] <br />
<br />
<br />
==Theory (Section 3.1)== <br />
<br />
Apparently, theres 2 models to applying nested-virtualization:<br />
<br />
* Multiple-level architecture support: where every hypervisor handles every other hypervisor running on top of it. For instance, if L0 (host hypervisor) runs L1. If L1 attempts to run L2, then the trap handling and the work needed to be done to allow L1 to instantiate a new VM is handled by L0. More generally, if L2 attempts to created its own VM, then L1 will handle the trap handling and such.<br />
<br />
* Single-level architecture support: This is the model supported by the x86 machines. This model is tied into the concept of "Trap and emulate", where every hypervisor tries to emulate the underlying hardware (the VMX chip in the paper implementation) and presents a fake ground for the hypervisor running on top of it (the guest hypervisor) to operate on, letting it think that he's running on the actual hardware. The idea here is that in order for a guest hypervisor to operate and gain hardware-level privileges, it evokes a fault or a trap, this trap or fault is then handled or caught by the main host hypervisor and then inspected to see if its a legitimate or appropriate command or request, if it is, the host gives privilige to the guest, again having it think that its actually running on the main bare-metal hardware.<br />
<br />
In this model, everything must go back to the main host hypervisor. Then the host hypervisor forwards the trap and virtualization specification to the above-level involved or responsible. For instance, if L0 runs L1. Then L1 attempts to run L2. Then the command to run L2 goes down to L0 and then L0 forwards this command to L1 again. This is the model we're interested in because this what x86 machines basically follow. Look at figure 1 in the paper for a better understanding of this.<br />
<br />
==Main contribution==<br />
The paper propose two new-developed techniques:<br />
* Multi-dimensional paging (for memory virtualization)<br />
* Multiple-level device management (for I/O virtualization)<br />
<br />
Other contributions:<br />
* Micro-optimizations to improve performance.<br />
<br />
==Implementation==<br />
The turtle project has four components that is crucial to its implementation.<br />
* Nested VMX virtualization for nested CPU virtualization<br />
* Multi-dimensional paging for nested MMU virtualization<br />
* Multi-level device assignment for nested I/O virtualization<br />
* Micro-Optimizations to make it go faster<br />
<br />
How does the Nest VMX virtualization work:<br />
L0(the lowest most hypervisor) runs L1 with VMCS0->1(virtual machine control structure).The VMCS is the fundamental data structure that hypervisor per pars, describing the virtual machine, which is passed along to the CPU to be executed. L1(also a hypervisor) prepares VMCS1->2 to run its own virtual machine which executes vmlaunch. vmlaunch will trap and L0 will have the handle the tape because L1 is running as a virtual machine do to the fact that L0 is using the architectural mod for a hypervisor. So in order to have multiplexing happen by making L2 run as a virtual machine of L1. So L0 merges VMCS's; VMCS0->1 merges with VMCS1->2 to become VMCS0->2(enabling L0 to run L2 directly). L0 will now launch a L2 which cause it to trap. L0 handles the trap itself or will forward it to L1 depending if it L1 virtual machines responsibility to handle.<br />
The way it handles a single L2 exit, L1 need to read and write to the VMCS disable interrupts which wouldn't normally be a problem but because it running in guest mode as a virtual machine all the operation trap leading to a signal high level L2 exit or L3 exit causes many exits(more exits less performance). Problem was corrected by making the single exit fast and reduced frequency of exits with multi-dimensional paging. In the end L1 or L0 base on the trap will finish handling it and resumes L2. this Process is repeated over again contentiously.<br />
<br />
How Multi-dimensional paging work:<br />
The main idea with n = 2 nest virtualization there are three logical translations: L2 to Virtual to physical address, from an L2 physical to L1 physical and form a L1 physical to L0 physical address. 3 levels of translations however there is only 2 MMU page table in the Hardware that called EPT; which takes virtual to physical and guest physical to host physical. They compress the 3 translations onto the two tables going from the being to end in 2 hopes instead of 3. This is done by shadow page table for the virtual machine and shadow-on-EPT. The Shadow-on-EPT compress three logical translations to two pages. The EPT tables rarely changer were the guest page table changes frequently. L0 emulates EPT for L1 and it uses EPT0->1 and EPT1->2 to construct EPT0->2. this process results in less Exits.<br />
<br />
How does I/O virtualization work:<br />
There are 3 fundamental way to virtual machine access the I/O, Device emulation(sugerman01), Para-virtualized drivers which know it on a driver(Barham03, Russell08) and Direct device assignment( evasseur04,Yassour08) which results in the best performance. to get the best performance they used a IOMMU for safe DMA bypass. With nested 3X3 options for I/O virtualization they had the many options but they used multi-level device assignment giving L2 guest direct access to L0 devices bypassing both L0 and L1. To do this they had to memory map I/O with program I/0 with DMA with interrupts. the idea with DMA is that each of hiperyzisor L0,L1 need to used a IOMMU to allow its virtual machine to access the device to bypass safety. There is only one plate for IOMMU so L0 need to emulates an IOMMU. then L0 compress the Multiple IOMMU into a single hardware IOMMU page table so that L2 programs the device directly. the Device DMA's are stored into L2 memory space directly<br />
<br />
<br />
How they implement the Micro-Optimizations to make it go faster:<br />
The two main places where guest of a nested hypervisor is slower then the same guest running on a baremetal hypervisor are the second transition between L1 to L2 and the exit handling code running on the L1 hypervirsor. Since L1 and L2 are assumed to be unmodified required charges were found in L0 only. They Optimized the transitions between L1 and L2. This involves an exit to L0 and then an entry. In L0 the most time is spent in merging VMC's, so they optimize this by copying data between VMC's if its being modified and they carefully balance full copying versus partial copying and tracking. The VMCS are optimized further by copying multiple VMCS fields at once. Normally by intel's specification read or writes must be performed using vmread and vmwrite instruction (operate on a single field). VMCS data can be accessed without ill side-effects by bypassing<br />
vmread and vmwrite and copying multiple fields at once with large memory copies. (might not work on processors other than the ones they have tested).The main cause of this slowdown exit handling are additional exits caused by<br />
privileged instructions in the exit-handling code. vmread and vmwrite are used by the hypervisor to change the guest and host specification ( causing L1 exit multiple times while it handles a single l2 exit). By using AMD SVM the guest and host specifications can be read or written to directly using ordinary memory loads and stores( L0 does not intervene while L1 modifies L2 specifications).<br />
<br />
==Performance==<br />
Two benchmarks were used: kernbench - compiles the linux kernel multiple times. SPECjbb - designed to measure server side [perofmance for Java run-time environments<br />
<br />
Overhead for nested virtualization with kernbench is 10.3% and 6.3% for Specjbb. <br />
There are two sources of overhead evident in nested virtualization. First, the transitions between L1 and L2 are slower than the transition in the lower level of the nested design (between L0 and L1). Second the code handling EXITs running on the host hypervisor such as L1 is much slower than the same code in L0.<br />
<br />
The paper outlines optimization steps to achieve the minimal overhead.<br />
<br />
1. Bypassing vmread and vmwrite instructions and directly accessing data under certain conditions. Removing the need to trap and emulate.<br />
<br />
2. Optimizing exit handling code. (the main cause of the slowdown is provided by additional exits in the exit handling code.<br />
<br />
==Critique==<br />
'''The good:'''<br />
<br />
* From what I read so far, the research showed in the paper is probably the first to achieve efficent x86 nested-virtualization without altering the hardware, relying on software-only techniques and mechanisms. They also won the Jay Lepreau best paper award.<br />
<br />
* security - being able to run other hypervisors without being detected<br />
<br />
* testing, debugging - of hypervisors<br />
<br />
'''The bad:'''<br />
<br />
* lots of exits. to be continued. (anyone whos is interested feel free to take this topic)<br />
<br />
==References==<br />
[1] http://www.haifux.org/lectures/225/ - '''Nested x86 Virtualization - Muli Ben-Yehuda'''</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:COMP_3000_Essay_2_2010_Question_9&diff=6089Talk:COMP 3000 Essay 2 2010 Question 92010-12-02T02:16:15Z<p>Csulliva: /* Implementation */</p>
<hr />
<div>=Group members=<br />
<br />
* Munther Hussain<br />
* Jonathon Slonosky<br />
* Michael Bingham<br />
* Chris Sullivan<br />
* Pawel Raubic<br />
<br />
=Group work=<br />
* Background concepts: Munther Hussain<br />
* Research problem: Michael Bingham<br />
* Contribution:<br />
* Critique:<br />
<br />
<br />
=General discussion=<br />
<br />
Hey there, this is Munther. The prof said that we should be contacting each other to see whos still on board for the course. So please<br />
if you read this, add your name to the list of members above. You can my find my contact info in my profile page by clicking my signature. We shall talk about the details and how we will approach this in the next few days --[[User:Hesperus|Hesperus]] 16:41, 12 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in -- JSlonosky<br />
<br />
----------------------<br />
<br />
Pawel has already contacted us so he still in for the course, that makes 3 of us. The other three members, please drop in and add your name. We need to confirm the members today by 1:00 pm. --[[User:Hesperus|Hesperus]] 12:18, 15 November 2010 (UTC)<br />
<br />
----------------------<br />
<br />
Checked in --[[User:Mbingham|Mbingham]] 15:08, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in --[[User:Smcilroy|Smcilroy]] 17:03, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
To the person above me (Smcilroy): I can see that you're assigned to group 7 and not this one. So did the prof move you to this group or something ? We haven't confirmed or emailed the prof yet, I will wait until 1:00 pm. --[[User:Hesperus|Hesperus]] 17:22, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
Alright, so I just emailed the prof the list of members that have checked in so far (the names listed above plus Pawel Raubic),<br />
Smcilroy: I still don't know whether you're in this group or not, though I don't see your name listed in the group assignments on the course webpage. To the other members: if you're still interested in doing the course, please drop in here and add your name or even email me, you can find my contact info in my profile page(just click my signature).<br />
<br />
Personally speaking, I find the topic of this article (The Turtle Project) to be quite interesting and approachable, in fact we've<br />
already been playing with VirtualBox and VMWare and such things, so we should be familiar with some of the concepts the article<br />
approaches like nested-virtualization, hypervisors, supervisors, etc, things that we even covered in class and we can in fact test on our machines. I've already started reading the article, hopefully tonight we'll start posting some basic ideas or concepts and talk about the article in general. I will be in tomorrow's tutorial session in the 4th floor in case some of you guys want to get to know one another. --[[User:Hesperus|Hesperus]] 18:43, 15 November 2010 (UTC)<br />
-----<br />
Yeah, it looks pretty good to me. Unfortunately, I am attending Ozzy Osbourne on the 25th, so I'd like it if we could get ourselves organized early so I can get my part done and not letting it fall on you guys. Not that I would let that happen --JSlonosky 02:51, 16 November 2010 (UTC)<br />
-----<br />
Why waste your money on that old man ? I'd love to see Halford though, I'm sure he'll do some classic Priest material, haven't checked the new record yet, but the cover looks awful, definitely the worst and most ridiculous cover of the year. Anyways, enough music talk. I think we should get it done at least on 24th, we should leave the last day to do the editing and stuff. I removed Smcilroy from the members list, I think he checked in here by mistake because I can see him in group 7. So far, we're 5, still missing one member. --[[User:Hesperus|Hesperus]] 05:36, 16 November 2010 (UTC)<br />
-----<br />
Yeah that would be pretty sweet. I figured I might as well see him when I can; Since he is going to be dead soon. How is he not already? Alright well, the other member should show up soon, or I'd guess that we are a group of 5. --JSlonosky 16:37, 16 November 2010 (UTC)<br />
<br />
-----<br />
Hey dudes. I think we need to get going here.. the paper is due in 4 days. I just did the paper intro section (provided the title, authors, research labs, links, etc.). I have read the paper twice so far and will be spending the whole day working on the background concepts and the research problem sections. <br />
<br />
I'm still not sure on how we should divide the work and sections among the members, especially regarding the research contribution and critique, I mean those sections should not be based or written from the perspective of one person, we all need to work and discuss those paper concepts together.<br />
<br />
If anyone wants to add something, then please add but don't edit or alter the already existing content. Lets try to get as many thoughts/ideas as possible and then we will edit and filter the redundancy later. And lets make sure that we add summary comments to our edits to make it easier to keep track of everything.<br />
<br />
Also, we're still missing one member: Shawn Hansen. Its weird because on last Wednesday's lab, the prof told me that he attended the lab and signed his name, so he should still be in the course. --[[User:Hesperus|Hesperus]] 18:07, 21 November 2010 (UTC)<br />
<br />
---------<br />
Yeah man. We really do need to get on this. Not going to ozzy so I got free time now. I am reading it again to refresh my memory of it and will put notes of what I think we can criticize about it and such. What kind of references do you think we will need? Similar papers etc?<br />
If you need to a hold of me. Best way is through email. jslonosk@connect.Carleton.ca. And if that is still in our group but doesn't participate, too bad for him--JSlonosky 14:42, 22 November 2010 (UTC)<br />
----------<br />
The section on the related work has all the things we need to as far as other papers go. Also, I was able to find other research papers that are not mentioned in the paper. I will definitely be adding those paper by tonight. For the time being, I will handle the background concepts. I added a group work section below to keep track of whos doing what. I should get the background concept done hopefully by tonight. If anyone want to help with the other sections that would be great, please add your name to the section you want to handle below.<br />
<br />
I added a general paper summary below just to illustrate the general idea behind each section. If anybody wants to add anything, feel free to do so. --[[User:Hesperus|Hesperus]] 18:55, 22 November 2010 (UTC)<br />
-----------<br />
I remember the prof mentioned the most important part of the paper is the Critique so we gotta focus on that altogether not just one person for sure.--[[User:Praubic|Praubic]] 19:22, 22 November 2010 (UTC)<br />
<br />
-------------<br />
Yeah absloutely, I agree. But first, lets pin down the crucial points. And then we can discuss them collectively. If anyone happens to come across what he thinks is good or bad, then you can add it below to the good/bad points. Maybe the group work idea is bad, but I just thought maybe if we each member focuses on a specific part in the beginning, we can maybe have a better overall idea of what the paper is about. --[[User:Hesperus|Hesperus]] 19:42, 22 November 2010 (UTC)<br />
--------------<br />
Ok, another thing I figured is that the paper doesn't directly hint at why nested virtualization is necessary? I posted a link in references and I'l try to research more into the purpose of nested virtualization.--[[User:Praubic|Praubic]] 19:45, 22 November 2010 (UTC)<br />
--------------<br />
Actually the paper does talk about that. Look at the first two paragraphs in the introduction section of the paper on page 1. But you're right, they don't really elaborate, I think its because its not the purpose or the aim of the paper in the first place. --[[User:Hesperus|Hesperus]] 20:31, 22 November 2010 (UTC) <br />
--------------<br />
The stuff that Michael provided are excellent. That was actually what I was planning on doing. I will start by defining virtualization, hypervisors, computer ring security, the need and uses of nested virtualization, the models, etc. --[[User:Hesperus|Hesperus]] 22:14, 22 November 2010 (UTC)<br />
-------------<br />
So here my question who doing what in the group work and where should I focus my attention to do my part?- Csulliva<br />
-------------<br />
I have posted few things regarding the background concepts on the main page. I will go back and edit it today and talk about other things like: nested virtualization, the need and advantages of NV, the models, the trap and emulate model of x86 machines, computer paging which is discussed in the paper, computer ring security which again they touch on at some point in the paper. I can easily move some of the things I wrote in the theory section to the main page, but I want to consult the prof first on some of those things.<br />
<br />
One thing that I'm still unsure of is how far should we go here ? should we provide background on the hardware architecture used by the authors like the x86 family and the VMX chips, or maybe some of the concepts discussed later on in the testing such as optimization, emulation, para-virtualization ?<br />
<br />
I will speak and consult the prof today after our lecture. If other members want to help, you guys can start with the related work and see how the content of the paper compares to previous or even current research papers. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
------------------------<br />
In response to what Michael mentioned above in the background section: we should definitely talk about that, from what I understood, they apply the same model (the trap and emulate) but they provide optimizations and ways to increase the trap calls efficiency between the nested environments, so thats definitely a contribution, but its more of a performance optimization kind of contribution I guess, which is why I mentioned the optimizations in the contribution section below. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
---------------------------<br />
'''Ok, so for those who didn't attend today's lecture, the prof was nice enough to give us an extension for the paper, the due date now is Dec 2nd.''' And thats really good, given that some of those concepts require time to sort of formulate. I also asked the prof on the approach that we should follow in terms of presenting the material, and he mentioned that you need to provide enough information for each section to make your follow student understand what the paper is about without them having to actually read the paper or go through it in detail. He also mentioned the need to distill some of the details, if the paper spends a whole page explaining multi-dimensional paging, we should probably explain that in 2 small paragraphs or something.<br />
<br />
Also, we should always cite resources. If the resource is a book, we should cite the page number as well. --[[User:Hesperus|Hesperus]] 15:16, 23 November 2010 (UTC)<br />
---------------------------<br />
Yeah I am really thankful he left us with another week to do it. I am sure we all have at least 3 projects due soon, other than this Essay. I'll type up the stuff that I had highlighted for Tuesday as a break tomorrow. I was going to do it yesterday but he gave us an extension, so I slacked off a bit. I also forgot :/ --JSlonosky 23:43, 24 November 2010 (UTC)<br />
---------------------------<br />
Hey dudes. I have posted the first part of the backgrounds concept here in the discussion and on the main page as well. This is just a rough version, so I will be constantly expanding it and adding resources later on today. I have also created and added a diagram for illustration, as far as I know, we should be allowed to do this. If anyone have any suggestions to what I have posted or any counter arguments, please discuss. I will also be moving some of the stuff I wrote here (the theory section) to the main page as well.<br />
<br />
Regarding the critique, I guess the excessive amount of exits can somehow be seen as a '''scalability''' constraint, maybe making the overall design somehow too complex or difficult to get a hold of, I'm not sure about this, but just guessing from a general programming point of view. I will email the prof today, maybe he can give us some hints for what can be considered a weakness or a bad spot if you will in the paper. <br />
<br />
Also, we're still missing the sixth member of the group: Shawn Hansen. --[[User:Hesperus|Hesperus]] 06:57, 29 November 2010 (UTC)<br />
<br />
----------------------------<br />
<br />
Hey guys. I can start working on the research problem part of the essay. I'll put it up here when I have a rough version than move it to the actual article. As for the critique section, how about we put a section on the talk page here and people can add in what they thought worked/didn't work with some explanation/references, and then we can get someone/some people to combine it and put it in the essay? <br />
--[[User:Mbingham|Mbingham]] 18:13, 29 November 2010 (UTC)<br />
<br />
----------------------------<br />
<br />
Yea really, great work on the Background. It's looking slick. I added some initial edit in the Contribution and Critique but I agree lets open a thread here and All collaborate. --[[User:Praubic|Praubic]] 18:24, 30 November 2010 (UTC)<br />
----------------------------<br />
<br />
Nice man. Sorry I haven't updated with anything that I have done yet, but I'll have it up later today or tomorrow. I got both an Essay and game dev project done for tomorrow, so after 1 I will be free to work on this until it is time for 3004--JSlonosky 13:41, 30 November 2010 (UTC)<br />
<br />
----------------------------<br />
<br />
I put up an initial version of the research problem section in the article. Let me know what you guys think. --[[User:Mbingham|Mbingham]] 19:53, 30 November 2010 (UTC)<br />
<br />
----------------------------<br />
Hey guys. Since I'm working on the backgrounds concepts and Michael is handling the research problem. The other members should handle the contribution part. I think everything we need for the contribution section is in section 3 of the article (3.1, 3.2, 3.3, 3.4, 3.5). You can also make use of the things we posted here. Just to be on the safe side, we need to get this done by tomorrow's night. I'm working on a couple of definitions as we speak and will hopefully be done by tomorrow's morning.<br />
<br />
PS: We should leave the critique to the end, there should not be a lot of writing for that part and we must all contribute.<br />
<br />
--[[User:Hesperus|Hesperus]] 01:45, 1 December 2010 (UTC)<br />
-----------------------------<br />
Just posted other bits that were missing in the backgrounds concepts section like the security uses, models of virtualization and para-virtualization. They're just a rough version however. I will edit them in the next few hours.I just need to write something for protection rings and that would be it I guess.<br />
<br />
I can help with the other sections for the rest of the day, I will try to post some summaries for performance and implementation or even the related work. --[[User:Hesperus|Hesperus]] 07:26, 1 December 2010 (UTC)<br />
<br />
-----------------------------<br />
Guys, we need to get moving here.. The contribution section still needs a lot. We need to talk about their innovations and the things they did there:<br />
CPU virtualization, Memory virtualization, I/O virtualization and the Macro-optimizations.<br />
<br />
I will be posting something regarding this in the next few hours. --[[User:Hesperus|Hesperus]] 22:53, 1 December 2010 (UTC)<br />
<br />
<br />
<br />
<br />
=Paper summary=<br />
==Background Concepts and Other Stuff==<br />
<br />
<br />
<br />
<br />
<br />
<br />
===Virtualization===<br />
<br />
In essence, virtualization is creating an emulation of the underlying hardware for a guest operating system, program or a process to operate on. [1] Usually referred to as virtual machine, this emulation which includes a guest hypervisor and a virtualized environment, only gives an illusion to the guest virtual machine to make it think that its running directly on the main hardware. In other words, we can view this virtual machine as an application running on the host OS.<br />
<br />
The term virtualization has become rather broad, associated with a number of areas where this technology is used like data virtualization, storage virtualization, mobile virtualization and network virtualization. For the purposes and context of our assigned paper, we shall focus our attention on hardware virtualization within operating systems environments.<br />
<br />
====Hypervisor==== <br />
Also referred to as VMM (Virtual machine monitor), is a software module that exists one level above the supervisor and runs directly on the bare hardware to monitor the execution and behaviour of the guest virtual machines. The main task of the hypervior is to provide an emulation of the underlying hardware (CPU, memory, I/O, drivers, etc.) to the guest virtual machines and to take care of the possible issues that may rise due to the interaction of those guest virtual machines among one another, and the interaction with the host hardware and operating system. It also controls host resources.<br />
<br />
====Nested virtualization====<br />
Nested virtualization is the concept of recursively running one or more virtual machines inside one another. For instance, the main operating system (L1) runs a VM called L2, in turn, L2 runs another VM L3, L3 then runs L4 and so on.<br />
<br />
====Para-virtualization====<br />
[Coming....]<br />
<br />
<br />
===Trap and emulate model===<br />
A vitualization model based on the idea that when a guest hypervisor attempts to execute, gain or access privilged hardware context, it triggers a trap or a fault which gets handled or caught by the host hypervisor. The host hypervisor then determines whether this instruction should be allowed to execute or not. Then based on that, the host hypervisor provides an emulation of the requested outcome to the guest hypervisor. The x86 systems discussed in the Turtles Project research paper follows this model.<br />
<br />
===The uses of nested virtualization===<br />
<br />
====Compatibility====<br />
A system could provide the user with a compatibility mode for other operatng systems or applications. An example of this would<br />
be the Windows XP mode thats available in Windows 7, where Windows 7 runs Windows XP as a virtual machine.<br />
<br />
====Cloud computing====<br />
A cloud provider, more fomally referred to as Infrastructure-as-a-Service (IAAS) provider, could use nested virtualization to give the ability to customers to host their own preferred user-controlled hypervisors and run their virtual machines on the provider hardware. This way both sides can benefit, the provider can attract customers and the customer can have freedom implementing its system on the host hardware without worrying about compatibility issues.<br />
<br />
The most well known example of an IAAS provider is Amazon Web Services (AWS). AWS presents a virtualized platform for other services and web sites such as NetFlix to host their API and database on Amazon's hardware.<br />
<br />
====Security==== <br />
[Coming...]<br />
<br />
====Migration/Transfer of VMs====<br />
Nested virtualization can also be used in live migration or transfer of virtual machines in cases of upgrade or disaster <br />
recovery. Consider a scenarion where a number of virtual machines must be moved to a new hardware server for upgrade, instead of having to move each VM sepertaely, we can nest those virtual machines and their hypervisors to create one nested entity thats easier to deal with and more manageable.<br />
In the last couple of years, virtualization packages such as VMWare and VirtualBox have adapted this notion of live migration and developed their own embedded migration/transfer agents.<br />
<br />
====Testing====<br />
Using virtual machines is convenient for testing, evaluation and bechmarking purposes. Since a virtual machine is essentially<br />
a file on the host operating system, if corrupted or damaged, it can easily be removed, recreated or even restored since we can<br />
can create a snapshot of the running virtual machine.<br />
<br />
===Protection rings===<br />
[Coming....]<br />
<br />
<br />
EDIT: Just noticed that someone has put their name down to do the background concept stuff, so Munther feel free to use this as a starting point if you like.<br />
<br />
The above looks good. I thought id maybe start touching on some of the sections, so let me know what you guys think. Heres what I think would be useful to go over in the Background Concepts section:<br />
<br />
* Firstly, nested virtualization. Why we use nested virtualization (paper gives example of XP inside win 7). Maybe going over the trap and emulate model of nested virtualization.<br />
* Some of the terminology of nested virtualization. The difference between guest/host hypervisors (we're already familiar with guest/host OSs), the terminology of L0, ..., Ln with L0 being the bottom hypervisor, etc<br />
* x86 nested virtualization limitations. Single level architecture, guest/host mode, VMX instructions and how to emulate them. Some of this is in section 3.2of the paper.<br />
<br />
Again, anything else you guys think we should add would be great.<br />
<br />
Commenting some more on the above summary, under the "main contributions" part, do you think we should count the nested VMX virtualization part as a contribution? If we have multiplexing memory and multiplexing I/O as a main contribution, it would seem to make sense to have multiplexing the CPU as well, especially within the limitations of the x86 architecture. Unless they are using someone else's technique for virtualizing these instructions.--[[User:Mbingham|Mbingham]] 21:16, 22 November 2010 (UTC)<br />
==Research problem==<br />
The paper provides a solution for Nested-virtualization on x86 based computers. Their approach is software-based, meaning that, they're not really altering the underlying architecture, and this is basically the most interesting thing about the paper, since x86 computers don't support nested-virtualization in terms of hardware, but apparently they were able to do it.<br />
<br />
<br />
The goal of nested virtualization and multiple host hypervisors comes down to efficiency. Example: Virtualization on servers has been rapidly gaining popularity. The next evolution step is to extend a single level of memory management virtualization support to handle nested virtualization, which is critical for ''high performance''. [1]<br />
<br />
'''How does the concept apply to the quickly developing cloud computing?'''<br />
<br />
Cloud user manages his own virtual machine directly through a hypervisor of choice. In addition it provides increased security by hypervicsor-level intrusion detection.<br />
<br />
==Related work==<br />
<br />
Comparisons with other related/similar research and work:<br />
<br />
Refer to the following website and to the related work section in the paper regarding this section: <br />
http://www.spinics.net/lists/kvm/msg43940.html<br />
<br />
[This is a forum post by one of the authors of our assigned paper where he talks about more recent research work on virtualization, particularly in his first paragraph, he refers to some more recent research by the VMWare technical support team. He also talks about some of the research papers referred to in our assigned paper.] <br />
<br />
<br />
==Theory (Section 3.1)== <br />
<br />
Apparently, theres 2 models to applying nested-virtualization:<br />
<br />
* Multiple-level architecture support: where every hypervisor handles every other hypervisor running on top of it. For instance, if L0 (host hypervisor) runs L1. If L1 attempts to run L2, then the trap handling and the work needed to be done to allow L1 to instantiate a new VM is handled by L0. More generally, if L2 attempts to created its own VM, then L1 will handle the trap handling and such.<br />
<br />
* Single-level architecture support: This is the model supported by the x86 machines. This model is tied into the concept of "Trap and emulate", where every hypervisor tries to emulate the underlying hardware (the VMX chip in the paper implementation) and presents a fake ground for the hypervisor running on top of it (the guest hypervisor) to operate on, letting it think that he's running on the actual hardware. The idea here is that in order for a guest hypervisor to operate and gain hardware-level privileges, it evokes a fault or a trap, this trap or fault is then handled or caught by the main host hypervisor and then inspected to see if its a legitimate or appropriate command or request, if it is, the host gives privilige to the guest, again having it think that its actually running on the main bare-metal hardware.<br />
<br />
In this model, everything must go back to the main host hypervisor. Then the host hypervisor forwards the trap and virtualization specification to the above-level involved or responsible. For instance, if L0 runs L1. Then L1 attempts to run L2. Then the command to run L2 goes down to L0 and then L0 forwards this command to L1 again. This is the model we're interested in because this what x86 machines basically follow. Look at figure 1 in the paper for a better understanding of this.<br />
<br />
==Main contribution==<br />
The paper propose two new-developed techniques:<br />
* Multi-dimensional paging (for memory virtualization)<br />
* Multiple-level device management (for I/O virtualization)<br />
<br />
Other contributions:<br />
* Micro-optimizations to improve performance.<br />
<br />
==Implementation==<br />
The turtle project has four components that is crucial to its implementation.<br />
* Nested VMX virtualization for nested CPU virtualization<br />
* Multi-dimensional paging for nested MMU virtualization<br />
* Multi-level device assignment for nested I/O virtualization<br />
* Micro-Optimizations to make it go faster<br />
<br />
How does the Nest VMX virtualization work:<br />
L0(the lowest most hypervisor) runs L1 with VMCS0->1(virtual machine control structure).The VMCS is the fundamental data structure that hypervisor per pars, describing the virtual machine, which is passed along to the CPU to be executed. L1(also a hypervisor) prepares VMCS1->2 to run its own virtual machine which executes vmlaunch. vmlaunch will trap and L0 will have the handle the tape because L1 is running as a virtual machine do to the fact that L0 is using the architectural mod for a hypervisor. So in order to have multiplexing happen by making L2 run as a virtual machine of L1. So L0 merges VMCS's; VMCS0->1 merges with VMCS1->2 to become VMCS0->2(enabling L0 to run L2 directly). L0 will now launch a L2 which cause it to trap. L0 handles the trap itself or will forward it to L1 depending if it L1 virtual machines responsibility to handle.<br />
The way it handles a single L2 exit, L1 need to read and write to the VMCS disable interrupts which wouldn't normally be a problem but because it running in guest mode as a virtual machine all the operation trap leading to a signal high level L2 exit or L3 exit causes many exits(more exits less performance). Problem was corrected by making the single exit fast and reduced frequency of exits with multi-dimensional paging. In the end L1 or L0 base on the trap will finish handling it and resumes L2. this Process is repeated over again contentiously.<br />
<br />
How Multi-dimensional paging work:<br />
The main idea with n = 2 nest virtualization there are three logical translations: L2 to Virtual to physical address, from an L2 physical to L1 physical and form a L1 physical to L0 physical address. 3 levels of translations however there is only 2 MMU page table in the Hardware that called EPT; which takes virtual to physical and guest physical to host physical. They compress the 3 translations onto the two tables going from the being to end in 2 hopes instead of 3. This is done by shadow page table for the virtual machine and shadow-on-EPT. The Shadow-on-EPT compress three logical translations to two pages. The EPT tables rarely changer were the guest page table changes frequently. L0 emulates EPT for L1 and it uses EPT0->1 and EPT1->2 to construct EPT0->2. this process results in less Exits.<br />
<br />
How does I/O virtualization work:<br />
There are 3 fundamental way to virtual machine access the I/O, Device emulation(sugerman01), Para-virtualized drivers which know it on a driver(Barham03, Russell08) and Direct device assignment( evasseur04,Yassour08) which results in the best performance. to get the best performance they used a IOMMU for safe DMA bypass. With nested 3X3 options for I/O virtualization they had the many options but they used multi-level device assignment giving L2 guest direct access to L0 devices bypassing both L0 and L1. To do this they had to memory map I/O with program I/0 with DMA with interrupts. the idea with DMA is that each of hiperyzisor L0,L1 need to used a IOMMU to allow its virtual machine to access the device to bypass safety. There is only one plate for IOMMU so L0 need to emulates an IOMMU. then L0 compress the Multiple IOMMU into a single hardware IOMMU page table so that L2 programs the device directly. the Device DMA's are stored into L2 memory space directly<br />
<br />
<br />
How they implement the Micro-Optimizations to make it go faster:<br />
The two main places where guest of a nested hypervisor is slower then the same guest running on a baremetal hypervisor are the second transition between L1 to L2 and the exit handling code running on the L1 hypervirsor. Since L1 and L2 are assumed to be unmodified required charges were found in L0 only.<br />
<br />
==Performance==<br />
Two benchmarks were used: kernbench - compiles the linux kernel multiple times. SPECjbb - designed to measure server side [perofmance for Java run-time environments<br />
<br />
Overhead for nested virtualization with kernbench is 10.3% and 6.3% for Specjbb. <br />
There are two sources of overhead evident in nested virtualization. First, the transitions between L1 and L2 are slower than the transition in the lower level of the nested design (between L0 and L1). Second the code handling EXITs running on the host hypervisor such as L1 is much slower than the same code in L0.<br />
<br />
The paper outlines optimization steps to achieve the minimal overhead.<br />
<br />
1. Bypassing vmread and vmwrite instructions and directly accessing data under certain conditions. Removing the need to trap and emulate.<br />
<br />
2. Optimizing exit handling code. (the main cause of the slowdown is provided by additional exits in the exit handling code.<br />
<br />
==Critique==<br />
'''The good:'''<br />
<br />
* From what I read so far, the research showed in the paper is probably the first to achieve efficent x86 nested-virtualization without altering the hardware, relying on software-only techniques and mechanisms. They also won the Jay Lepreau best paper award.<br />
<br />
* security - being able to run other hypervisors without being detected<br />
<br />
* testing, debugging - of hypervisors<br />
<br />
'''The bad:'''<br />
<br />
* lots of exits. to be continued. (anyone whos is interested feel free to take this topic)<br />
<br />
==References==<br />
[1] http://www.haifux.org/lectures/225/ - '''Nested x86 Virtualization - Muli Ben-Yehuda'''</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:COMP_3000_Essay_2_2010_Question_9&diff=6032Talk:COMP 3000 Essay 2 2010 Question 92010-12-02T00:34:26Z<p>Csulliva: /* Implementation */</p>
<hr />
<div>=Group members=<br />
<br />
* Munther Hussain<br />
* Jonathon Slonosky<br />
* Michael Bingham<br />
* Chris Sullivan<br />
* Pawel Raubic<br />
<br />
=Group work=<br />
* Background concepts: Munther Hussain<br />
* Research problem: Michael Bingham<br />
* Contribution:<br />
* Critique:<br />
<br />
<br />
=General discussion=<br />
<br />
Hey there, this is Munther. The prof said that we should be contacting each other to see whos still on board for the course. So please<br />
if you read this, add your name to the list of members above. You can my find my contact info in my profile page by clicking my signature. We shall talk about the details and how we will approach this in the next few days --[[User:Hesperus|Hesperus]] 16:41, 12 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in -- JSlonosky<br />
<br />
----------------------<br />
<br />
Pawel has already contacted us so he still in for the course, that makes 3 of us. The other three members, please drop in and add your name. We need to confirm the members today by 1:00 pm. --[[User:Hesperus|Hesperus]] 12:18, 15 November 2010 (UTC)<br />
<br />
----------------------<br />
<br />
Checked in --[[User:Mbingham|Mbingham]] 15:08, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in --[[User:Smcilroy|Smcilroy]] 17:03, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
To the person above me (Smcilroy): I can see that you're assigned to group 7 and not this one. So did the prof move you to this group or something ? We haven't confirmed or emailed the prof yet, I will wait until 1:00 pm. --[[User:Hesperus|Hesperus]] 17:22, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
Alright, so I just emailed the prof the list of members that have checked in so far (the names listed above plus Pawel Raubic),<br />
Smcilroy: I still don't know whether you're in this group or not, though I don't see your name listed in the group assignments on the course webpage. To the other members: if you're still interested in doing the course, please drop in here and add your name or even email me, you can find my contact info in my profile page(just click my signature).<br />
<br />
Personally speaking, I find the topic of this article (The Turtle Project) to be quite interesting and approachable, in fact we've<br />
already been playing with VirtualBox and VMWare and such things, so we should be familiar with some of the concepts the article<br />
approaches like nested-virtualization, hypervisors, supervisors, etc, things that we even covered in class and we can in fact test on our machines. I've already started reading the article, hopefully tonight we'll start posting some basic ideas or concepts and talk about the article in general. I will be in tomorrow's tutorial session in the 4th floor in case some of you guys want to get to know one another. --[[User:Hesperus|Hesperus]] 18:43, 15 November 2010 (UTC)<br />
-----<br />
Yeah, it looks pretty good to me. Unfortunately, I am attending Ozzy Osbourne on the 25th, so I'd like it if we could get ourselves organized early so I can get my part done and not letting it fall on you guys. Not that I would let that happen --JSlonosky 02:51, 16 November 2010 (UTC)<br />
-----<br />
Why waste your money on that old man ? I'd love to see Halford though, I'm sure he'll do some classic Priest material, haven't checked the new record yet, but the cover looks awful, definitely the worst and most ridiculous cover of the year. Anyways, enough music talk. I think we should get it done at least on 24th, we should leave the last day to do the editing and stuff. I removed Smcilroy from the members list, I think he checked in here by mistake because I can see him in group 7. So far, we're 5, still missing one member. --[[User:Hesperus|Hesperus]] 05:36, 16 November 2010 (UTC)<br />
-----<br />
Yeah that would be pretty sweet. I figured I might as well see him when I can; Since he is going to be dead soon. How is he not already? Alright well, the other member should show up soon, or I'd guess that we are a group of 5. --JSlonosky 16:37, 16 November 2010 (UTC)<br />
<br />
-----<br />
Hey dudes. I think we need to get going here.. the paper is due in 4 days. I just did the paper intro section (provided the title, authors, research labs, links, etc.). I have read the paper twice so far and will be spending the whole day working on the background concepts and the research problem sections. <br />
<br />
I'm still not sure on how we should divide the work and sections among the members, especially regarding the research contribution and critique, I mean those sections should not be based or written from the perspective of one person, we all need to work and discuss those paper concepts together.<br />
<br />
If anyone wants to add something, then please add but don't edit or alter the already existing content. Lets try to get as many thoughts/ideas as possible and then we will edit and filter the redundancy later. And lets make sure that we add summary comments to our edits to make it easier to keep track of everything.<br />
<br />
Also, we're still missing one member: Shawn Hansen. Its weird because on last Wednesday's lab, the prof told me that he attended the lab and signed his name, so he should still be in the course. --[[User:Hesperus|Hesperus]] 18:07, 21 November 2010 (UTC)<br />
<br />
---------<br />
Yeah man. We really do need to get on this. Not going to ozzy so I got free time now. I am reading it again to refresh my memory of it and will put notes of what I think we can criticize about it and such. What kind of references do you think we will need? Similar papers etc?<br />
If you need to a hold of me. Best way is through email. jslonosk@connect.Carleton.ca. And if that is still in our group but doesn't participate, too bad for him--JSlonosky 14:42, 22 November 2010 (UTC)<br />
----------<br />
The section on the related work has all the things we need to as far as other papers go. Also, I was able to find other research papers that are not mentioned in the paper. I will definitely be adding those paper by tonight. For the time being, I will handle the background concepts. I added a group work section below to keep track of whos doing what. I should get the background concept done hopefully by tonight. If anyone want to help with the other sections that would be great, please add your name to the section you want to handle below.<br />
<br />
I added a general paper summary below just to illustrate the general idea behind each section. If anybody wants to add anything, feel free to do so. --[[User:Hesperus|Hesperus]] 18:55, 22 November 2010 (UTC)<br />
-----------<br />
I remember the prof mentioned the most important part of the paper is the Critique so we gotta focus on that altogether not just one person for sure.--[[User:Praubic|Praubic]] 19:22, 22 November 2010 (UTC)<br />
<br />
-------------<br />
Yeah absloutely, I agree. But first, lets pin down the crucial points. And then we can discuss them collectively. If anyone happens to come across what he thinks is good or bad, then you can add it below to the good/bad points. Maybe the group work idea is bad, but I just thought maybe if we each member focuses on a specific part in the beginning, we can maybe have a better overall idea of what the paper is about. --[[User:Hesperus|Hesperus]] 19:42, 22 November 2010 (UTC)<br />
--------------<br />
Ok, another thing I figured is that the paper doesn't directly hint at why nested virtualization is necessary? I posted a link in references and I'l try to research more into the purpose of nested virtualization.--[[User:Praubic|Praubic]] 19:45, 22 November 2010 (UTC)<br />
--------------<br />
Actually the paper does talk about that. Look at the first two paragraphs in the introduction section of the paper on page 1. But you're right, they don't really elaborate, I think its because its not the purpose or the aim of the paper in the first place. --[[User:Hesperus|Hesperus]] 20:31, 22 November 2010 (UTC) <br />
--------------<br />
The stuff that Michael provided are excellent. That was actually what I was planning on doing. I will start by defining virtualization, hypervisors, computer ring security, the need and uses of nested virtualization, the models, etc. --[[User:Hesperus|Hesperus]] 22:14, 22 November 2010 (UTC)<br />
-------------<br />
So here my question who doing what in the group work and where should I focus my attention to do my part?- Csulliva<br />
-------------<br />
I have posted few things regarding the background concepts on the main page. I will go back and edit it today and talk about other things like: nested virtualization, the need and advantages of NV, the models, the trap and emulate model of x86 machines, computer paging which is discussed in the paper, computer ring security which again they touch on at some point in the paper. I can easily move some of the things I wrote in the theory section to the main page, but I want to consult the prof first on some of those things.<br />
<br />
One thing that I'm still unsure of is how far should we go here ? should we provide background on the hardware architecture used by the authors like the x86 family and the VMX chips, or maybe some of the concepts discussed later on in the testing such as optimization, emulation, para-virtualization ?<br />
<br />
I will speak and consult the prof today after our lecture. If other members want to help, you guys can start with the related work and see how the content of the paper compares to previous or even current research papers. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
------------------------<br />
In response to what Michael mentioned above in the background section: we should definitely talk about that, from what I understood, they apply the same model (the trap and emulate) but they provide optimizations and ways to increase the trap calls efficiency between the nested environments, so thats definitely a contribution, but its more of a performance optimization kind of contribution I guess, which is why I mentioned the optimizations in the contribution section below. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
---------------------------<br />
'''Ok, so for those who didn't attend today's lecture, the prof was nice enough to give us an extension for the paper, the due date now is Dec 2nd.''' And thats really good, given that some of those concepts require time to sort of formulate. I also asked the prof on the approach that we should follow in terms of presenting the material, and he mentioned that you need to provide enough information for each section to make your follow student understand what the paper is about without them having to actually read the paper or go through it in detail. He also mentioned the need to distill some of the details, if the paper spends a whole page explaining multi-dimensional paging, we should probably explain that in 2 small paragraphs or something.<br />
<br />
Also, we should always cite resources. If the resource is a book, we should cite the page number as well. --[[User:Hesperus|Hesperus]] 15:16, 23 November 2010 (UTC)<br />
---------------------------<br />
Yeah I am really thankful he left us with another week to do it. I am sure we all have at least 3 projects due soon, other than this Essay. I'll type up the stuff that I had highlighted for Tuesday as a break tomorrow. I was going to do it yesterday but he gave us an extension, so I slacked off a bit. I also forgot :/ --JSlonosky 23:43, 24 November 2010 (UTC)<br />
---------------------------<br />
Hey dudes. I have posted the first part of the backgrounds concept here in the discussion and on the main page as well. This is just a rough version, so I will be constantly expanding it and adding resources later on today. I have also created and added a diagram for illustration, as far as I know, we should be allowed to do this. If anyone have any suggestions to what I have posted or any counter arguments, please discuss. I will also be moving some of the stuff I wrote here (the theory section) to the main page as well.<br />
<br />
Regarding the critique, I guess the excessive amount of exits can somehow be seen as a '''scalability''' constraint, maybe making the overall design somehow too complex or difficult to get a hold of, I'm not sure about this, but just guessing from a general programming point of view. I will email the prof today, maybe he can give us some hints for what can be considered a weakness or a bad spot if you will in the paper. <br />
<br />
Also, we're still missing the sixth member of the group: Shawn Hansen. --[[User:Hesperus|Hesperus]] 06:57, 29 November 2010 (UTC)<br />
<br />
----------------------------<br />
<br />
Hey guys. I can start working on the research problem part of the essay. I'll put it up here when I have a rough version than move it to the actual article. As for the critique section, how about we put a section on the talk page here and people can add in what they thought worked/didn't work with some explanation/references, and then we can get someone/some people to combine it and put it in the essay? <br />
--[[User:Mbingham|Mbingham]] 18:13, 29 November 2010 (UTC)<br />
<br />
----------------------------<br />
<br />
Yea really, great work on the Background. It's looking slick. I added some initial edit in the Contribution and Critique but I agree lets open a thread here and All collaborate. --[[User:Praubic|Praubic]] 18:24, 30 November 2010 (UTC)<br />
----------------------------<br />
<br />
Nice man. Sorry I haven't updated with anything that I have done yet, but I'll have it up later today or tomorrow. I got both an Essay and game dev project done for tomorrow, so after 1 I will be free to work on this until it is time for 3004--JSlonosky 13:41, 30 November 2010 (UTC)<br />
<br />
----------------------------<br />
<br />
I put up an initial version of the research problem section in the article. Let me know what you guys think. --[[User:Mbingham|Mbingham]] 19:53, 30 November 2010 (UTC)<br />
<br />
----------------------------<br />
Hey guys. Since I'm working on the backgrounds concepts and Michael is handling the research problem. The other members should handle the contribution part. I think everything we need for the contribution section is in section 3 of the article (3.1, 3.2, 3.3, 3.4, 3.5). You can also make use of the things we posted here. Just to be on the safe side, we need to get this done by tomorrow's night. I'm working on a couple of definitions as we speak and will hopefully be done by tomorrow's morning.<br />
<br />
PS: We should leave the critique to the end, there should not be a lot of writing for that part and we must all contribute.<br />
<br />
--[[User:Hesperus|Hesperus]] 01:45, 1 December 2010 (UTC)<br />
-----------------------------<br />
Just posted other bits that were missing in the backgrounds concepts section like the security uses, models of virtualization and para-virtualization. They're just a rough version however. I will edit them in the next few hours.I just need to write something for protection rings and that would be it I guess.<br />
<br />
I can help with the other sections for the rest of the day, I will try to post some summaries for performance and implementation or even the related work. --[[User:Hesperus|Hesperus]] 07:26, 1 December 2010 (UTC)<br />
<br />
-----------------------------<br />
Guys, we need to get moving here.. The contribution section still needs a lot. We need to talk about their innovations and the things they did there:<br />
CPU virtualization, Memory virtualization, I/O virtualization and the Macro-optimizations.<br />
<br />
I will be posting something regarding this in the next few hours. --[[User:Hesperus|Hesperus]] 22:53, 1 December 2010 (UTC)<br />
<br />
<br />
<br />
<br />
=Paper summary=<br />
==Background Concepts and Other Stuff==<br />
<br />
<br />
<br />
<br />
<br />
<br />
===Virtualization===<br />
<br />
In essence, virtualization is creating an emulation of the underlying hardware for a guest operating system, program or a process to operate on. [1] Usually referred to as virtual machine, this emulation which includes a guest hypervisor and a virtualized environment, only gives an illusion to the guest virtual machine to make it think that its running directly on the main hardware. In other words, we can view this virtual machine as an application running on the host OS.<br />
<br />
The term virtualization has become rather broad, associated with a number of areas where this technology is used like data virtualization, storage virtualization, mobile virtualization and network virtualization. For the purposes and context of our assigned paper, we shall focus our attention on hardware virtualization within operating systems environments.<br />
<br />
====Hypervisor==== <br />
Also referred to as VMM (Virtual machine monitor), is a software module that exists one level above the supervisor and runs directly on the bare hardware to monitor the execution and behaviour of the guest virtual machines. The main task of the hypervior is to provide an emulation of the underlying hardware (CPU, memory, I/O, drivers, etc.) to the guest virtual machines and to take care of the possible issues that may rise due to the interaction of those guest virtual machines among one another, and the interaction with the host hardware and operating system. It also controls host resources.<br />
<br />
====Nested virtualization====<br />
Nested virtualization is the concept of recursively running one or more virtual machines inside one another. For instance, the main operating system (L1) runs a VM called L2, in turn, L2 runs another VM L3, L3 then runs L4 and so on.<br />
<br />
====Para-virtualization====<br />
[Coming....]<br />
<br />
<br />
===Trap and emulate model===<br />
A vitualization model based on the idea that when a guest hypervisor attempts to execute, gain or access privilged hardware context, it triggers a trap or a fault which gets handled or caught by the host hypervisor. The host hypervisor then determines whether this instruction should be allowed to execute or not. Then based on that, the host hypervisor provides an emulation of the requested outcome to the guest hypervisor. The x86 systems discussed in the Turtles Project research paper follows this model.<br />
<br />
===The uses of nested virtualization===<br />
<br />
====Compatibility====<br />
A system could provide the user with a compatibility mode for other operatng systems or applications. An example of this would<br />
be the Windows XP mode thats available in Windows 7, where Windows 7 runs Windows XP as a virtual machine.<br />
<br />
====Cloud computing====<br />
A cloud provider, more fomally referred to as Infrastructure-as-a-Service (IAAS) provider, could use nested virtualization to give the ability to customers to host their own preferred user-controlled hypervisors and run their virtual machines on the provider hardware. This way both sides can benefit, the provider can attract customers and the customer can have freedom implementing its system on the host hardware without worrying about compatibility issues.<br />
<br />
The most well known example of an IAAS provider is Amazon Web Services (AWS). AWS presents a virtualized platform for other services and web sites such as NetFlix to host their API and database on Amazon's hardware.<br />
<br />
====Security==== <br />
[Coming...]<br />
<br />
====Migration/Transfer of VMs====<br />
Nested virtualization can also be used in live migration or transfer of virtual machines in cases of upgrade or disaster <br />
recovery. Consider a scenarion where a number of virtual machines must be moved to a new hardware server for upgrade, instead of having to move each VM sepertaely, we can nest those virtual machines and their hypervisors to create one nested entity thats easier to deal with and more manageable.<br />
In the last couple of years, virtualization packages such as VMWare and VirtualBox have adapted this notion of live migration and developed their own embedded migration/transfer agents.<br />
<br />
====Testing====<br />
Using virtual machines is convenient for testing, evaluation and bechmarking purposes. Since a virtual machine is essentially<br />
a file on the host operating system, if corrupted or damaged, it can easily be removed, recreated or even restored since we can<br />
can create a snapshot of the running virtual machine.<br />
<br />
===Protection rings===<br />
[Coming....]<br />
<br />
<br />
EDIT: Just noticed that someone has put their name down to do the background concept stuff, so Munther feel free to use this as a starting point if you like.<br />
<br />
The above looks good. I thought id maybe start touching on some of the sections, so let me know what you guys think. Heres what I think would be useful to go over in the Background Concepts section:<br />
<br />
* Firstly, nested virtualization. Why we use nested virtualization (paper gives example of XP inside win 7). Maybe going over the trap and emulate model of nested virtualization.<br />
* Some of the terminology of nested virtualization. The difference between guest/host hypervisors (we're already familiar with guest/host OSs), the terminology of L0, ..., Ln with L0 being the bottom hypervisor, etc<br />
* x86 nested virtualization limitations. Single level architecture, guest/host mode, VMX instructions and how to emulate them. Some of this is in section 3.2of the paper.<br />
<br />
Again, anything else you guys think we should add would be great.<br />
<br />
Commenting some more on the above summary, under the "main contributions" part, do you think we should count the nested VMX virtualization part as a contribution? If we have multiplexing memory and multiplexing I/O as a main contribution, it would seem to make sense to have multiplexing the CPU as well, especially within the limitations of the x86 architecture. Unless they are using someone else's technique for virtualizing these instructions.--[[User:Mbingham|Mbingham]] 21:16, 22 November 2010 (UTC)<br />
==Research problem==<br />
The paper provides a solution for Nested-virtualization on x86 based computers. Their approach is software-based, meaning that, they're not really altering the underlying architecture, and this is basically the most interesting thing about the paper, since x86 computers don't support nested-virtualization in terms of hardware, but apparently they were able to do it.<br />
<br />
<br />
The goal of nested virtualization and multiple host hypervisors comes down to efficiency. Example: Virtualization on servers has been rapidly gaining popularity. The next evolution step is to extend a single level of memory management virtualization support to handle nested virtualization, which is critical for ''high performance''. [1]<br />
<br />
'''How does the concept apply to the quickly developing cloud computing?'''<br />
<br />
Cloud user manages his own virtual machine directly through a hypervisor of choice. In addition it provides increased security by hypervicsor-level intrusion detection.<br />
<br />
==Related work==<br />
<br />
Comparisons with other related/similar research and work:<br />
<br />
Refer to the following website and to the related work section in the paper regarding this section: <br />
http://www.spinics.net/lists/kvm/msg43940.html<br />
<br />
[This is a forum post by one of the authors of our assigned paper where he talks about more recent research work on virtualization, particularly in his first paragraph, he refers to some more recent research by the VMWare technical support team. He also talks about some of the research papers referred to in our assigned paper.] <br />
<br />
<br />
==Theory (Section 3.1)== <br />
<br />
Apparently, theres 2 models to applying nested-virtualization:<br />
<br />
* Multiple-level architecture support: where every hypervisor handles every other hypervisor running on top of it. For instance, if L0 (host hypervisor) runs L1. If L1 attempts to run L2, then the trap handling and the work needed to be done to allow L1 to instantiate a new VM is handled by L0. More generally, if L2 attempts to created its own VM, then L1 will handle the trap handling and such.<br />
<br />
* Single-level architecture support: This is the model supported by the x86 machines. This model is tied into the concept of "Trap and emulate", where every hypervisor tries to emulate the underlying hardware (the VMX chip in the paper implementation) and presents a fake ground for the hypervisor running on top of it (the guest hypervisor) to operate on, letting it think that he's running on the actual hardware. The idea here is that in order for a guest hypervisor to operate and gain hardware-level privileges, it evokes a fault or a trap, this trap or fault is then handled or caught by the main host hypervisor and then inspected to see if its a legitimate or appropriate command or request, if it is, the host gives privilige to the guest, again having it think that its actually running on the main bare-metal hardware.<br />
<br />
In this model, everything must go back to the main host hypervisor. Then the host hypervisor forwards the trap and virtualization specification to the above-level involved or responsible. For instance, if L0 runs L1. Then L1 attempts to run L2. Then the command to run L2 goes down to L0 and then L0 forwards this command to L1 again. This is the model we're interested in because this what x86 machines basically follow. Look at figure 1 in the paper for a better understanding of this.<br />
<br />
==Main contribution==<br />
The paper propose two new-developed techniques:<br />
* Multi-dimensional paging (for memory virtualization)<br />
* Multiple-level device management (for I/O virtualization)<br />
<br />
Other contributions:<br />
* Micro-optimizations to improve performance.<br />
<br />
==Implementation==<br />
The turtle project has four components that is crucial to its implementation.<br />
* Nested VMX virtualization for nested CPU virtualization<br />
* Multi-dimensional paging for nested MMU virtualization<br />
* Multi-level device assignment for nested I/O virtualization<br />
* Micro-Optimizations to make it go faster<br />
<br />
How does the Nest VMX virtualization work:<br />
L0(the lowest most hypervisor) runs L1 with VMCS0->1(virtual machine control structure).The VMCS is the fundamental data structure that hypervisor per pars, describing the virtual machine, which is passed along to the CPU to be executed. L1(also a hypervisor) prepares VMCS1->2 to run its own virtual machine which executes vmlaunch. vmlaunch will trap and L0 will have the handle the tape because L1 is running as a virtual machine do to the fact that L0 is using the architectural mod for a hypervisor. So in order to have multiplexing happen by making L2 run as a virtual machine of L1. So L0 merges VMCS's; VMCS0->1 merges with VMCS1->2 to become VMCS0->2(enabling L0 to run L2 directly). L0 will now launch a L2 which cause it to trap. L0 handles the trap itself or will forward it to L1 depending if it L1 virtual machines responsibility to handle.<br />
The way it handles a single L2 exit, L1 need to read and write to the VMCS disable interrupts which wouldn't normally be a problem but because it running in guest mode as a virtual machine all the operation trap leading to a signal high level L2 exit or L3 exit causes many exits(more exits less performance). Problem was corrected by making the single exit fast and reduced frequency of exits with multi-dimensional paging. In the end L1 or L0 base on the trap will finish handling it and resumes L2. this Process is repeated over again contentiously.<br />
<br />
How Multi-dimensional paging work:<br />
The main idea with n = 2 nest virtualization there are three logical translations: L2 to Virtual to physical address, from an L2 physical to L1 physical and form a L1 physical to L0 physical address. 3 levels of translations however there is only 2 MMU page table in the Hardware that called EPT; which takes virtual to physical and guest physical to host physical. They compress the 3 translations onto the two tables going from the being to end in 2 hopes instead of 3. This is done by shadow page table for the virtual machine and shadow-on-EPT. The Shadow-on-EPT compress three logical translations to two pages. The EPT tables rarely changer were the guest page table changes frequently. L0 emulates EPT for L1 and it uses EPT0->1 and EPT1->2 to construct EPT0->2. this process results in less Exits.<br />
<br />
How does I/O virtualization work:<br />
There are 3 fundamental way to virtual machine access the I/O, Device emulation(sugerman01), Para-virtualized drivers which know it on a driver(Barham03, Russell08) and Direct device assignment( evasseur04,Yassour08) which results in the best performance. to get the best performance they used a IOMMU for safe DMA bypass. With nested 3X3 options for I/O virtualization they had the many options but they used multi-level device assignment giving L2 guest direct access to L0 devices bypassing both L0 and L1. To do this they had to memory map I/O with program I/0 with DMA with interrupts. the idea with DMA is that each of hiperyzisor L0,L1 need to used a IOMMU to allow its virtual machine to access the device to bypass safety. There is only one plate for IOMMU so L0 need to emulates an IOMMU. then L0 compress the Multiple IOMMU into a single hardware IOMMU page table so that L2 programs the device directly. the Device DMA's are stored into L2 memory space directly<br />
<br />
==Performance==<br />
Two benchmarks were used: kernbench - compiles the linux kernel multiple times. SPECjbb - designed to measure server side [perofmance for Java run-time environments<br />
<br />
Overhead for nested virtualization with kernbench is 10.3% and 6.3% for Specjbb. <br />
There are two sources of overhead evident in nested virtualization. First, the transitions between L1 and L2 are slower than the transition in the lower level of the nested design (between L0 and L1). Second the code handling EXITs running on the host hypervisor such as L1 is much slower than the same code in L0.<br />
<br />
The paper outlines optimization steps to achieve the minimal overhead.<br />
<br />
1. Bypassing vmread and vmwrite instructions and directly accessing data under certain conditions. Removing the need to trap and emulate.<br />
<br />
2. Optimizing exit handling code. (the main cause of the slowdown is provided by additional exits in the exit handling code.<br />
<br />
==Critique==<br />
'''The good:'''<br />
<br />
* From what I read so far, the research showed in the paper is probably the first to achieve efficent x86 nested-virtualization without altering the hardware, relying on software-only techniques and mechanisms. They also won the Jay Lepreau best paper award.<br />
<br />
* security - being able to run other hypervisors without being detected<br />
<br />
* testing, debugging - of hypervisors<br />
<br />
'''The bad:'''<br />
<br />
* lots of exits. to be continued. (anyone whos is interested feel free to take this topic)<br />
<br />
==References==<br />
[1] http://www.haifux.org/lectures/225/ - '''Nested x86 Virtualization - Muli Ben-Yehuda'''</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:COMP_3000_Essay_2_2010_Question_9&diff=6010Talk:COMP 3000 Essay 2 2010 Question 92010-12-01T23:58:44Z<p>Csulliva: /* Implementation */</p>
<hr />
<div>=Group members=<br />
<br />
* Munther Hussain<br />
* Jonathon Slonosky<br />
* Michael Bingham<br />
* Chris Sullivan<br />
* Pawel Raubic<br />
<br />
=Group work=<br />
* Background concepts: Munther Hussain<br />
* Research problem: Michael Bingham<br />
* Contribution:<br />
* Critique:<br />
<br />
<br />
=General discussion=<br />
<br />
Hey there, this is Munther. The prof said that we should be contacting each other to see whos still on board for the course. So please<br />
if you read this, add your name to the list of members above. You can my find my contact info in my profile page by clicking my signature. We shall talk about the details and how we will approach this in the next few days --[[User:Hesperus|Hesperus]] 16:41, 12 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in -- JSlonosky<br />
<br />
----------------------<br />
<br />
Pawel has already contacted us so he still in for the course, that makes 3 of us. The other three members, please drop in and add your name. We need to confirm the members today by 1:00 pm. --[[User:Hesperus|Hesperus]] 12:18, 15 November 2010 (UTC)<br />
<br />
----------------------<br />
<br />
Checked in --[[User:Mbingham|Mbingham]] 15:08, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in --[[User:Smcilroy|Smcilroy]] 17:03, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
To the person above me (Smcilroy): I can see that you're assigned to group 7 and not this one. So did the prof move you to this group or something ? We haven't confirmed or emailed the prof yet, I will wait until 1:00 pm. --[[User:Hesperus|Hesperus]] 17:22, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
Alright, so I just emailed the prof the list of members that have checked in so far (the names listed above plus Pawel Raubic),<br />
Smcilroy: I still don't know whether you're in this group or not, though I don't see your name listed in the group assignments on the course webpage. To the other members: if you're still interested in doing the course, please drop in here and add your name or even email me, you can find my contact info in my profile page(just click my signature).<br />
<br />
Personally speaking, I find the topic of this article (The Turtle Project) to be quite interesting and approachable, in fact we've<br />
already been playing with VirtualBox and VMWare and such things, so we should be familiar with some of the concepts the article<br />
approaches like nested-virtualization, hypervisors, supervisors, etc, things that we even covered in class and we can in fact test on our machines. I've already started reading the article, hopefully tonight we'll start posting some basic ideas or concepts and talk about the article in general. I will be in tomorrow's tutorial session in the 4th floor in case some of you guys want to get to know one another. --[[User:Hesperus|Hesperus]] 18:43, 15 November 2010 (UTC)<br />
-----<br />
Yeah, it looks pretty good to me. Unfortunately, I am attending Ozzy Osbourne on the 25th, so I'd like it if we could get ourselves organized early so I can get my part done and not letting it fall on you guys. Not that I would let that happen --JSlonosky 02:51, 16 November 2010 (UTC)<br />
-----<br />
Why waste your money on that old man ? I'd love to see Halford though, I'm sure he'll do some classic Priest material, haven't checked the new record yet, but the cover looks awful, definitely the worst and most ridiculous cover of the year. Anyways, enough music talk. I think we should get it done at least on 24th, we should leave the last day to do the editing and stuff. I removed Smcilroy from the members list, I think he checked in here by mistake because I can see him in group 7. So far, we're 5, still missing one member. --[[User:Hesperus|Hesperus]] 05:36, 16 November 2010 (UTC)<br />
-----<br />
Yeah that would be pretty sweet. I figured I might as well see him when I can; Since he is going to be dead soon. How is he not already? Alright well, the other member should show up soon, or I'd guess that we are a group of 5. --JSlonosky 16:37, 16 November 2010 (UTC)<br />
<br />
-----<br />
Hey dudes. I think we need to get going here.. the paper is due in 4 days. I just did the paper intro section (provided the title, authors, research labs, links, etc.). I have read the paper twice so far and will be spending the whole day working on the background concepts and the research problem sections. <br />
<br />
I'm still not sure on how we should divide the work and sections among the members, especially regarding the research contribution and critique, I mean those sections should not be based or written from the perspective of one person, we all need to work and discuss those paper concepts together.<br />
<br />
If anyone wants to add something, then please add but don't edit or alter the already existing content. Lets try to get as many thoughts/ideas as possible and then we will edit and filter the redundancy later. And lets make sure that we add summary comments to our edits to make it easier to keep track of everything.<br />
<br />
Also, we're still missing one member: Shawn Hansen. Its weird because on last Wednesday's lab, the prof told me that he attended the lab and signed his name, so he should still be in the course. --[[User:Hesperus|Hesperus]] 18:07, 21 November 2010 (UTC)<br />
<br />
---------<br />
Yeah man. We really do need to get on this. Not going to ozzy so I got free time now. I am reading it again to refresh my memory of it and will put notes of what I think we can criticize about it and such. What kind of references do you think we will need? Similar papers etc?<br />
If you need to a hold of me. Best way is through email. jslonosk@connect.Carleton.ca. And if that is still in our group but doesn't participate, too bad for him--JSlonosky 14:42, 22 November 2010 (UTC)<br />
----------<br />
The section on the related work has all the things we need to as far as other papers go. Also, I was able to find other research papers that are not mentioned in the paper. I will definitely be adding those paper by tonight. For the time being, I will handle the background concepts. I added a group work section below to keep track of whos doing what. I should get the background concept done hopefully by tonight. If anyone want to help with the other sections that would be great, please add your name to the section you want to handle below.<br />
<br />
I added a general paper summary below just to illustrate the general idea behind each section. If anybody wants to add anything, feel free to do so. --[[User:Hesperus|Hesperus]] 18:55, 22 November 2010 (UTC)<br />
-----------<br />
I remember the prof mentioned the most important part of the paper is the Critique so we gotta focus on that altogether not just one person for sure.--[[User:Praubic|Praubic]] 19:22, 22 November 2010 (UTC)<br />
<br />
-------------<br />
Yeah absloutely, I agree. But first, lets pin down the crucial points. And then we can discuss them collectively. If anyone happens to come across what he thinks is good or bad, then you can add it below to the good/bad points. Maybe the group work idea is bad, but I just thought maybe if we each member focuses on a specific part in the beginning, we can maybe have a better overall idea of what the paper is about. --[[User:Hesperus|Hesperus]] 19:42, 22 November 2010 (UTC)<br />
--------------<br />
Ok, another thing I figured is that the paper doesn't directly hint at why nested virtualization is necessary? I posted a link in references and I'l try to research more into the purpose of nested virtualization.--[[User:Praubic|Praubic]] 19:45, 22 November 2010 (UTC)<br />
--------------<br />
Actually the paper does talk about that. Look at the first two paragraphs in the introduction section of the paper on page 1. But you're right, they don't really elaborate, I think its because its not the purpose or the aim of the paper in the first place. --[[User:Hesperus|Hesperus]] 20:31, 22 November 2010 (UTC) <br />
--------------<br />
The stuff that Michael provided are excellent. That was actually what I was planning on doing. I will start by defining virtualization, hypervisors, computer ring security, the need and uses of nested virtualization, the models, etc. --[[User:Hesperus|Hesperus]] 22:14, 22 November 2010 (UTC)<br />
-------------<br />
So here my question who doing what in the group work and where should I focus my attention to do my part?- Csulliva<br />
-------------<br />
I have posted few things regarding the background concepts on the main page. I will go back and edit it today and talk about other things like: nested virtualization, the need and advantages of NV, the models, the trap and emulate model of x86 machines, computer paging which is discussed in the paper, computer ring security which again they touch on at some point in the paper. I can easily move some of the things I wrote in the theory section to the main page, but I want to consult the prof first on some of those things.<br />
<br />
One thing that I'm still unsure of is how far should we go here ? should we provide background on the hardware architecture used by the authors like the x86 family and the VMX chips, or maybe some of the concepts discussed later on in the testing such as optimization, emulation, para-virtualization ?<br />
<br />
I will speak and consult the prof today after our lecture. If other members want to help, you guys can start with the related work and see how the content of the paper compares to previous or even current research papers. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
------------------------<br />
In response to what Michael mentioned above in the background section: we should definitely talk about that, from what I understood, they apply the same model (the trap and emulate) but they provide optimizations and ways to increase the trap calls efficiency between the nested environments, so thats definitely a contribution, but its more of a performance optimization kind of contribution I guess, which is why I mentioned the optimizations in the contribution section below. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
---------------------------<br />
'''Ok, so for those who didn't attend today's lecture, the prof was nice enough to give us an extension for the paper, the due date now is Dec 2nd.''' And thats really good, given that some of those concepts require time to sort of formulate. I also asked the prof on the approach that we should follow in terms of presenting the material, and he mentioned that you need to provide enough information for each section to make your follow student understand what the paper is about without them having to actually read the paper or go through it in detail. He also mentioned the need to distill some of the details, if the paper spends a whole page explaining multi-dimensional paging, we should probably explain that in 2 small paragraphs or something.<br />
<br />
Also, we should always cite resources. If the resource is a book, we should cite the page number as well. --[[User:Hesperus|Hesperus]] 15:16, 23 November 2010 (UTC)<br />
---------------------------<br />
Yeah I am really thankful he left us with another week to do it. I am sure we all have at least 3 projects due soon, other than this Essay. I'll type up the stuff that I had highlighted for Tuesday as a break tomorrow. I was going to do it yesterday but he gave us an extension, so I slacked off a bit. I also forgot :/ --JSlonosky 23:43, 24 November 2010 (UTC)<br />
---------------------------<br />
Hey dudes. I have posted the first part of the backgrounds concept here in the discussion and on the main page as well. This is just a rough version, so I will be constantly expanding it and adding resources later on today. I have also created and added a diagram for illustration, as far as I know, we should be allowed to do this. If anyone have any suggestions to what I have posted or any counter arguments, please discuss. I will also be moving some of the stuff I wrote here (the theory section) to the main page as well.<br />
<br />
Regarding the critique, I guess the excessive amount of exits can somehow be seen as a '''scalability''' constraint, maybe making the overall design somehow too complex or difficult to get a hold of, I'm not sure about this, but just guessing from a general programming point of view. I will email the prof today, maybe he can give us some hints for what can be considered a weakness or a bad spot if you will in the paper. <br />
<br />
Also, we're still missing the sixth member of the group: Shawn Hansen. --[[User:Hesperus|Hesperus]] 06:57, 29 November 2010 (UTC)<br />
<br />
----------------------------<br />
<br />
Hey guys. I can start working on the research problem part of the essay. I'll put it up here when I have a rough version than move it to the actual article. As for the critique section, how about we put a section on the talk page here and people can add in what they thought worked/didn't work with some explanation/references, and then we can get someone/some people to combine it and put it in the essay? <br />
--[[User:Mbingham|Mbingham]] 18:13, 29 November 2010 (UTC)<br />
<br />
----------------------------<br />
<br />
Yea really, great work on the Background. It's looking slick. I added some initial edit in the Contribution and Critique but I agree lets open a thread here and All collaborate. --[[User:Praubic|Praubic]] 18:24, 30 November 2010 (UTC)<br />
----------------------------<br />
<br />
Nice man. Sorry I haven't updated with anything that I have done yet, but I'll have it up later today or tomorrow. I got both an Essay and game dev project done for tomorrow, so after 1 I will be free to work on this until it is time for 3004--JSlonosky 13:41, 30 November 2010 (UTC)<br />
<br />
----------------------------<br />
<br />
I put up an initial version of the research problem section in the article. Let me know what you guys think. --[[User:Mbingham|Mbingham]] 19:53, 30 November 2010 (UTC)<br />
<br />
----------------------------<br />
Hey guys. Since I'm working on the backgrounds concepts and Michael is handling the research problem. The other members should handle the contribution part. I think everything we need for the contribution section is in section 3 of the article (3.1, 3.2, 3.3, 3.4, 3.5). You can also make use of the things we posted here. Just to be on the safe side, we need to get this done by tomorrow's night. I'm working on a couple of definitions as we speak and will hopefully be done by tomorrow's morning.<br />
<br />
PS: We should leave the critique to the end, there should not be a lot of writing for that part and we must all contribute.<br />
<br />
--[[User:Hesperus|Hesperus]] 01:45, 1 December 2010 (UTC)<br />
-----------------------------<br />
Just posted other bits that were missing in the backgrounds concepts section like the security uses, models of virtualization and para-virtualization. They're just a rough version however. I will edit them in the next few hours.I just need to write something for protection rings and that would be it I guess.<br />
<br />
I can help with the other sections for the rest of the day, I will try to post some summaries for performance and implementation or even the related work. --[[User:Hesperus|Hesperus]] 07:26, 1 December 2010 (UTC)<br />
<br />
-----------------------------<br />
Guys, we need to get moving here.. The contribution section still needs a lot. We need to talk about their innovations and the things they did there:<br />
CPU virtualization, Memory virtualization, I/O virtualization and the Macro-optimizations.<br />
<br />
I will be posting something regarding this in the next few hours. --[[User:Hesperus|Hesperus]] 22:53, 1 December 2010 (UTC)<br />
<br />
<br />
<br />
<br />
=Paper summary=<br />
==Background Concepts and Other Stuff==<br />
<br />
<br />
<br />
<br />
<br />
<br />
===Virtualization===<br />
<br />
In essence, virtualization is creating an emulation of the underlying hardware for a guest operating system, program or a process to operate on. [1] Usually referred to as virtual machine, this emulation which includes a guest hypervisor and a virtualized environment, only gives an illusion to the guest virtual machine to make it think that its running directly on the main hardware. In other words, we can view this virtual machine as an application running on the host OS.<br />
<br />
The term virtualization has become rather broad, associated with a number of areas where this technology is used like data virtualization, storage virtualization, mobile virtualization and network virtualization. For the purposes and context of our assigned paper, we shall focus our attention on hardware virtualization within operating systems environments.<br />
<br />
====Hypervisor==== <br />
Also referred to as VMM (Virtual machine monitor), is a software module that exists one level above the supervisor and runs directly on the bare hardware to monitor the execution and behaviour of the guest virtual machines. The main task of the hypervior is to provide an emulation of the underlying hardware (CPU, memory, I/O, drivers, etc.) to the guest virtual machines and to take care of the possible issues that may rise due to the interaction of those guest virtual machines among one another, and the interaction with the host hardware and operating system. It also controls host resources.<br />
<br />
====Nested virtualization====<br />
Nested virtualization is the concept of recursively running one or more virtual machines inside one another. For instance, the main operating system (L1) runs a VM called L2, in turn, L2 runs another VM L3, L3 then runs L4 and so on.<br />
<br />
====Para-virtualization====<br />
[Coming....]<br />
<br />
<br />
===Trap and emulate model===<br />
A vitualization model based on the idea that when a guest hypervisor attempts to execute, gain or access privilged hardware context, it triggers a trap or a fault which gets handled or caught by the host hypervisor. The host hypervisor then determines whether this instruction should be allowed to execute or not. Then based on that, the host hypervisor provides an emulation of the requested outcome to the guest hypervisor. The x86 systems discussed in the Turtles Project research paper follows this model.<br />
<br />
===The uses of nested virtualization===<br />
<br />
====Compatibility====<br />
A system could provide the user with a compatibility mode for other operatng systems or applications. An example of this would<br />
be the Windows XP mode thats available in Windows 7, where Windows 7 runs Windows XP as a virtual machine.<br />
<br />
====Cloud computing====<br />
A cloud provider, more fomally referred to as Infrastructure-as-a-Service (IAAS) provider, could use nested virtualization to give the ability to customers to host their own preferred user-controlled hypervisors and run their virtual machines on the provider hardware. This way both sides can benefit, the provider can attract customers and the customer can have freedom implementing its system on the host hardware without worrying about compatibility issues.<br />
<br />
The most well known example of an IAAS provider is Amazon Web Services (AWS). AWS presents a virtualized platform for other services and web sites such as NetFlix to host their API and database on Amazon's hardware.<br />
<br />
====Security==== <br />
[Coming...]<br />
<br />
====Migration/Transfer of VMs====<br />
Nested virtualization can also be used in live migration or transfer of virtual machines in cases of upgrade or disaster <br />
recovery. Consider a scenarion where a number of virtual machines must be moved to a new hardware server for upgrade, instead of having to move each VM sepertaely, we can nest those virtual machines and their hypervisors to create one nested entity thats easier to deal with and more manageable.<br />
In the last couple of years, virtualization packages such as VMWare and VirtualBox have adapted this notion of live migration and developed their own embedded migration/transfer agents.<br />
<br />
====Testing====<br />
Using virtual machines is convenient for testing, evaluation and bechmarking purposes. Since a virtual machine is essentially<br />
a file on the host operating system, if corrupted or damaged, it can easily be removed, recreated or even restored since we can<br />
can create a snapshot of the running virtual machine.<br />
<br />
===Protection rings===<br />
[Coming....]<br />
<br />
<br />
EDIT: Just noticed that someone has put their name down to do the background concept stuff, so Munther feel free to use this as a starting point if you like.<br />
<br />
The above looks good. I thought id maybe start touching on some of the sections, so let me know what you guys think. Heres what I think would be useful to go over in the Background Concepts section:<br />
<br />
* Firstly, nested virtualization. Why we use nested virtualization (paper gives example of XP inside win 7). Maybe going over the trap and emulate model of nested virtualization.<br />
* Some of the terminology of nested virtualization. The difference between guest/host hypervisors (we're already familiar with guest/host OSs), the terminology of L0, ..., Ln with L0 being the bottom hypervisor, etc<br />
* x86 nested virtualization limitations. Single level architecture, guest/host mode, VMX instructions and how to emulate them. Some of this is in section 3.2of the paper.<br />
<br />
Again, anything else you guys think we should add would be great.<br />
<br />
Commenting some more on the above summary, under the "main contributions" part, do you think we should count the nested VMX virtualization part as a contribution? If we have multiplexing memory and multiplexing I/O as a main contribution, it would seem to make sense to have multiplexing the CPU as well, especially within the limitations of the x86 architecture. Unless they are using someone else's technique for virtualizing these instructions.--[[User:Mbingham|Mbingham]] 21:16, 22 November 2010 (UTC)<br />
==Research problem==<br />
The paper provides a solution for Nested-virtualization on x86 based computers. Their approach is software-based, meaning that, they're not really altering the underlying architecture, and this is basically the most interesting thing about the paper, since x86 computers don't support nested-virtualization in terms of hardware, but apparently they were able to do it.<br />
<br />
<br />
The goal of nested virtualization and multiple host hypervisors comes down to efficiency. Example: Virtualization on servers has been rapidly gaining popularity. The next evolution step is to extend a single level of memory management virtualization support to handle nested virtualization, which is critical for ''high performance''. [1]<br />
<br />
'''How does the concept apply to the quickly developing cloud computing?'''<br />
<br />
Cloud user manages his own virtual machine directly through a hypervisor of choice. In addition it provides increased security by hypervicsor-level intrusion detection.<br />
<br />
==Related work==<br />
<br />
Comparisons with other related/similar research and work:<br />
<br />
Refer to the following website and to the related work section in the paper regarding this section: <br />
http://www.spinics.net/lists/kvm/msg43940.html<br />
<br />
[This is a forum post by one of the authors of our assigned paper where he talks about more recent research work on virtualization, particularly in his first paragraph, he refers to some more recent research by the VMWare technical support team. He also talks about some of the research papers referred to in our assigned paper.] <br />
<br />
<br />
==Theory (Section 3.1)== <br />
<br />
Apparently, theres 2 models to applying nested-virtualization:<br />
<br />
* Multiple-level architecture support: where every hypervisor handles every other hypervisor running on top of it. For instance, if L0 (host hypervisor) runs L1. If L1 attempts to run L2, then the trap handling and the work needed to be done to allow L1 to instantiate a new VM is handled by L0. More generally, if L2 attempts to created its own VM, then L1 will handle the trap handling and such.<br />
<br />
* Single-level architecture support: This is the model supported by the x86 machines. This model is tied into the concept of "Trap and emulate", where every hypervisor tries to emulate the underlying hardware (the VMX chip in the paper implementation) and presents a fake ground for the hypervisor running on top of it (the guest hypervisor) to operate on, letting it think that he's running on the actual hardware. The idea here is that in order for a guest hypervisor to operate and gain hardware-level privileges, it evokes a fault or a trap, this trap or fault is then handled or caught by the main host hypervisor and then inspected to see if its a legitimate or appropriate command or request, if it is, the host gives privilige to the guest, again having it think that its actually running on the main bare-metal hardware.<br />
<br />
In this model, everything must go back to the main host hypervisor. Then the host hypervisor forwards the trap and virtualization specification to the above-level involved or responsible. For instance, if L0 runs L1. Then L1 attempts to run L2. Then the command to run L2 goes down to L0 and then L0 forwards this command to L1 again. This is the model we're interested in because this what x86 machines basically follow. Look at figure 1 in the paper for a better understanding of this.<br />
<br />
==Main contribution==<br />
The paper propose two new-developed techniques:<br />
* Multi-dimensional paging (for memory virtualization)<br />
* Multiple-level device management (for I/O virtualization)<br />
<br />
Other contributions:<br />
* Micro-optimizations to improve performance.<br />
<br />
==Implementation==<br />
The turtle project has four components that is crucial to its implementation.<br />
* Nested VMX virtualization for nested CPU virtualization<br />
* Multi-dimensional paging for nested MMU virtualization<br />
* Multi-level device assignment for nested I/O virtualization<br />
* Micro-Optimizations to make it go faster<br />
<br />
How does the Nest VMX virtualization work:<br />
L0(the lowest most hypervisor) runs L1 with VMCS0->1(virtual machine control structure).The VMCS is the fundamental data structure that hypervisor per pars, describing the virtual machine, which is passed along to the CPU to be executed. L1(also a hypervisor) prepares VMCS1->2 to run its own virtual machine which executes vmlaunch. vmlaunch will trap and L0 will have the handle the tape because L1 is running as a virtual machine do to the fact that L0 is using the architectural mod for a hypervisor. So in order to have multiplexing happen by making L2 run as a virtual machine of L1. So L0 merges VMCS's; VMCS0->1 merges with VMCS1->2 to become VMCS0->2(enabling L0 to run L2 directly). L0 will now launch a L2 which cause it to trap. L0 handles the trap itself or will forward it to L1 depending if it L1 virtual machines responsibility to handle.<br />
The way it handles a single L2 exit, L1 need to read and write to the VMCS disable interrupts which wouldn't normally be a problem but because it running in guest mode as a virtual machine all the operation trap leading to a signal high level L2 exit or L3 exit causes many exits(more exits less performance). Problem was corrected by making the single exit fast and reduced frequency of exits with multi-dimensional paging. In the end L1 or L0 base on the trap will finish handling it and resumes L2. this Process is repeated over again contentiously.<br />
<br />
How Multi-dimensional paging work:<br />
The main idea with n = 2 nest virtualization there are three logical translations: L2 to Virtual to physical address, from an L2 physical to L1 physical and form a L1 physical to L0 physical address. 3 levels of translations however there is only 2 MMU page table in the Hardware that called EPT; which takes virtual to physical and guest physical to host physical. They compress the 3 translations onto the two tables going from the being to end in 2 hopes instead of 3. This is done by shadow page table for the virtual machine and shadow-on-EPT. The Shadow-on-EPT compress three logical translations to two pages. The EPT tables rarely changer were the guest page table changes frequently. L0 emulates EPT for L1 and it uses EPT0->1 and EPT1->2 to construct EPT0->2. this process results in less Exits.<br />
<br />
How does I/O virtualization work:<br />
there are 3 fundamental way to virtual machine access the I/O<br />
<br />
==Performance==<br />
Two benchmarks were used: kernbench - compiles the linux kernel multiple times. SPECjbb - designed to measure server side [perofmance for Java run-time environments<br />
<br />
Overhead for nested virtualization with kernbench is 10.3% and 6.3% for Specjbb. <br />
There are two sources of overhead evident in nested virtualization. First, the transitions between L1 and L2 are slower than the transition in the lower level of the nested design (between L0 and L1). Second the code handling EXITs running on the host hypervisor such as L1 is much slower than the same code in L0.<br />
<br />
The paper outlines optimization steps to achieve the minimal overhead.<br />
<br />
1. Bypassing vmread and vmwrite instructions and directly accessing data under certain conditions. Removing the need to trap and emulate.<br />
<br />
2. Optimizing exit handling code. (the main cause of the slowdown is provided by additional exits in the exit handling code.<br />
<br />
==Critique==<br />
'''The good:'''<br />
<br />
* From what I read so far, the research showed in the paper is probably the first to achieve efficent x86 nested-virtualization without altering the hardware, relying on software-only techniques and mechanisms. They also won the Jay Lepreau best paper award.<br />
<br />
* security - being able to run other hypervisors without being detected<br />
<br />
* testing, debugging - of hypervisors<br />
<br />
'''The bad:'''<br />
<br />
* lots of exits. to be continued. (anyone whos is interested feel free to take this topic)<br />
<br />
==References==<br />
[1] http://www.haifux.org/lectures/225/ - '''Nested x86 Virtualization - Muli Ben-Yehuda'''</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:COMP_3000_Essay_2_2010_Question_9&diff=5890Talk:COMP 3000 Essay 2 2010 Question 92010-12-01T02:44:17Z<p>Csulliva: /* Implementation */</p>
<hr />
<div>=Group members=<br />
<br />
* Munther Hussain<br />
* Jonathon Slonosky<br />
* Michael Bingham<br />
* Chris Sullivan<br />
* Pawel Raubic<br />
<br />
=Group work=<br />
* Background concepts: Munther Hussain<br />
* Research problem: Michael Bingham<br />
* Contribution:<br />
* Critique:<br />
<br />
<br />
=General discussion=<br />
<br />
Hey there, this is Munther. The prof said that we should be contacting each other to see whos still on board for the course. So please<br />
if you read this, add your name to the list of members above. You can my find my contact info in my profile page by clicking my signature. We shall talk about the details and how we will approach this in the next few days --[[User:Hesperus|Hesperus]] 16:41, 12 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in -- JSlonosky<br />
<br />
----------------------<br />
<br />
Pawel has already contacted us so he still in for the course, that makes 3 of us. The other three members, please drop in and add your name. We need to confirm the members today by 1:00 pm. --[[User:Hesperus|Hesperus]] 12:18, 15 November 2010 (UTC)<br />
<br />
----------------------<br />
<br />
Checked in --[[User:Mbingham|Mbingham]] 15:08, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in --[[User:Smcilroy|Smcilroy]] 17:03, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
To the person above me (Smcilroy): I can see that you're assigned to group 7 and not this one. So did the prof move you to this group or something ? We haven't confirmed or emailed the prof yet, I will wait until 1:00 pm. --[[User:Hesperus|Hesperus]] 17:22, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
Alright, so I just emailed the prof the list of members that have checked in so far (the names listed above plus Pawel Raubic),<br />
Smcilroy: I still don't know whether you're in this group or not, though I don't see your name listed in the group assignments on the course webpage. To the other members: if you're still interested in doing the course, please drop in here and add your name or even email me, you can find my contact info in my profile page(just click my signature).<br />
<br />
Personally speaking, I find the topic of this article (The Turtle Project) to be quite interesting and approachable, in fact we've<br />
already been playing with VirtualBox and VMWare and such things, so we should be familiar with some of the concepts the article<br />
approaches like nested-virtualization, hypervisors, supervisors, etc, things that we even covered in class and we can in fact test on our machines. I've already started reading the article, hopefully tonight we'll start posting some basic ideas or concepts and talk about the article in general. I will be in tomorrow's tutorial session in the 4th floor in case some of you guys want to get to know one another. --[[User:Hesperus|Hesperus]] 18:43, 15 November 2010 (UTC)<br />
-----<br />
Yeah, it looks pretty good to me. Unfortunately, I am attending Ozzy Osbourne on the 25th, so I'd like it if we could get ourselves organized early so I can get my part done and not letting it fall on you guys. Not that I would let that happen --JSlonosky 02:51, 16 November 2010 (UTC)<br />
-----<br />
Why waste your money on that old man ? I'd love to see Halford though, I'm sure he'll do some classic Priest material, haven't checked the new record yet, but the cover looks awful, definitely the worst and most ridiculous cover of the year. Anyways, enough music talk. I think we should get it done at least on 24th, we should leave the last day to do the editing and stuff. I removed Smcilroy from the members list, I think he checked in here by mistake because I can see him in group 7. So far, we're 5, still missing one member. --[[User:Hesperus|Hesperus]] 05:36, 16 November 2010 (UTC)<br />
-----<br />
Yeah that would be pretty sweet. I figured I might as well see him when I can; Since he is going to be dead soon. How is he not already? Alright well, the other member should show up soon, or I'd guess that we are a group of 5. --JSlonosky 16:37, 16 November 2010 (UTC)<br />
<br />
-----<br />
Hey dudes. I think we need to get going here.. the paper is due in 4 days. I just did the paper intro section (provided the title, authors, research labs, links, etc.). I have read the paper twice so far and will be spending the whole day working on the background concepts and the research problem sections. <br />
<br />
I'm still not sure on how we should divide the work and sections among the members, especially regarding the research contribution and critique, I mean those sections should not be based or written from the perspective of one person, we all need to work and discuss those paper concepts together.<br />
<br />
If anyone wants to add something, then please add but don't edit or alter the already existing content. Lets try to get as many thoughts/ideas as possible and then we will edit and filter the redundancy later. And lets make sure that we add summary comments to our edits to make it easier to keep track of everything.<br />
<br />
Also, we're still missing one member: Shawn Hansen. Its weird because on last Wednesday's lab, the prof told me that he attended the lab and signed his name, so he should still be in the course. --[[User:Hesperus|Hesperus]] 18:07, 21 November 2010 (UTC)<br />
<br />
---------<br />
Yeah man. We really do need to get on this. Not going to ozzy so I got free time now. I am reading it again to refresh my memory of it and will put notes of what I think we can criticize about it and such. What kind of references do you think we will need? Similar papers etc?<br />
If you need to a hold of me. Best way is through email. jslonosk@connect.Carleton.ca. And if that is still in our group but doesn't participate, too bad for him--JSlonosky 14:42, 22 November 2010 (UTC)<br />
----------<br />
The section on the related work has all the things we need to as far as other papers go. Also, I was able to find other research papers that are not mentioned in the paper. I will definitely be adding those paper by tonight. For the time being, I will handle the background concepts. I added a group work section below to keep track of whos doing what. I should get the background concept done hopefully by tonight. If anyone want to help with the other sections that would be great, please add your name to the section you want to handle below.<br />
<br />
I added a general paper summary below just to illustrate the general idea behind each section. If anybody wants to add anything, feel free to do so. --[[User:Hesperus|Hesperus]] 18:55, 22 November 2010 (UTC)<br />
-----------<br />
I remember the prof mentioned the most important part of the paper is the Critique so we gotta focus on that altogether not just one person for sure.--[[User:Praubic|Praubic]] 19:22, 22 November 2010 (UTC)<br />
<br />
-------------<br />
Yeah absloutely, I agree. But first, lets pin down the crucial points. And then we can discuss them collectively. If anyone happens to come across what he thinks is good or bad, then you can add it below to the good/bad points. Maybe the group work idea is bad, but I just thought maybe if we each member focuses on a specific part in the beginning, we can maybe have a better overall idea of what the paper is about. --[[User:Hesperus|Hesperus]] 19:42, 22 November 2010 (UTC)<br />
--------------<br />
Ok, another thing I figured is that the paper doesn't directly hint at why nested virtualization is necessary? I posted a link in references and I'l try to research more into the purpose of nested virtualization.--[[User:Praubic|Praubic]] 19:45, 22 November 2010 (UTC)<br />
--------------<br />
Actually the paper does talk about that. Look at the first two paragraphs in the introduction section of the paper on page 1. But you're right, they don't really elaborate, I think its because its not the purpose or the aim of the paper in the first place. --[[User:Hesperus|Hesperus]] 20:31, 22 November 2010 (UTC) <br />
--------------<br />
The stuff that Michael provided are excellent. That was actually what I was planning on doing. I will start by defining virtualization, hypervisors, computer ring security, the need and uses of nested virtualization, the models, etc. --[[User:Hesperus|Hesperus]] 22:14, 22 November 2010 (UTC)<br />
-------------<br />
So here my question who doing what in the group work and where should I focus my attention to do my part?- Csulliva<br />
-------------<br />
I have posted few things regarding the background concepts on the main page. I will go back and edit it today and talk about other things like: nested virtualization, the need and advantages of NV, the models, the trap and emulate model of x86 machines, computer paging which is discussed in the paper, computer ring security which again they touch on at some point in the paper. I can easily move some of the things I wrote in the theory section to the main page, but I want to consult the prof first on some of those things.<br />
<br />
One thing that I'm still unsure of is how far should we go here ? should we provide background on the hardware architecture used by the authors like the x86 family and the VMX chips, or maybe some of the concepts discussed later on in the testing such as optimization, emulation, para-virtualization ?<br />
<br />
I will speak and consult the prof today after our lecture. If other members want to help, you guys can start with the related work and see how the content of the paper compares to previous or even current research papers. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
------------------------<br />
In response to what Michael mentioned above in the background section: we should definitely talk about that, from what I understood, they apply the same model (the trap and emulate) but they provide optimizations and ways to increase the trap calls efficiency between the nested environments, so thats definitely a contribution, but its more of a performance optimization kind of contribution I guess, which is why I mentioned the optimizations in the contribution section below. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
---------------------------<br />
'''Ok, so for those who didn't attend today's lecture, the prof was nice enough to give us an extension for the paper, the due date now is Dec 2nd.''' And thats really good, given that some of those concepts require time to sort of formulate. I also asked the prof on the approach that we should follow in terms of presenting the material, and he mentioned that you need to provide enough information for each section to make your follow student understand what the paper is about without them having to actually read the paper or go through it in detail. He also mentioned the need to distill some of the details, if the paper spends a whole page explaining multi-dimensional paging, we should probably explain that in 2 small paragraphs or something.<br />
<br />
Also, we should always cite resources. If the resource is a book, we should cite the page number as well. --[[User:Hesperus|Hesperus]] 15:16, 23 November 2010 (UTC)<br />
---------------------------<br />
Yeah I am really thankful he left us with another week to do it. I am sure we all have at least 3 projects due soon, other than this Essay. I'll type up the stuff that I had highlighted for Tuesday as a break tomorrow. I was going to do it yesterday but he gave us an extension, so I slacked off a bit. I also forgot :/ --JSlonosky 23:43, 24 November 2010 (UTC)<br />
---------------------------<br />
Hey dudes. I have posted the first part of the backgrounds concept here in the discussion and on the main page as well. This is just a rough version, so I will be constantly expanding it and adding resources later on today. I have also created and added a diagram for illustration, as far as I know, we should be allowed to do this. If anyone have any suggestions to what I have posted or any counter arguments, please discuss. I will also be moving some of the stuff I wrote here (the theory section) to the main page as well.<br />
<br />
Regarding the critique, I guess the excessive amount of exits can somehow be seen as a '''scalability''' constraint, maybe making the overall design somehow too complex or difficult to get a hold of, I'm not sure about this, but just guessing from a general programming point of view. I will email the prof today, maybe he can give us some hints for what can be considered a weakness or a bad spot if you will in the paper. <br />
<br />
Also, we're still missing the sixth member of the group: Shawn Hansen. --[[User:Hesperus|Hesperus]] 06:57, 29 November 2010 (UTC)<br />
<br />
----------------------------<br />
<br />
Hey guys. I can start working on the research problem part of the essay. I'll put it up here when I have a rough version than move it to the actual article. As for the critique section, how about we put a section on the talk page here and people can add in what they thought worked/didn't work with some explanation/references, and then we can get someone/some people to combine it and put it in the essay? <br />
--[[User:Mbingham|Mbingham]] 18:13, 29 November 2010 (UTC)<br />
<br />
----------------------------<br />
<br />
Yea really, great work on the Background. It's looking slick. I added some initial edit in the Contribution and Critique but I agree lets open a thread here and All collaborate. --[[User:Praubic|Praubic]] 18:24, 30 November 2010 (UTC)<br />
----------------------------<br />
<br />
Nice man. Sorry I haven't updated with anything that I have done yet, but I'll have it up later today or tomorrow. I got both an Essay and game dev project done for tomorrow, so after 1 I will be free to work on this until it is time for 3004--JSlonosky 13:41, 30 November 2010 (UTC)<br />
<br />
----------------------------<br />
<br />
I put up an initial version of the research problem section in the article. Let me know what you guys think. --[[User:Mbingham|Mbingham]] 19:53, 30 November 2010 (UTC)<br />
<br />
----------------------------<br />
Hey guys. Since I'm working on the backgrounds concepts and Michael is handling the research problem. The other member should handle the contribution part. I think everything we need for the contribution section is in section 3 of the article (3.1, 3.2, 3.3, 3.4, 3.5). You can also make use of the things we posted here. Just to be on the safe side, we need to get this done by tomorrow's night. I'm working on a couple of definitions as we speak and will hopefully be done by tomorrow's morning.<br />
<br />
PS: We should leave the critique to the end, there should not be a lot of writing for that part and we must all contribute.<br />
<br />
--[[User:Hesperus|Hesperus]] 01:45, 1 December 2010 (UTC)<br />
-----------------------------<br />
<br />
<br />
<br />
<br />
=Paper summary=<br />
==Background Concepts and Other Stuff==<br />
<br />
<br />
<br />
<br />
<br />
<br />
===Virtualization===<br />
<br />
In essence, virtualization is creating an emulation of the underlying hardware for a guest operating system, program or a process to operate on. [1] Usually referred to as virtual machine, this emulation which includes a guest hypervisor and a virtualized environment, only gives an illusion to the guest virtual machine to make it think that its running directly on the main hardware. In other words, we can view this virtual machine as an application running on the host OS.<br />
<br />
The term virtualization has become rather broad, associated with a number of areas where this technology is used like data virtualization, storage virtualization, mobile virtualization and network virtualization. For the purposes and context of our assigned paper, we shall focus our attention on hardware virtualization within operating systems environments.<br />
<br />
====Hypervisor==== <br />
Also referred to as VMM (Virtual machine monitor), is a software module that exists one level above the supervisor and runs directly on the bare hardware to monitor the execution and behaviour of the guest virtual machines. The main task of the hypervior is to provide an emulation of the underlying hardware (CPU, memory, I/O, drivers, etc.) to the guest virtual machines and to take care of the possible issues that may rise due to the interaction of those guest virtual machines among one another, and the interaction with the host hardware and operating system. It also controls host resources.<br />
<br />
====Nested virtualization====<br />
Nested virtualization is the concept of recursively running one or more virtual machines inside one another. For instance, the main operating system (L1) runs a VM called L2, in turn, L2 runs another VM L3, L3 then runs L4 and so on.<br />
<br />
====Para-virtualization====<br />
[Coming....]<br />
<br />
<br />
===Trap and emulate model===<br />
A vitualization model based on the idea that when a guest hypervisor attempts to execute, gain or access privilged hardware context, it triggers a trap or a fault which gets handled or caught by the host hypervisor. The host hypervisor then determines whether this instruction should be allowed to execute or not. Then based on that, the host hypervisor provides an emulation of the requested outcome to the guest hypervisor. The x86 systems discussed in the Turtles Project research paper follows this model.<br />
<br />
===The uses of nested virtualization===<br />
<br />
====Compatibility====<br />
A system could provide the user with a compatibility mode for other operatng systems or applications. An example of this would<br />
be the Windows XP mode thats available in Windows 7, where Windows 7 runs Windows XP as a virtual machine.<br />
<br />
====Cloud computing====<br />
A cloud provider, more fomally referred to as Infrastructure-as-a-Service (IAAS) provider, could use nested virtualization to give the ability to customers to host their own preferred user-controlled hypervisors and run their virtual machines on the provider hardware. This way both sides can benefit, the provider can attract customers and the customer can have freedom implementing its system on the host hardware without worrying about compatibility issues.<br />
<br />
The most well known example of an IAAS provider is Amazon Web Services (AWS). AWS presents a virtualized platform for other services and web sites such as NetFlix to host their API and database on Amazon's hardware.<br />
<br />
====Security==== <br />
[Coming...]<br />
<br />
====Migration/Transfer of VMs====<br />
Nested virtualization can also be used in live migration or transfer of virtual machines in cases of upgrade or disaster <br />
recovery. Consider a scenarion where a number of virtual machines must be moved to a new hardware server for upgrade, instead of having to move each VM sepertaely, we can nest those virtual machines and their hypervisors to create one nested entity thats easier to deal with and more manageable.<br />
In the last couple of years, virtualization packages such as VMWare and VirtualBox have adapted this notion of live migration and developed their own embedded migration/transfer agents.<br />
<br />
====Testing====<br />
Using virtual machines is convenient for testing, evaluation and bechmarking purposes. Since a virtual machine is essentially<br />
a file on the host operating system, if corrupted or damaged, it can easily be removed, recreated or even restored since we can<br />
can create a snapshot of the running virtual machine.<br />
<br />
===Protection rings===<br />
[Coming....]<br />
<br />
<br />
EDIT: Just noticed that someone has put their name down to do the background concept stuff, so Munther feel free to use this as a starting point if you like.<br />
<br />
The above looks good. I thought id maybe start touching on some of the sections, so let me know what you guys think. Heres what I think would be useful to go over in the Background Concepts section:<br />
<br />
* Firstly, nested virtualization. Why we use nested virtualization (paper gives example of XP inside win 7). Maybe going over the trap and emulate model of nested virtualization.<br />
* Some of the terminology of nested virtualization. The difference between guest/host hypervisors (we're already familiar with guest/host OSs), the terminology of L0, ..., Ln with L0 being the bottom hypervisor, etc<br />
* x86 nested virtualization limitations. Single level architecture, guest/host mode, VMX instructions and how to emulate them. Some of this is in section 3.2of the paper.<br />
<br />
Again, anything else you guys think we should add would be great.<br />
<br />
Commenting some more on the above summary, under the "main contributions" part, do you think we should count the nested VMX virtualization part as a contribution? If we have multiplexing memory and multiplexing I/O as a main contribution, it would seem to make sense to have multiplexing the CPU as well, especially within the limitations of the x86 architecture. Unless they are using someone else's technique for virtualizing these instructions.--[[User:Mbingham|Mbingham]] 21:16, 22 November 2010 (UTC)<br />
==Research problem==<br />
The paper provides a solution for Nested-virtualization on x86 based computers. Their approach is software-based, meaning that, they're not really altering the underlying architecture, and this is basically the most interesting thing about the paper, since x86 computers don't support nested-virtualization in terms of hardware, but apparently they were able to do it.<br />
<br />
<br />
The goal of nested virtualization and multiple host hypervisors comes down to efficiency. Example: Virtualization on servers has been rapidly gaining popularity. The next evolution step is to extend a single level of memory management virtualization support to handle nested virtualization, which is critical for ''high performance''. [1]<br />
<br />
'''How does the concept apply to the quickly developing cloud computing?'''<br />
<br />
Cloud user manages his own virtual machine directly through a hypervisor of choice. In addition it provides increased security by hypervicsor-level intrusion detection.<br />
<br />
==Related work==<br />
<br />
Comparisons with other related/similar research and work:<br />
<br />
Refer to the following website and to the related work section in the paper regarding this section: <br />
http://www.spinics.net/lists/kvm/msg43940.html<br />
<br />
[This is a forum post by one of the authors of our assigned paper where he talks about more recent research work on virtualization, particularly in his first paragraph, he refers to some more recent research by the VMWare technical support team. He also talks about some of the research papers referred to in our assigned paper.] <br />
<br />
<br />
==Theory (Section 3.1)== <br />
<br />
Apparently, theres 2 models to applying nested-virtualization:<br />
<br />
* Multiple-level architecture support: where every hypervisor handles every other hypervisor running on top of it. For instance, if L0 (host hypervisor) runs L1. If L1 attempts to run L2, then the trap handling and the work needed to be done to allow L1 to instantiate a new VM is handled by L0. More generally, if L2 attempts to created its own VM, then L1 will handle the trap handling and such.<br />
<br />
* Single-level architecture support: This is the model supported by the x86 machines. This model is tied into the concept of "Trap and emulate", where every hypervisor tries to emulate the underlying hardware (the VMX chip in the paper implementation) and presents a fake ground for the hypervisor running on top of it (the guest hypervisor) to operate on, letting it think that he's running on the actual hardware. The idea here is that in order for a guest hypervisor to operate and gain hardware-level privileges, it evokes a fault or a trap, this trap or fault is then handled or caught by the main host hypervisor and then inspected to see if its a legitimate or appropriate command or request, if it is, the host gives privilige to the guest, again having it think that its actually running on the main bare-metal hardware.<br />
<br />
In this model, everything must go back to the main host hypervisor. Then the host hypervisor forwards the trap and virtualization specification to the above-level involved or responsible. For instance, if L0 runs L1. Then L1 attempts to run L2. Then the command to run L2 goes down to L0 and then L0 forwards this command to L1 again. This is the model we're interested in because this what x86 machines basically follow. Look at figure 1 in the paper for a better understanding of this.<br />
<br />
==Main contribution==<br />
The paper propose two new-developed techniques:<br />
* Multi-dimensional paging (for memory virtualization)<br />
* Multiple-level device management (for I/O virtualization)<br />
<br />
Other contributions:<br />
* Micro-optimizations to improve performance.<br />
<br />
==Implementation==<br />
The turtle project has four components that is crucial to its implementation.<br />
* Nested VMX virtualization for nested CPU virtualization<br />
* Multi-dimensional paging for nested MMU virtualization<br />
* Multi-level device assignment for nested I/O virtualization<br />
* Micro-Optimizations to make it go faster<br />
<br />
How does the Nest VMX virtualization work:<br />
L0(the lowest most hypervisor) runs L1 with VMCS0->1(virtual machine control structure).The VMCS is the fundamental data structure that hypervisor per pars, describing the virtual machine, which is passed along to the CPU to be executed. L1(also a hypervisor) prepares VMCS1->2 to run its own virtual machine which executes vmlaunch. vmlaunch will trap and L0 will have the handle the tape because L1 is running as a virtual machine do to the fact that L0 is using the architectural mod for a hypervisor. So in order to have multiplexing happen by making L2 run as a virtual machine of L1. So L0 merges VMCS's; VMCS0->1 merges with VMCS1->2 to become VMCS0->2(enabling L0 to run L2 directly). L0 will now launch a L2 which cause it to trap. L0 handles the trap itself or will forward it to L1 depending if it L1 virtual machines responsibility to handle.<br />
The way it handles a single L2 exit, L1 need to read and write to the VMCS disable interrupts which wouldn't normally be a problem but because it running in guest mode as a virtual machine all the operation trap leading to a signal high level L2 exit or L3 exit causes many exits(more exits less performance). Problem was corrected by making the single exit fast and reduced frequency of exits with multi-dimensional paging. In the end L1 or L0 base on the trap will finish handling it and resumes L2. this Process is repeated over again contentiously.<br />
<br />
How Multi-dimensional paging work:<br />
The main idea with n = 2 nest virtualization there are three logical translations: L2 to Virtual to physical address, from an L2 physical to L1 physical and form a L1 physical to L0 physical address. 3 levels of translations however there is only 2 MMU page table in the Hardware that called EPT; which takes virtual to physical and guest physical to host physical. They compress the 3 translations onto the two tables going from the being to end in 2 hopes instead of 3. This is done by shadow page table and shadow-on-EPT<br />
<br />
==Performance==<br />
Two benchmarks were used: kernbench - compiles the linux kernel multiple times. SPECjbb - designed to measure server side [perofmance for Java run-time environments<br />
<br />
Overhead for nested virtualization with kernbench is 10.3% and 6.3% for Specjbb. <br />
There are two sources of overhead evident in nested virtualization. First, the transitions between L1 and L2 are slower than the transition in the lower level of the nested design (between L0 and L1). Second the code handling EXITs running on the host hypervisor such as L1 is much slower than the same code in L0.<br />
<br />
The paper outlines optimization steps to achieve the minimal overhead.<br />
<br />
1. Bypassing vmread and vmwrite instructions and directly accessing data under certain conditions. Removing the need to trap and emulate.<br />
<br />
2. Optimizing exit handling code. (the main cause of the slowdown is provided by additional exits in the exit handling code.<br />
<br />
==Critique==<br />
'''The good:'''<br />
<br />
* From what I read so far, the research showed in the paper is probably the first to achieve efficent x86 nested-virtualization without altering the hardware, relying on software-only techniques and mechanisms. They also won the Jay Lepreau best paper award.<br />
<br />
* security - being able to run other hypervisors without being detected<br />
<br />
* testing, debugging - of hypervisors<br />
<br />
'''The bad:'''<br />
<br />
* lots of exits. to be continued. (anyone whos is interested feel free to take this topic)<br />
<br />
==References==<br />
[1] http://www.haifux.org/lectures/225/ - '''Nested x86 Virtualization - Muli Ben-Yehuda'''</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:COMP_3000_Essay_2_2010_Question_9&diff=5879Talk:COMP 3000 Essay 2 2010 Question 92010-12-01T02:24:24Z<p>Csulliva: /* Implementation */</p>
<hr />
<div>=Group members=<br />
<br />
* Munther Hussain<br />
* Jonathon Slonosky<br />
* Michael Bingham<br />
* Chris Sullivan<br />
* Pawel Raubic<br />
<br />
=Group work=<br />
* Background concepts: Munther Hussain<br />
* Research problem: Michael Bingham<br />
* Contribution:<br />
* Critique:<br />
<br />
<br />
=General discussion=<br />
<br />
Hey there, this is Munther. The prof said that we should be contacting each other to see whos still on board for the course. So please<br />
if you read this, add your name to the list of members above. You can my find my contact info in my profile page by clicking my signature. We shall talk about the details and how we will approach this in the next few days --[[User:Hesperus|Hesperus]] 16:41, 12 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in -- JSlonosky<br />
<br />
----------------------<br />
<br />
Pawel has already contacted us so he still in for the course, that makes 3 of us. The other three members, please drop in and add your name. We need to confirm the members today by 1:00 pm. --[[User:Hesperus|Hesperus]] 12:18, 15 November 2010 (UTC)<br />
<br />
----------------------<br />
<br />
Checked in --[[User:Mbingham|Mbingham]] 15:08, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in --[[User:Smcilroy|Smcilroy]] 17:03, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
To the person above me (Smcilroy): I can see that you're assigned to group 7 and not this one. So did the prof move you to this group or something ? We haven't confirmed or emailed the prof yet, I will wait until 1:00 pm. --[[User:Hesperus|Hesperus]] 17:22, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
Alright, so I just emailed the prof the list of members that have checked in so far (the names listed above plus Pawel Raubic),<br />
Smcilroy: I still don't know whether you're in this group or not, though I don't see your name listed in the group assignments on the course webpage. To the other members: if you're still interested in doing the course, please drop in here and add your name or even email me, you can find my contact info in my profile page(just click my signature).<br />
<br />
Personally speaking, I find the topic of this article (The Turtle Project) to be quite interesting and approachable, in fact we've<br />
already been playing with VirtualBox and VMWare and such things, so we should be familiar with some of the concepts the article<br />
approaches like nested-virtualization, hypervisors, supervisors, etc, things that we even covered in class and we can in fact test on our machines. I've already started reading the article, hopefully tonight we'll start posting some basic ideas or concepts and talk about the article in general. I will be in tomorrow's tutorial session in the 4th floor in case some of you guys want to get to know one another. --[[User:Hesperus|Hesperus]] 18:43, 15 November 2010 (UTC)<br />
-----<br />
Yeah, it looks pretty good to me. Unfortunately, I am attending Ozzy Osbourne on the 25th, so I'd like it if we could get ourselves organized early so I can get my part done and not letting it fall on you guys. Not that I would let that happen --JSlonosky 02:51, 16 November 2010 (UTC)<br />
-----<br />
Why waste your money on that old man ? I'd love to see Halford though, I'm sure he'll do some classic Priest material, haven't checked the new record yet, but the cover looks awful, definitely the worst and most ridiculous cover of the year. Anyways, enough music talk. I think we should get it done at least on 24th, we should leave the last day to do the editing and stuff. I removed Smcilroy from the members list, I think he checked in here by mistake because I can see him in group 7. So far, we're 5, still missing one member. --[[User:Hesperus|Hesperus]] 05:36, 16 November 2010 (UTC)<br />
-----<br />
Yeah that would be pretty sweet. I figured I might as well see him when I can; Since he is going to be dead soon. How is he not already? Alright well, the other member should show up soon, or I'd guess that we are a group of 5. --JSlonosky 16:37, 16 November 2010 (UTC)<br />
<br />
-----<br />
Hey dudes. I think we need to get going here.. the paper is due in 4 days. I just did the paper intro section (provided the title, authors, research labs, links, etc.). I have read the paper twice so far and will be spending the whole day working on the background concepts and the research problem sections. <br />
<br />
I'm still not sure on how we should divide the work and sections among the members, especially regarding the research contribution and critique, I mean those sections should not be based or written from the perspective of one person, we all need to work and discuss those paper concepts together.<br />
<br />
If anyone wants to add something, then please add but don't edit or alter the already existing content. Lets try to get as many thoughts/ideas as possible and then we will edit and filter the redundancy later. And lets make sure that we add summary comments to our edits to make it easier to keep track of everything.<br />
<br />
Also, we're still missing one member: Shawn Hansen. Its weird because on last Wednesday's lab, the prof told me that he attended the lab and signed his name, so he should still be in the course. --[[User:Hesperus|Hesperus]] 18:07, 21 November 2010 (UTC)<br />
<br />
---------<br />
Yeah man. We really do need to get on this. Not going to ozzy so I got free time now. I am reading it again to refresh my memory of it and will put notes of what I think we can criticize about it and such. What kind of references do you think we will need? Similar papers etc?<br />
If you need to a hold of me. Best way is through email. jslonosk@connect.Carleton.ca. And if that is still in our group but doesn't participate, too bad for him--JSlonosky 14:42, 22 November 2010 (UTC)<br />
----------<br />
The section on the related work has all the things we need to as far as other papers go. Also, I was able to find other research papers that are not mentioned in the paper. I will definitely be adding those paper by tonight. For the time being, I will handle the background concepts. I added a group work section below to keep track of whos doing what. I should get the background concept done hopefully by tonight. If anyone want to help with the other sections that would be great, please add your name to the section you want to handle below.<br />
<br />
I added a general paper summary below just to illustrate the general idea behind each section. If anybody wants to add anything, feel free to do so. --[[User:Hesperus|Hesperus]] 18:55, 22 November 2010 (UTC)<br />
-----------<br />
I remember the prof mentioned the most important part of the paper is the Critique so we gotta focus on that altogether not just one person for sure.--[[User:Praubic|Praubic]] 19:22, 22 November 2010 (UTC)<br />
<br />
-------------<br />
Yeah absloutely, I agree. But first, lets pin down the crucial points. And then we can discuss them collectively. If anyone happens to come across what he thinks is good or bad, then you can add it below to the good/bad points. Maybe the group work idea is bad, but I just thought maybe if we each member focuses on a specific part in the beginning, we can maybe have a better overall idea of what the paper is about. --[[User:Hesperus|Hesperus]] 19:42, 22 November 2010 (UTC)<br />
--------------<br />
Ok, another thing I figured is that the paper doesn't directly hint at why nested virtualization is necessary? I posted a link in references and I'l try to research more into the purpose of nested virtualization.--[[User:Praubic|Praubic]] 19:45, 22 November 2010 (UTC)<br />
--------------<br />
Actually the paper does talk about that. Look at the first two paragraphs in the introduction section of the paper on page 1. But you're right, they don't really elaborate, I think its because its not the purpose or the aim of the paper in the first place. --[[User:Hesperus|Hesperus]] 20:31, 22 November 2010 (UTC) <br />
--------------<br />
The stuff that Michael provided are excellent. That was actually what I was planning on doing. I will start by defining virtualization, hypervisors, computer ring security, the need and uses of nested virtualization, the models, etc. --[[User:Hesperus|Hesperus]] 22:14, 22 November 2010 (UTC)<br />
-------------<br />
So here my question who doing what in the group work and where should I focus my attention to do my part?- Csulliva<br />
-------------<br />
I have posted few things regarding the background concepts on the main page. I will go back and edit it today and talk about other things like: nested virtualization, the need and advantages of NV, the models, the trap and emulate model of x86 machines, computer paging which is discussed in the paper, computer ring security which again they touch on at some point in the paper. I can easily move some of the things I wrote in the theory section to the main page, but I want to consult the prof first on some of those things.<br />
<br />
One thing that I'm still unsure of is how far should we go here ? should we provide background on the hardware architecture used by the authors like the x86 family and the VMX chips, or maybe some of the concepts discussed later on in the testing such as optimization, emulation, para-virtualization ?<br />
<br />
I will speak and consult the prof today after our lecture. If other members want to help, you guys can start with the related work and see how the content of the paper compares to previous or even current research papers. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
------------------------<br />
In response to what Michael mentioned above in the background section: we should definitely talk about that, from what I understood, they apply the same model (the trap and emulate) but they provide optimizations and ways to increase the trap calls efficiency between the nested environments, so thats definitely a contribution, but its more of a performance optimization kind of contribution I guess, which is why I mentioned the optimizations in the contribution section below. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
---------------------------<br />
'''Ok, so for those who didn't attend today's lecture, the prof was nice enough to give us an extension for the paper, the due date now is Dec 2nd.''' And thats really good, given that some of those concepts require time to sort of formulate. I also asked the prof on the approach that we should follow in terms of presenting the material, and he mentioned that you need to provide enough information for each section to make your follow student understand what the paper is about without them having to actually read the paper or go through it in detail. He also mentioned the need to distill some of the details, if the paper spends a whole page explaining multi-dimensional paging, we should probably explain that in 2 small paragraphs or something.<br />
<br />
Also, we should always cite resources. If the resource is a book, we should cite the page number as well. --[[User:Hesperus|Hesperus]] 15:16, 23 November 2010 (UTC)<br />
---------------------------<br />
Yeah I am really thankful he left us with another week to do it. I am sure we all have at least 3 projects due soon, other than this Essay. I'll type up the stuff that I had highlighted for Tuesday as a break tomorrow. I was going to do it yesterday but he gave us an extension, so I slacked off a bit. I also forgot :/ --JSlonosky 23:43, 24 November 2010 (UTC)<br />
---------------------------<br />
Hey dudes. I have posted the first part of the backgrounds concept here in the discussion and on the main page as well. This is just a rough version, so I will be constantly expanding it and adding resources later on today. I have also created and added a diagram for illustration, as far as I know, we should be allowed to do this. If anyone have any suggestions to what I have posted or any counter arguments, please discuss. I will also be moving some of the stuff I wrote here (the theory section) to the main page as well.<br />
<br />
Regarding the critique, I guess the excessive amount of exits can somehow be seen as a '''scalability''' constraint, maybe making the overall design somehow too complex or difficult to get a hold of, I'm not sure about this, but just guessing from a general programming point of view. I will email the prof today, maybe he can give us some hints for what can be considered a weakness or a bad spot if you will in the paper. <br />
<br />
Also, we're still missing the sixth member of the group: Shawn Hansen. --[[User:Hesperus|Hesperus]] 06:57, 29 November 2010 (UTC)<br />
<br />
----------------------------<br />
<br />
Hey guys. I can start working on the research problem part of the essay. I'll put it up here when I have a rough version than move it to the actual article. As for the critique section, how about we put a section on the talk page here and people can add in what they thought worked/didn't work with some explanation/references, and then we can get someone/some people to combine it and put it in the essay? <br />
--[[User:Mbingham|Mbingham]] 18:13, 29 November 2010 (UTC)<br />
<br />
----------------------------<br />
<br />
Yea really, great work on the Background. It's looking slick. I added some initial edit in the Contribution and Critique but I agree lets open a thread here and All collaborate. --[[User:Praubic|Praubic]] 18:24, 30 November 2010 (UTC)<br />
----------------------------<br />
<br />
Nice man. Sorry I haven't updated with anything that I have done yet, but I'll have it up later today or tomorrow. I got both an Essay and game dev project done for tomorrow, so after 1 I will be free to work on this until it is time for 3004--JSlonosky 13:41, 30 November 2010 (UTC)<br />
<br />
----------------------------<br />
<br />
I put up an initial version of the research problem section in the article. Let me know what you guys think. --[[User:Mbingham|Mbingham]] 19:53, 30 November 2010 (UTC)<br />
<br />
----------------------------<br />
Hey guys. Since I'm working on the backgrounds concepts and Michael is handling the research problem. The other member should handle the contribution part. I think everything we need for the contribution section is in section 3 of the article (3.1, 3.2, 3.3, 3.4, 3.5). You can also make use of the things we posted here. Just to be on the safe side, we need to get this done by tomorrow's night. I'm working on a couple of definitions as we speak and will hopefully be done by tomorrow's morning.<br />
<br />
PS: We should leave the critique to the end, there should not be a lot of writing for that part and we must all contribute.<br />
<br />
--[[User:Hesperus|Hesperus]] 01:45, 1 December 2010 (UTC)<br />
-----------------------------<br />
<br />
<br />
<br />
<br />
=Paper summary=<br />
==Background Concepts and Other Stuff==<br />
<br />
<br />
<br />
<br />
<br />
<br />
===Virtualization===<br />
<br />
In essence, virtualization is creating an emulation of the underlying hardware for a guest operating system, program or a process to operate on. [1] Usually referred to as virtual machine, this emulation which includes a guest hypervisor and a virtualized environment, only gives an illusion to the guest virtual machine to make it think that its running directly on the main hardware. In other words, we can view this virtual machine as an application running on the host OS.<br />
<br />
The term virtualization has become rather broad, associated with a number of areas where this technology is used like data virtualization, storage virtualization, mobile virtualization and network virtualization. For the purposes and context of our assigned paper, we shall focus our attention on hardware virtualization within operating systems environments.<br />
<br />
====Hypervisor==== <br />
Also referred to as VMM (Virtual machine monitor), is a software module that exists one level above the supervisor and runs directly on the bare hardware to monitor the execution and behaviour of the guest virtual machines. The main task of the hypervior is to provide an emulation of the underlying hardware (CPU, memory, I/O, drivers, etc.) to the guest virtual machines and to take care of the possible issues that may rise due to the interaction of those guest virtual machines among one another, and the interaction with the host hardware and operating system. It also controls host resources.<br />
<br />
====Nested virtualization====<br />
Nested virtualization is the concept of recursively running one or more virtual machines inside one another. For instance, the main operating system (L1) runs a VM called L2, in turn, L2 runs another VM L3, L3 then runs L4 and so on.<br />
<br />
====Para-virtualization====<br />
[Coming....]<br />
<br />
<br />
===Trap and emulate model===<br />
A vitualization model based on the idea that when a guest hypervisor attempts to execute, gain or access privilged hardware context, it triggers a trap or a fault which gets handled or caught by the host hypervisor. The host hypervisor then determines whether this instruction should be allowed to execute or not. Then based on that, the host hypervisor provides an emulation of the requested outcome to the guest hypervisor. The x86 systems discussed in the Turtles Project research paper follows this model.<br />
<br />
===The uses of nested virtualization===<br />
<br />
====Compatibility====<br />
A system could provide the user with a compatibility mode for other operatng systems or applications. An example of this would<br />
be the Windows XP mode thats available in Windows 7, where Windows 7 runs Windows XP as a virtual machine.<br />
<br />
====Cloud computing====<br />
A cloud provider, more fomally referred to as Infrastructure-as-a-Service (IAAS) provider, could use nested virtualization to give the ability to customers to host their own preferred user-controlled hypervisors and run their virtual machines on the provider hardware. This way both sides can benefit, the provider can attract customers and the customer can have freedom implementing its system on the host hardware without worrying about compatibility issues.<br />
<br />
The most well known example of an IAAS provider is Amazon Web Services (AWS). AWS presents a virtualized platform for other services and web sites such as NetFlix to host their API and database on Amazon's hardware.<br />
<br />
====Security==== <br />
[Coming...]<br />
<br />
====Migration/Transfer of VMs====<br />
Nested virtualization can also be used in live migration or transfer of virtual machines in cases of upgrade or disaster <br />
recovery. Consider a scenarion where a number of virtual machines must be moved to a new hardware server for upgrade, instead of having to move each VM sepertaely, we can nest those virtual machines and their hypervisors to create one nested entity thats easier to deal with and more manageable.<br />
In the last couple of years, virtualization packages such as VMWare and VirtualBox have adapted this notion of live migration and developed their own embedded migration/transfer agents.<br />
<br />
====Testing====<br />
Using virtual machines is convenient for testing, evaluation and bechmarking purposes. Since a virtual machine is essentially<br />
a file on the host operating system, if corrupted or damaged, it can easily be removed, recreated or even restored since we can<br />
can create a snapshot of the running virtual machine.<br />
<br />
===Protection rings===<br />
[Coming....]<br />
<br />
<br />
EDIT: Just noticed that someone has put their name down to do the background concept stuff, so Munther feel free to use this as a starting point if you like.<br />
<br />
The above looks good. I thought id maybe start touching on some of the sections, so let me know what you guys think. Heres what I think would be useful to go over in the Background Concepts section:<br />
<br />
* Firstly, nested virtualization. Why we use nested virtualization (paper gives example of XP inside win 7). Maybe going over the trap and emulate model of nested virtualization.<br />
* Some of the terminology of nested virtualization. The difference between guest/host hypervisors (we're already familiar with guest/host OSs), the terminology of L0, ..., Ln with L0 being the bottom hypervisor, etc<br />
* x86 nested virtualization limitations. Single level architecture, guest/host mode, VMX instructions and how to emulate them. Some of this is in section 3.2of the paper.<br />
<br />
Again, anything else you guys think we should add would be great.<br />
<br />
Commenting some more on the above summary, under the "main contributions" part, do you think we should count the nested VMX virtualization part as a contribution? If we have multiplexing memory and multiplexing I/O as a main contribution, it would seem to make sense to have multiplexing the CPU as well, especially within the limitations of the x86 architecture. Unless they are using someone else's technique for virtualizing these instructions.--[[User:Mbingham|Mbingham]] 21:16, 22 November 2010 (UTC)<br />
==Research problem==<br />
The paper provides a solution for Nested-virtualization on x86 based computers. Their approach is software-based, meaning that, they're not really altering the underlying architecture, and this is basically the most interesting thing about the paper, since x86 computers don't support nested-virtualization in terms of hardware, but apparently they were able to do it.<br />
<br />
<br />
The goal of nested virtualization and multiple host hypervisors comes down to efficiency. Example: Virtualization on servers has been rapidly gaining popularity. The next evolution step is to extend a single level of memory management virtualization support to handle nested virtualization, which is critical for ''high performance''. [1]<br />
<br />
'''How does the concept apply to the quickly developing cloud computing?'''<br />
<br />
Cloud user manages his own virtual machine directly through a hypervisor of choice. In addition it provides increased security by hypervicsor-level intrusion detection.<br />
<br />
==Related work==<br />
<br />
Comparisons with other related/similar research and work:<br />
<br />
Refer to the following website and to the related work section in the paper regarding this section: <br />
http://www.spinics.net/lists/kvm/msg43940.html<br />
<br />
[This is a forum post by one of the authors of our assigned paper where he talks about more recent research work on virtualization, particularly in his first paragraph, he refers to some more recent research by the VMWare technical support team. He also talks about some of the research papers referred to in our assigned paper.] <br />
<br />
<br />
==Theory (Section 3.1)== <br />
<br />
Apparently, theres 2 models to applying nested-virtualization:<br />
<br />
* Multiple-level architecture support: where every hypervisor handles every other hypervisor running on top of it. For instance, if L0 (host hypervisor) runs L1. If L1 attempts to run L2, then the trap handling and the work needed to be done to allow L1 to instantiate a new VM is handled by L0. More generally, if L2 attempts to created its own VM, then L1 will handle the trap handling and such.<br />
<br />
* Single-level architecture support: This is the model supported by the x86 machines. This model is tied into the concept of "Trap and emulate", where every hypervisor tries to emulate the underlying hardware (the VMX chip in the paper implementation) and presents a fake ground for the hypervisor running on top of it (the guest hypervisor) to operate on, letting it think that he's running on the actual hardware. The idea here is that in order for a guest hypervisor to operate and gain hardware-level privileges, it evokes a fault or a trap, this trap or fault is then handled or caught by the main host hypervisor and then inspected to see if its a legitimate or appropriate command or request, if it is, the host gives privilige to the guest, again having it think that its actually running on the main bare-metal hardware.<br />
<br />
In this model, everything must go back to the main host hypervisor. Then the host hypervisor forwards the trap and virtualization specification to the above-level involved or responsible. For instance, if L0 runs L1. Then L1 attempts to run L2. Then the command to run L2 goes down to L0 and then L0 forwards this command to L1 again. This is the model we're interested in because this what x86 machines basically follow. Look at figure 1 in the paper for a better understanding of this.<br />
<br />
==Main contribution==<br />
The paper propose two new-developed techniques:<br />
* Multi-dimensional paging (for memory virtualization)<br />
* Multiple-level device management (for I/O virtualization)<br />
<br />
Other contributions:<br />
* Micro-optimizations to improve performance.<br />
<br />
==Implementation==<br />
The turtle project has four components that is crucial to its implementation.<br />
* Nested VMX virtualization for nested CPU virtualization<br />
* Multi-dimensional paging for nested MMU virtualization<br />
* Multi-level device assignment for nested I/O virtualization<br />
* Micro-Optimizations to make it go faster<br />
<br />
How does the Nest VMX virtualization work:<br />
L0(the lowest most hypervisor) runs L1 with VMCS0->1(virtual machine control structure).The VMCS is the fundamental data structure that hypervisor per pars, describing the virtual machine, which is passed along to the CPU to be executed. L1(also a hypervisor) prepares VMCS1->2 to run its own virtual machine which executes vmlaunch. vmlaunch will trap and L0 will have the handle the tape because L1 is running as a virtual machine do to the fact that L0 is using the architectural mod for a hypervisor. So in order to have multiplexing happen by making L2 run as a virtual machine of L1. So L0 merges VMCS's; VMCS0->1 merges with VMCS1->2 to become VMCS0->2(enabling L0 to run L2 directly). L0 will now launch a L2 which cause it to trap. L0 handles the trap itself or will forward it to L1 depending if it L1 virtual machines responsibility to handle.<br />
The way it handles a single L2 exit, L1 need to read and write to the VMCS disable interrupts which wouldn't normally be a problem but because it running in guest mode as a virtual machine all the operation trap leading to a signal high level L2 exit or L3 exit causes many exits(more exits less performance). Problem was corrected by making the single exit fast and reduced frequency of exits with multi-dimensional paging. In the end L1 or L0 base on the trap will finish handling it and resumes L2. this Process is repeated over again contentiously.<br />
<br />
How Multi-dimensional paging work:<br />
The main idea with n = 2 nest virtualization there are three logical translations: L2 to Virtual to physical address, from an L2 physical to L1 physical and form a L1 physical to L0 physical address. 3 levels of translations however there is only 2 MMU pages table in the Hardware that called EPT; which takes virtual to physical and guest physical to host physical. They compress the 3 translations onto the tow tables.<br />
<br />
==Performance==<br />
Two benchmarks were used: kernbench - compiles the linux kernel multiple times. SPECjbb - designed to measure server side [perofmance for Java run-time environments<br />
<br />
Overhead for nested virtualization with kernbench is 10.3% and 6.3% for Specjbb. <br />
There are two sources of overhead evident in nested virtualization. First, the transitions between L1 and L2 are slower than the transition in the lower level of the nested design (between L0 and L1). Second the code handling EXITs running on the host hypervisor such as L1 is much slower than the same code in L0.<br />
<br />
The paper outlines optimization steps to achieve the minimal overhead.<br />
<br />
1. Bypassing vmread and vmwrite instructions and directly accessing data under certain conditions. Removing the need to trap and emulate.<br />
<br />
2. Optimizing exit handling code. (the main cause of the slowdown is provided by additional exits in the exit handling code.<br />
<br />
==Critique==<br />
'''The good:'''<br />
<br />
* From what I read so far, the research showed in the paper is probably the first to achieve efficent x86 nested-virtualization without altering the hardware, relying on software-only techniques and mechanisms. They also won the Jay Lepreau best paper award.<br />
<br />
* security - being able to run other hypervisors without being detected<br />
<br />
* testing, debugging - of hypervisors<br />
<br />
'''The bad:'''<br />
<br />
* lots of exits. to be continued. (anyone whos is interested feel free to take this topic)<br />
<br />
==References==<br />
[1] http://www.haifux.org/lectures/225/ - '''Nested x86 Virtualization - Muli Ben-Yehuda'''</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:COMP_3000_Essay_2_2010_Question_9&diff=5645Talk:COMP 3000 Essay 2 2010 Question 92010-11-28T00:28:36Z<p>Csulliva: /* Implementation */</p>
<hr />
<div>=Group members=<br />
<br />
* Munther Hussain<br />
* Jonathon Slonosky<br />
* Michael Bingham<br />
* Chris Sullivan<br />
* Pawel Raubic<br />
<br />
=Group work=<br />
* Background concepts: Munther Hussain<br />
* Research problem:<br />
* Contribution:<br />
* Critique:<br />
<br />
<br />
=General discussion=<br />
<br />
Hey there, this is Munther. The prof said that we should be contacting each other to see whos still on board for the course. So please<br />
if you read this, add your name to the list of members above. You can my find my contact info in my profile page by clicking my signature. We shall talk about the details and how we will approach this in the next few days --[[User:Hesperus|Hesperus]] 16:41, 12 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in -- JSlonosky<br />
<br />
----------------------<br />
<br />
Pawel has already contacted us so he still in for the course, that makes 3 of us. The other three members, please drop in and add your name. We need to confirm the members today by 1:00 pm. --[[User:Hesperus|Hesperus]] 12:18, 15 November 2010 (UTC)<br />
<br />
----------------------<br />
<br />
Checked in --[[User:Mbingham|Mbingham]] 15:08, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in --[[User:Smcilroy|Smcilroy]] 17:03, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
To the person above me (Smcilroy): I can see that you're assigned to group 7 and not this one. So did the prof move you to this group or something ? We haven't confirmed or emailed the prof yet, I will wait until 1:00 pm. --[[User:Hesperus|Hesperus]] 17:22, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
Alright, so I just emailed the prof the list of members that have checked in so far (the names listed above plus Pawel Raubic),<br />
Smcilroy: I still don't know whether you're in this group or not, though I don't see your name listed in the group assignments on the course webpage. To the other members: if you're still interested in doing the course, please drop in here and add your name or even email me, you can find my contact info in my profile page(just click my signature).<br />
<br />
Personally speaking, I find the topic of this article (The Turtle Project) to be quite interesting and approachable, in fact we've<br />
already been playing with VirtualBox and VMWare and such things, so we should be familiar with some of the concepts the article<br />
approaches like nested-virtualization, hypervisors, supervisors, etc, things that we even covered in class and we can in fact test on our machines. I've already started reading the article, hopefully tonight we'll start posting some basic ideas or concepts and talk about the article in general. I will be in tomorrow's tutorial session in the 4th floor in case some of you guys want to get to know one another. --[[User:Hesperus|Hesperus]] 18:43, 15 November 2010 (UTC)<br />
-----<br />
Yeah, it looks pretty good to me. Unfortunately, I am attending Ozzy Osbourne on the 25th, so I'd like it if we could get ourselves organized early so I can get my part done and not letting it fall on you guys. Not that I would let that happen --JSlonosky 02:51, 16 November 2010 (UTC)<br />
-----<br />
Why waste your money on that old man ? I'd love to see Halford though, I'm sure he'll do some classic Priest material, haven't checked the new record yet, but the cover looks awful, definitely the worst and most ridiculous cover of the year. Anyways, enough music talk. I think we should get it done at least on 24th, we should leave the last day to do the editing and stuff. I removed Smcilroy from the members list, I think he checked in here by mistake because I can see him in group 7. So far, we're 5, still missing one member. --[[User:Hesperus|Hesperus]] 05:36, 16 November 2010 (UTC)<br />
-----<br />
Yeah that would be pretty sweet. I figured I might as well see him when I can; Since he is going to be dead soon. How is he not already? Alright well, the other member should show up soon, or I'd guess that we are a group of 5. --JSlonosky 16:37, 16 November 2010 (UTC)<br />
<br />
-----<br />
Hey dudes. I think we need to get going here.. the paper is due in 4 days. I just did the paper intro section (provided the title, authors, research labs, links, etc.). I have read the paper twice so far and will be spending the whole day working on the background concepts and the research problem sections. <br />
<br />
I'm still not sure on how we should divide the work and sections among the members, especially regarding the research contribution and critique, I mean those sections should not be based or written from the perspective of one person, we all need to work and discuss those paper concepts together.<br />
<br />
If anyone wants to add something, then please add but don't edit or alter the already existing content. Lets try to get as many thoughts/ideas as possible and then we will edit and filter the redundancy later. And lets make sure that we add summary comments to our edits to make it easier to keep track of everything.<br />
<br />
Also, we're still missing one member: Shawn Hansen. Its weird because on last Wednesday's lab, the prof told me that he attended the lab and signed his name, so he should still be in the course. --[[User:Hesperus|Hesperus]] 18:07, 21 November 2010 (UTC)<br />
<br />
---------<br />
Yeah man. We really do need to get on this. Not going to ozzy so I got free time now. I am reading it again to refresh my memory of it and will put notes of what I think we can criticize about it and such. What kind of references do you think we will need? Similar papers etc?<br />
If you need to a hold of me. Best way is through email. jslonosk@connect.Carleton.ca. And if that is still in our group but doesn't participate, too bad for him--JSlonosky 14:42, 22 November 2010 (UTC)<br />
----------<br />
The section on the related work has all the things we need to as far as other papers go. Also, I was able to find other research papers that are not mentioned in the paper. I will definitely be adding those paper by tonight. For the time being, I will handle the background concepts. I added a group work section below to keep track of whos doing what. I should get the background concept done hopefully by tonight. If anyone want to help with the other sections that would be great, please add your name to the section you want to handle below.<br />
<br />
I added a general paper summary below just to illustrate the general idea behind each section. If anybody wants to add anything, feel free to do so. --[[User:Hesperus|Hesperus]] 18:55, 22 November 2010 (UTC)<br />
-----------<br />
I remember the prof mentioned the most important part of the paper is the Critique so we gotta focus on that altogether not just one person for sure.--[[User:Praubic|Praubic]] 19:22, 22 November 2010 (UTC)<br />
<br />
-------------<br />
Yeah absloutely, I agree. But first, lets pin down the crucial points. And then we can discuss them collectively. If anyone happens to come across what he thinks is good or bad, then you can add it below to the good/bad points. Maybe the group work idea is bad, but I just thought maybe if we each member focuses on a specific part in the beginning, we can maybe have a better overall idea of what the paper is about. --[[User:Hesperus|Hesperus]] 19:42, 22 November 2010 (UTC)<br />
--------------<br />
Ok, another thing I figured is that the paper doesn't directly hint at why nested virtualization is necessary? I posted a link in references and I'l try to research more into the purpose of nested virtualization.--[[User:Praubic|Praubic]] 19:45, 22 November 2010 (UTC)<br />
--------------<br />
Actually the paper does talk about that. Look at the first two paragraphs in the introduction section of the paper on page 1. But you're right, they don't really elaborate, I think its because its not the purpose or the aim of the paper in the first place. --[[User:Hesperus|Hesperus]] 20:31, 22 November 2010 (UTC) <br />
--------------<br />
The stuff that Michael provided are excellent. That was actually what I was planning on doing. I will start by defining virtualization, hypervisors, computer ring security, the need and uses of nested virtualization, the models, etc. --[[User:Hesperus|Hesperus]] 22:14, 22 November 2010 (UTC)<br />
-------------<br />
So here my question who doing what in the group work and where should I focus my attention to do my part?- Csulliva<br />
-------------<br />
I have posted few things regarding the background concepts on the main page. I will go back and edit it today and talk about other things like: nested virtualization, the need and advantages of NV, the models, the trap and emulate model of x86 machines, computer paging which is discussed in the paper, computer ring security which again they touch on at some point in the paper. I can easily move some of the things I wrote in the theory section to the main page, but I want to consult the prof first on some of those things.<br />
<br />
One thing that I'm still unsure of is how far should we go here ? should we provide background on the hardware architecture used by the authors like the x86 family and the VMX chips, or maybe some of the concepts discussed later on in the testing such as optimization, emulation, para-virtualization ?<br />
<br />
I will speak and consult the prof today after our lecture. If other members want to help, you guys can start with the related work and see how the content of the paper compares to previous or even current research papers. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
------------------------<br />
In response to what Michael mentioned above in the background section: we should definitely talk about that, from what I understood, they apply the same model (the trap and emulate) but they provide optimizations and ways to increase the trap calls efficiency between the nested environments, so thats definitely a contribution, but its more of a performance optimization kind of contribution I guess, which is why I mentioned the optimizations in the contribution section below. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
---------------------------<br />
'''Ok, so for those who didn't attend today's lecture, the prof was nice enough to give us an extension for the paper, the due date now is Dec 2nd.''' And thats really good, given that some of those concepts require time to sort of formulate. I also asked the prof on the approach that we should follow in terms of presenting the material, and he mentioned that you need to provide enough information for each section to make your follow student understand what the paper is about without them having to actually read the paper or go through it in detail. He also mentioned the need to distill some of the details, if the paper spends a whole page explaining multi-dimensional paging, we should probably explain that in 2 small paragraphs or something.<br />
<br />
Also, we should always cite resources. If the resource is a book, we should cite the page number as well. --[[User:Hesperus|Hesperus]] 15:16, 23 November 2010 (UTC)<br />
---------------------------<br />
Yeah I am really thankful he left us with another week to do it. I am sure we all have at least 3 projects due soon, other than this Essay. I'll type up the stuff that I had highlighted for Tuesday as a break tomorrow. I was going to do it yesterday but he gave us an extension, so I slacked off a bit. I also forgot :/ --JSlonosky 23:43, 24 November 2010 (UTC)<br />
<br />
=Paper summary=<br />
==Background Concepts and Other Stuff==<br />
<br />
EDIT: Just noticed that someone has put their name down to do the background concept stuff, so Munther feel free to use this as a starting point if you like.<br />
<br />
The above looks good. I thought id maybe start touching on some of the sections, so let me know what you guys think. Heres what I think would be useful to go over in the Background Concepts section:<br />
<br />
* Firstly, nested virtualization. Why we use nested virtualization (paper gives example of XP inside win 7). Maybe going over the trap and emulate model of nested virtualization.<br />
* Some of the terminology of nested virtualization. The difference between guest/host hypervisors (we're already familiar with guest/host OSs), the terminology of L0, ..., Ln with L0 being the bottom hypervisor, etc<br />
* x86 nested virtualization limitations. Single level architecture, guest/host mode, VMX instructions and how to emulate them. Some of this is in section 3.2of the paper.<br />
<br />
Again, anything else you guys think we should add would be great.<br />
<br />
Commenting some more on the above summary, under the "main contributions" part, do you think we should count the nested VMX virtualization part as a contribution? If we have multiplexing memory and multiplexing I/O as a main contribution, it would seem to make sense to have multiplexing the CPU as well, especially within the limitations of the x86 architecture. Unless they are using someone else's technique for virtualizing these instructions.--[[User:Mbingham|Mbingham]] 21:16, 22 November 2010 (UTC)<br />
==Research problem==<br />
The paper provides a solution for Nested-virtualization on x86 based computers. Their approach is software-based, meaning that, they're not really altering the underlying architecture, and this is basically the most interesting thing about the paper, since x86 computers don't support nested-virtualization in terms of hardware. But apparently they were able to do it.<br />
In addition, generally, nested virtualization is not supported on x86 systems (the architecture is not designed with that in mind) but for example vista runs XP VM under the covers when running xp programs which shows ability for parallel virtualization on a single hypervisor.<br />
<br />
The goal of nested virtualization and multiple host hypervisors comes down to efficiency. Example: Virtualization on servers has been rapidly gaining popularity. The next evolution step is to extend a single level of memory management virtualization support to handle nested virtualization, which is critical for ''high performance''. [1]<br />
<br />
'''How does the concept apply to the quickly developing cloud computing?'''<br />
<br />
Cloud user manages his own virtual machine directly through a hypervisor of choice. In addition it provides increased security by hypervicsor-level intrusion detection.<br />
<br />
==Related work==<br />
<br />
Comparisons with other related/similar research and work:<br />
<br />
Refer to the following website and to the related work section in the paper regarding this section: <br />
http://www.spinics.net/lists/kvm/msg43940.html<br />
<br />
[This is a forum post by one of the authors of our assigned paper where he talks about more recent research work on virtualization, particularly in his first paragraph, he refers to some more recent research by the VMWare technical support team. He also talks about some of the research papers referred to in our assigned paper.] <br />
<br />
<br />
==Theory (Section 3.1)== <br />
<br />
Apparently, theres 2 models to applying nested-virtualization:<br />
<br />
* Multiple-level architecture support: where every hypervisor handles every other hypervisor running on top of it. For instance, if L0 (host hypervisor) runs L1. If L1 attempts to run L2, then the trap handling and the work needed to be done to allow L1 to instantiate a new VM is handled by L0. More generally, if L2 attempts to created its own VM, then L1 will handle the trap handling and such.<br />
<br />
* Single-level architecture support: This is the model supported by the x86 machines. This model is tied into the concept of "Trap and emulate", where every hypervisor tries to emulate the underlying hardware (the VMX chip in the paper implementation) and presents a fake ground for the hypervisor running on top of it (the guest hypervisor) to operate on, letting it think that he's running on the actual hardware. The idea here is that in order for a guest hypervisor to operate and gain hardware-level privileges, it evokes a fault or a trap, this trap or fault is then handled or caught by the main host hypervisor and then inspected to see if its a legitimate or appropriate command or request, if it is, the host gives privilige to the guest, again having it think that its actually running on the main bare-metal hardware.<br />
<br />
In this model, everything must go back to the main host hypervisor. Then the host hypervisor forwards the trap and virtualization specification to the above-level involved or responsible. For instance, if L0 runs L1. Then L1 attempts to run L2. Then the command to run L2 goes down to L0 and then L0 forwards this command to L1 again. This is the model we're interested in because this what x86 machines basically follow. Look at figure 1 in the paper for a better understanding of this.<br />
<br />
==Main contribution==<br />
The paper propose two new-developed techniques:<br />
* Multi-dimensional paging (for memory virtualization)<br />
* Multiple-level device management (for I/O virtualization)<br />
<br />
Other contributions:<br />
* Micro-optimizations to improve performance.<br />
<br />
==Implementation==<br />
The turtle project has four components that is crucial to its implementation.<br />
* Nested VMX virtualization for nested CPU virtualization<br />
* Multi-dimensional paging for nested MMU virtualization<br />
* Multi-level device assignment for nested I/O virtualization<br />
* Micro-Optimizations to make it go faster<br />
<br />
How does the Nest VMX virtualization work:<br />
L0(the lowest most hypervisor) runs L1 with VMCS0->1(virtual machine control structure).The VMCS is the fundamental data structure that hypervisor per pars, describing the virtual machine, which is passed along to the CPU to be executed. L1(also a hypervisor) prepares VMCS1->2 to run its own virtual machine which executes vmlaunch. vmlaunch will trap and L0 will have the handle the tape because L1 is running as a virtual machine do to the fact that L0 is using the architectural mod for a hypervisor. So in order to have multiplexing happen by making L2 run as a virtual machine of L1. So L0 merges VMCS's; VMCS0->1 merges with VMCS1->2 to become VMCS0->2(enabling L0 to run L2 directly). L0 will now launch a L2 which cause it to trap. L0 handles the trap itself or will forward it to L1 depending if it L1 virtual machines responsibility to handle.<br />
The way it handles a single L2 exit, L1 need to read and write to the VMCS disable interrupts which wouldn't normally be a problem but because it running in guest mode as a virtual machine all the operation trap leading to a signal high level L2 exit or L3 exit causes many exits(more exits less performance). Problem was corrected by making the single exit fast and reduced frequency of exits with multi-dimensional paging. In the end L1 or L0 base on the trap will finish handling it and resumes L2. this Process is repeated over again contentiously.<br />
<br />
How Multi-dimensional paging work:<br />
<br />
==Performance==<br />
<br />
<br />
==Critique==<br />
'''The good:'''<br />
<br />
* From what I read so far, the research showed in the paper is probably the first to achieve efficent x86 nested-virtualization without altering the hardware, relying on software-only techniques and mechanisms. They also won the Jay Lepreau best paper award.<br />
<br />
* security - being able to run other hypervisors without being detected<br />
<br />
* testing, debugging - of hypervisors<br />
<br />
'''The bad:'''<br />
<br />
* lots of exits. to be continued. (anyone whos is interested feel free to take this topic)<br />
<br />
==References==<br />
[1] http://www.haifux.org/lectures/225/ - '''Nested x86 Virtualization - Muli Ben-Yehuda'''</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:COMP_3000_Essay_2_2010_Question_9&diff=5640Talk:COMP 3000 Essay 2 2010 Question 92010-11-27T23:02:06Z<p>Csulliva: /* Implementation */</p>
<hr />
<div>=Group members=<br />
<br />
* Munther Hussain<br />
* Jonathon Slonosky<br />
* Michael Bingham<br />
* Chris Sullivan<br />
* Pawel Raubic<br />
<br />
=Group work=<br />
* Background concepts: Munther Hussain<br />
* Research problem:<br />
* Contribution:<br />
* Critique:<br />
<br />
<br />
=General discussion=<br />
<br />
Hey there, this is Munther. The prof said that we should be contacting each other to see whos still on board for the course. So please<br />
if you read this, add your name to the list of members above. You can my find my contact info in my profile page by clicking my signature. We shall talk about the details and how we will approach this in the next few days --[[User:Hesperus|Hesperus]] 16:41, 12 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in -- JSlonosky<br />
<br />
----------------------<br />
<br />
Pawel has already contacted us so he still in for the course, that makes 3 of us. The other three members, please drop in and add your name. We need to confirm the members today by 1:00 pm. --[[User:Hesperus|Hesperus]] 12:18, 15 November 2010 (UTC)<br />
<br />
----------------------<br />
<br />
Checked in --[[User:Mbingham|Mbingham]] 15:08, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in --[[User:Smcilroy|Smcilroy]] 17:03, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
To the person above me (Smcilroy): I can see that you're assigned to group 7 and not this one. So did the prof move you to this group or something ? We haven't confirmed or emailed the prof yet, I will wait until 1:00 pm. --[[User:Hesperus|Hesperus]] 17:22, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
Alright, so I just emailed the prof the list of members that have checked in so far (the names listed above plus Pawel Raubic),<br />
Smcilroy: I still don't know whether you're in this group or not, though I don't see your name listed in the group assignments on the course webpage. To the other members: if you're still interested in doing the course, please drop in here and add your name or even email me, you can find my contact info in my profile page(just click my signature).<br />
<br />
Personally speaking, I find the topic of this article (The Turtle Project) to be quite interesting and approachable, in fact we've<br />
already been playing with VirtualBox and VMWare and such things, so we should be familiar with some of the concepts the article<br />
approaches like nested-virtualization, hypervisors, supervisors, etc, things that we even covered in class and we can in fact test on our machines. I've already started reading the article, hopefully tonight we'll start posting some basic ideas or concepts and talk about the article in general. I will be in tomorrow's tutorial session in the 4th floor in case some of you guys want to get to know one another. --[[User:Hesperus|Hesperus]] 18:43, 15 November 2010 (UTC)<br />
-----<br />
Yeah, it looks pretty good to me. Unfortunately, I am attending Ozzy Osbourne on the 25th, so I'd like it if we could get ourselves organized early so I can get my part done and not letting it fall on you guys. Not that I would let that happen --JSlonosky 02:51, 16 November 2010 (UTC)<br />
-----<br />
Why waste your money on that old man ? I'd love to see Halford though, I'm sure he'll do some classic Priest material, haven't checked the new record yet, but the cover looks awful, definitely the worst and most ridiculous cover of the year. Anyways, enough music talk. I think we should get it done at least on 24th, we should leave the last day to do the editing and stuff. I removed Smcilroy from the members list, I think he checked in here by mistake because I can see him in group 7. So far, we're 5, still missing one member. --[[User:Hesperus|Hesperus]] 05:36, 16 November 2010 (UTC)<br />
-----<br />
Yeah that would be pretty sweet. I figured I might as well see him when I can; Since he is going to be dead soon. How is he not already? Alright well, the other member should show up soon, or I'd guess that we are a group of 5. --JSlonosky 16:37, 16 November 2010 (UTC)<br />
<br />
-----<br />
Hey dudes. I think we need to get going here.. the paper is due in 4 days. I just did the paper intro section (provided the title, authors, research labs, links, etc.). I have read the paper twice so far and will be spending the whole day working on the background concepts and the research problem sections. <br />
<br />
I'm still not sure on how we should divide the work and sections among the members, especially regarding the research contribution and critique, I mean those sections should not be based or written from the perspective of one person, we all need to work and discuss those paper concepts together.<br />
<br />
If anyone wants to add something, then please add but don't edit or alter the already existing content. Lets try to get as many thoughts/ideas as possible and then we will edit and filter the redundancy later. And lets make sure that we add summary comments to our edits to make it easier to keep track of everything.<br />
<br />
Also, we're still missing one member: Shawn Hansen. Its weird because on last Wednesday's lab, the prof told me that he attended the lab and signed his name, so he should still be in the course. --[[User:Hesperus|Hesperus]] 18:07, 21 November 2010 (UTC)<br />
<br />
---------<br />
Yeah man. We really do need to get on this. Not going to ozzy so I got free time now. I am reading it again to refresh my memory of it and will put notes of what I think we can criticize about it and such. What kind of references do you think we will need? Similar papers etc?<br />
If you need to a hold of me. Best way is through email. jslonosk@connect.Carleton.ca. And if that is still in our group but doesn't participate, too bad for him--JSlonosky 14:42, 22 November 2010 (UTC)<br />
----------<br />
The section on the related work has all the things we need to as far as other papers go. Also, I was able to find other research papers that are not mentioned in the paper. I will definitely be adding those paper by tonight. For the time being, I will handle the background concepts. I added a group work section below to keep track of whos doing what. I should get the background concept done hopefully by tonight. If anyone want to help with the other sections that would be great, please add your name to the section you want to handle below.<br />
<br />
I added a general paper summary below just to illustrate the general idea behind each section. If anybody wants to add anything, feel free to do so. --[[User:Hesperus|Hesperus]] 18:55, 22 November 2010 (UTC)<br />
-----------<br />
I remember the prof mentioned the most important part of the paper is the Critique so we gotta focus on that altogether not just one person for sure.--[[User:Praubic|Praubic]] 19:22, 22 November 2010 (UTC)<br />
<br />
-------------<br />
Yeah absloutely, I agree. But first, lets pin down the crucial points. And then we can discuss them collectively. If anyone happens to come across what he thinks is good or bad, then you can add it below to the good/bad points. Maybe the group work idea is bad, but I just thought maybe if we each member focuses on a specific part in the beginning, we can maybe have a better overall idea of what the paper is about. --[[User:Hesperus|Hesperus]] 19:42, 22 November 2010 (UTC)<br />
--------------<br />
Ok, another thing I figured is that the paper doesn't directly hint at why nested virtualization is necessary? I posted a link in references and I'l try to research more into the purpose of nested virtualization.--[[User:Praubic|Praubic]] 19:45, 22 November 2010 (UTC)<br />
--------------<br />
Actually the paper does talk about that. Look at the first two paragraphs in the introduction section of the paper on page 1. But you're right, they don't really elaborate, I think its because its not the purpose or the aim of the paper in the first place. --[[User:Hesperus|Hesperus]] 20:31, 22 November 2010 (UTC) <br />
--------------<br />
The stuff that Michael provided are excellent. That was actually what I was planning on doing. I will start by defining virtualization, hypervisors, computer ring security, the need and uses of nested virtualization, the models, etc. --[[User:Hesperus|Hesperus]] 22:14, 22 November 2010 (UTC)<br />
-------------<br />
So here my question who doing what in the group work and where should I focus my attention to do my part?- Csulliva<br />
-------------<br />
I have posted few things regarding the background concepts on the main page. I will go back and edit it today and talk about other things like: nested virtualization, the need and advantages of NV, the models, the trap and emulate model of x86 machines, computer paging which is discussed in the paper, computer ring security which again they touch on at some point in the paper. I can easily move some of the things I wrote in the theory section to the main page, but I want to consult the prof first on some of those things.<br />
<br />
One thing that I'm still unsure of is how far should we go here ? should we provide background on the hardware architecture used by the authors like the x86 family and the VMX chips, or maybe some of the concepts discussed later on in the testing such as optimization, emulation, para-virtualization ?<br />
<br />
I will speak and consult the prof today after our lecture. If other members want to help, you guys can start with the related work and see how the content of the paper compares to previous or even current research papers. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
------------------------<br />
In response to what Michael mentioned above in the background section: we should definitely talk about that, from what I understood, they apply the same model (the trap and emulate) but they provide optimizations and ways to increase the trap calls efficiency between the nested environments, so thats definitely a contribution, but its more of a performance optimization kind of contribution I guess, which is why I mentioned the optimizations in the contribution section below. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
---------------------------<br />
'''Ok, so for those who didn't attend today's lecture, the prof was nice enough to give us an extension for the paper, the due date now is Dec 2nd.''' And thats really good, given that some of those concepts require time to sort of formulate. I also asked the prof on the approach that we should follow in terms of presenting the material, and he mentioned that you need to provide enough information for each section to make your follow student understand what the paper is about without them having to actually read the paper or go through it in detail. He also mentioned the need to distill some of the details, if the paper spends a whole page explaining multi-dimensional paging, we should probably explain that in 2 small paragraphs or something.<br />
<br />
Also, we should always cite resources. If the resource is a book, we should cite the page number as well. --[[User:Hesperus|Hesperus]] 15:16, 23 November 2010 (UTC)<br />
---------------------------<br />
Yeah I am really thankful he left us with another week to do it. I am sure we all have at least 3 projects due soon, other than this Essay. I'll type up the stuff that I had highlighted for Tuesday as a break tomorrow. I was going to do it yesterday but he gave us an extension, so I slacked off a bit. I also forgot :/ --JSlonosky 23:43, 24 November 2010 (UTC)<br />
<br />
=Paper summary=<br />
==Background Concepts and Other Stuff==<br />
<br />
EDIT: Just noticed that someone has put their name down to do the background concept stuff, so Munther feel free to use this as a starting point if you like.<br />
<br />
The above looks good. I thought id maybe start touching on some of the sections, so let me know what you guys think. Heres what I think would be useful to go over in the Background Concepts section:<br />
<br />
* Firstly, nested virtualization. Why we use nested virtualization (paper gives example of XP inside win 7). Maybe going over the trap and emulate model of nested virtualization.<br />
* Some of the terminology of nested virtualization. The difference between guest/host hypervisors (we're already familiar with guest/host OSs), the terminology of L0, ..., Ln with L0 being the bottom hypervisor, etc<br />
* x86 nested virtualization limitations. Single level architecture, guest/host mode, VMX instructions and how to emulate them. Some of this is in section 3.2of the paper.<br />
<br />
Again, anything else you guys think we should add would be great.<br />
<br />
Commenting some more on the above summary, under the "main contributions" part, do you think we should count the nested VMX virtualization part as a contribution? If we have multiplexing memory and multiplexing I/O as a main contribution, it would seem to make sense to have multiplexing the CPU as well, especially within the limitations of the x86 architecture. Unless they are using someone else's technique for virtualizing these instructions.--[[User:Mbingham|Mbingham]] 21:16, 22 November 2010 (UTC)<br />
==Research problem==<br />
The paper provides a solution for Nested-virtualization on x86 based computers. Their approach is software-based, meaning that, they're not really altering the underlying architecture, and this is basically the most interesting thing about the paper, since x86 computers don't support nested-virtualization in terms of hardware. But apparently they were able to do it.<br />
In addition, generally, nested virtualization is not supported on x86 systems (the architecture is not designed with that in mind) but for example vista runs XP VM under the covers when running xp programs which shows ability for parallel virtualization on a single hypervisor.<br />
<br />
The goal of nested virtualization and multiple host hypervisors comes down to efficiency. Example: Virtualization on servers has been rapidly gaining popularity. The next evolution step is to extend a single level of memory management virtualization support to handle nested virtualization, which is critical for ''high performance''. [1]<br />
<br />
'''How does the concept apply to the quickly developing cloud computing?'''<br />
<br />
Cloud user manages his own virtual machine directly through a hypervisor of choice. In addition it provides increased security by hypervicsor-level intrusion detection.<br />
<br />
==Related work==<br />
<br />
Comparisons with other related/similar research and work:<br />
<br />
Refer to the following website and to the related work section in the paper regarding this section: <br />
http://www.spinics.net/lists/kvm/msg43940.html<br />
<br />
[This is a forum post by one of the authors of our assigned paper where he talks about more recent research work on virtualization, particularly in his first paragraph, he refers to some more recent research by the VMWare technical support team. He also talks about some of the research papers referred to in our assigned paper.] <br />
<br />
<br />
==Theory (Section 3.1)== <br />
<br />
Apparently, theres 2 models to applying nested-virtualization:<br />
<br />
* Multiple-level architecture support: where every hypervisor handles every other hypervisor running on top of it. For instance, if L0 (host hypervisor) runs L1. If L1 attempts to run L2, then the trap handling and the work needed to be done to allow L1 to instantiate a new VM is handled by L0. More generally, if L2 attempts to created its own VM, then L1 will handle the trap handling and such.<br />
<br />
* Single-level architecture support: This is the model supported by the x86 machines. This model is tied into the concept of "Trap and emulate", where every hypervisor tries to emulate the underlying hardware (the VMX chip in the paper implementation) and presents a fake ground for the hypervisor running on top of it (the guest hypervisor) to operate on, letting it think that he's running on the actual hardware. The idea here is that in order for a guest hypervisor to operate and gain hardware-level privileges, it evokes a fault or a trap, this trap or fault is then handled or caught by the main host hypervisor and then inspected to see if its a legitimate or appropriate command or request, if it is, the host gives privilige to the guest, again having it think that its actually running on the main bare-metal hardware.<br />
<br />
In this model, everything must go back to the main host hypervisor. Then the host hypervisor forwards the trap and virtualization specification to the above-level involved or responsible. For instance, if L0 runs L1. Then L1 attempts to run L2. Then the command to run L2 goes down to L0 and then L0 forwards this command to L1 again. This is the model we're interested in because this what x86 machines basically follow. Look at figure 1 in the paper for a better understanding of this.<br />
<br />
==Main contribution==<br />
The paper propose two new-developed techniques:<br />
* Multi-dimensional paging (for memory virtualization)<br />
* Multiple-level device management (for I/O virtualization)<br />
<br />
Other contributions:<br />
* Micro-optimizations to improve performance.<br />
<br />
==Implementation==<br />
The turtle project has four components that is crucial to its implementation.<br />
* Nested VMX virtualization for nested CPU virtualization<br />
* Multi-dimensional paging for nested MMU virtualization<br />
* Multi-level device assignment for nested I/O virtualization<br />
* Micro-Optimizations to make it go faster<br />
<br />
How does the Nest VMX virtualization works: L0(the lowest most hypervisor) runs L1 with VMCS0->1(virtual machine control structure).The VMCS is the fundamental data structure that hypervisor per pars, describing the virtual machine, which is passed along to the CPU to be executed. L1(also a hypervisor) prepares VMCS1->2 to run its own virtual machine which executes vmlaunch. vmlaunch will trap and L0 will have the handle the tape because L1 is running as a virtual machine do to the fact that L0 is using the architectural mod for a hypervisor. So in order to have multiplexing happen by making L2 run as a virtual machine of L1. So L0 merges VMCS's; VMCS0->1 merges with VMCS1->2 to become VMCS0->2(enabling L0 to run L2 directly). L0 will now launch a L2 which cause it to trap. L0 handles the trap itself or will forward it to L1 depending if it L1 virtual machines responsibility to handle.<br />
......<br />
in the end L1 or L0 base on the trap will finish handling it and resumes L2. this Process is repeated over again contentiously<br />
<br />
==Performance==<br />
<br />
<br />
==Critique==<br />
'''The good:'''<br />
<br />
* From what I read so far, the research showed in the paper is probably the first to achieve efficent x86 nested-virtualization without altering the hardware, relying on software-only techniques and mechanisms. They also won the Jay Lepreau best paper award.<br />
<br />
* security - being able to run other hypervisors without being detected<br />
<br />
* testing, debugging - of hypervisors<br />
<br />
'''The bad:'''<br />
<br />
* lots of exits. to be continued. (anyone whos is interested feel free to take this topic)<br />
<br />
==References==<br />
[1] http://www.haifux.org/lectures/225/ - '''Nested x86 Virtualization - Muli Ben-Yehuda'''</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:COMP_3000_Essay_2_2010_Question_9&diff=5639Talk:COMP 3000 Essay 2 2010 Question 92010-11-27T23:00:02Z<p>Csulliva: /* Implementation */</p>
<hr />
<div>=Group members=<br />
<br />
* Munther Hussain<br />
* Jonathon Slonosky<br />
* Michael Bingham<br />
* Chris Sullivan<br />
* Pawel Raubic<br />
<br />
=Group work=<br />
* Background concepts: Munther Hussain<br />
* Research problem:<br />
* Contribution:<br />
* Critique:<br />
<br />
<br />
=General discussion=<br />
<br />
Hey there, this is Munther. The prof said that we should be contacting each other to see whos still on board for the course. So please<br />
if you read this, add your name to the list of members above. You can my find my contact info in my profile page by clicking my signature. We shall talk about the details and how we will approach this in the next few days --[[User:Hesperus|Hesperus]] 16:41, 12 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in -- JSlonosky<br />
<br />
----------------------<br />
<br />
Pawel has already contacted us so he still in for the course, that makes 3 of us. The other three members, please drop in and add your name. We need to confirm the members today by 1:00 pm. --[[User:Hesperus|Hesperus]] 12:18, 15 November 2010 (UTC)<br />
<br />
----------------------<br />
<br />
Checked in --[[User:Mbingham|Mbingham]] 15:08, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in --[[User:Smcilroy|Smcilroy]] 17:03, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
To the person above me (Smcilroy): I can see that you're assigned to group 7 and not this one. So did the prof move you to this group or something ? We haven't confirmed or emailed the prof yet, I will wait until 1:00 pm. --[[User:Hesperus|Hesperus]] 17:22, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
Alright, so I just emailed the prof the list of members that have checked in so far (the names listed above plus Pawel Raubic),<br />
Smcilroy: I still don't know whether you're in this group or not, though I don't see your name listed in the group assignments on the course webpage. To the other members: if you're still interested in doing the course, please drop in here and add your name or even email me, you can find my contact info in my profile page(just click my signature).<br />
<br />
Personally speaking, I find the topic of this article (The Turtle Project) to be quite interesting and approachable, in fact we've<br />
already been playing with VirtualBox and VMWare and such things, so we should be familiar with some of the concepts the article<br />
approaches like nested-virtualization, hypervisors, supervisors, etc, things that we even covered in class and we can in fact test on our machines. I've already started reading the article, hopefully tonight we'll start posting some basic ideas or concepts and talk about the article in general. I will be in tomorrow's tutorial session in the 4th floor in case some of you guys want to get to know one another. --[[User:Hesperus|Hesperus]] 18:43, 15 November 2010 (UTC)<br />
-----<br />
Yeah, it looks pretty good to me. Unfortunately, I am attending Ozzy Osbourne on the 25th, so I'd like it if we could get ourselves organized early so I can get my part done and not letting it fall on you guys. Not that I would let that happen --JSlonosky 02:51, 16 November 2010 (UTC)<br />
-----<br />
Why waste your money on that old man ? I'd love to see Halford though, I'm sure he'll do some classic Priest material, haven't checked the new record yet, but the cover looks awful, definitely the worst and most ridiculous cover of the year. Anyways, enough music talk. I think we should get it done at least on 24th, we should leave the last day to do the editing and stuff. I removed Smcilroy from the members list, I think he checked in here by mistake because I can see him in group 7. So far, we're 5, still missing one member. --[[User:Hesperus|Hesperus]] 05:36, 16 November 2010 (UTC)<br />
-----<br />
Yeah that would be pretty sweet. I figured I might as well see him when I can; Since he is going to be dead soon. How is he not already? Alright well, the other member should show up soon, or I'd guess that we are a group of 5. --JSlonosky 16:37, 16 November 2010 (UTC)<br />
<br />
-----<br />
Hey dudes. I think we need to get going here.. the paper is due in 4 days. I just did the paper intro section (provided the title, authors, research labs, links, etc.). I have read the paper twice so far and will be spending the whole day working on the background concepts and the research problem sections. <br />
<br />
I'm still not sure on how we should divide the work and sections among the members, especially regarding the research contribution and critique, I mean those sections should not be based or written from the perspective of one person, we all need to work and discuss those paper concepts together.<br />
<br />
If anyone wants to add something, then please add but don't edit or alter the already existing content. Lets try to get as many thoughts/ideas as possible and then we will edit and filter the redundancy later. And lets make sure that we add summary comments to our edits to make it easier to keep track of everything.<br />
<br />
Also, we're still missing one member: Shawn Hansen. Its weird because on last Wednesday's lab, the prof told me that he attended the lab and signed his name, so he should still be in the course. --[[User:Hesperus|Hesperus]] 18:07, 21 November 2010 (UTC)<br />
<br />
---------<br />
Yeah man. We really do need to get on this. Not going to ozzy so I got free time now. I am reading it again to refresh my memory of it and will put notes of what I think we can criticize about it and such. What kind of references do you think we will need? Similar papers etc?<br />
If you need to a hold of me. Best way is through email. jslonosk@connect.Carleton.ca. And if that is still in our group but doesn't participate, too bad for him--JSlonosky 14:42, 22 November 2010 (UTC)<br />
----------<br />
The section on the related work has all the things we need to as far as other papers go. Also, I was able to find other research papers that are not mentioned in the paper. I will definitely be adding those paper by tonight. For the time being, I will handle the background concepts. I added a group work section below to keep track of whos doing what. I should get the background concept done hopefully by tonight. If anyone want to help with the other sections that would be great, please add your name to the section you want to handle below.<br />
<br />
I added a general paper summary below just to illustrate the general idea behind each section. If anybody wants to add anything, feel free to do so. --[[User:Hesperus|Hesperus]] 18:55, 22 November 2010 (UTC)<br />
-----------<br />
I remember the prof mentioned the most important part of the paper is the Critique so we gotta focus on that altogether not just one person for sure.--[[User:Praubic|Praubic]] 19:22, 22 November 2010 (UTC)<br />
<br />
-------------<br />
Yeah absloutely, I agree. But first, lets pin down the crucial points. And then we can discuss them collectively. If anyone happens to come across what he thinks is good or bad, then you can add it below to the good/bad points. Maybe the group work idea is bad, but I just thought maybe if we each member focuses on a specific part in the beginning, we can maybe have a better overall idea of what the paper is about. --[[User:Hesperus|Hesperus]] 19:42, 22 November 2010 (UTC)<br />
--------------<br />
Ok, another thing I figured is that the paper doesn't directly hint at why nested virtualization is necessary? I posted a link in references and I'l try to research more into the purpose of nested virtualization.--[[User:Praubic|Praubic]] 19:45, 22 November 2010 (UTC)<br />
--------------<br />
Actually the paper does talk about that. Look at the first two paragraphs in the introduction section of the paper on page 1. But you're right, they don't really elaborate, I think its because its not the purpose or the aim of the paper in the first place. --[[User:Hesperus|Hesperus]] 20:31, 22 November 2010 (UTC) <br />
--------------<br />
The stuff that Michael provided are excellent. That was actually what I was planning on doing. I will start by defining virtualization, hypervisors, computer ring security, the need and uses of nested virtualization, the models, etc. --[[User:Hesperus|Hesperus]] 22:14, 22 November 2010 (UTC)<br />
-------------<br />
So here my question who doing what in the group work and where should I focus my attention to do my part?- Csulliva<br />
-------------<br />
I have posted few things regarding the background concepts on the main page. I will go back and edit it today and talk about other things like: nested virtualization, the need and advantages of NV, the models, the trap and emulate model of x86 machines, computer paging which is discussed in the paper, computer ring security which again they touch on at some point in the paper. I can easily move some of the things I wrote in the theory section to the main page, but I want to consult the prof first on some of those things.<br />
<br />
One thing that I'm still unsure of is how far should we go here ? should we provide background on the hardware architecture used by the authors like the x86 family and the VMX chips, or maybe some of the concepts discussed later on in the testing such as optimization, emulation, para-virtualization ?<br />
<br />
I will speak and consult the prof today after our lecture. If other members want to help, you guys can start with the related work and see how the content of the paper compares to previous or even current research papers. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
------------------------<br />
In response to what Michael mentioned above in the background section: we should definitely talk about that, from what I understood, they apply the same model (the trap and emulate) but they provide optimizations and ways to increase the trap calls efficiency between the nested environments, so thats definitely a contribution, but its more of a performance optimization kind of contribution I guess, which is why I mentioned the optimizations in the contribution section below. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
---------------------------<br />
'''Ok, so for those who didn't attend today's lecture, the prof was nice enough to give us an extension for the paper, the due date now is Dec 2nd.''' And thats really good, given that some of those concepts require time to sort of formulate. I also asked the prof on the approach that we should follow in terms of presenting the material, and he mentioned that you need to provide enough information for each section to make your follow student understand what the paper is about without them having to actually read the paper or go through it in detail. He also mentioned the need to distill some of the details, if the paper spends a whole page explaining multi-dimensional paging, we should probably explain that in 2 small paragraphs or something.<br />
<br />
Also, we should always cite resources. If the resource is a book, we should cite the page number as well. --[[User:Hesperus|Hesperus]] 15:16, 23 November 2010 (UTC)<br />
---------------------------<br />
Yeah I am really thankful he left us with another week to do it. I am sure we all have at least 3 projects due soon, other than this Essay. I'll type up the stuff that I had highlighted for Tuesday as a break tomorrow. I was going to do it yesterday but he gave us an extension, so I slacked off a bit. I also forgot :/ --JSlonosky 23:43, 24 November 2010 (UTC)<br />
<br />
=Paper summary=<br />
==Background Concepts and Other Stuff==<br />
<br />
EDIT: Just noticed that someone has put their name down to do the background concept stuff, so Munther feel free to use this as a starting point if you like.<br />
<br />
The above looks good. I thought id maybe start touching on some of the sections, so let me know what you guys think. Heres what I think would be useful to go over in the Background Concepts section:<br />
<br />
* Firstly, nested virtualization. Why we use nested virtualization (paper gives example of XP inside win 7). Maybe going over the trap and emulate model of nested virtualization.<br />
* Some of the terminology of nested virtualization. The difference between guest/host hypervisors (we're already familiar with guest/host OSs), the terminology of L0, ..., Ln with L0 being the bottom hypervisor, etc<br />
* x86 nested virtualization limitations. Single level architecture, guest/host mode, VMX instructions and how to emulate them. Some of this is in section 3.2of the paper.<br />
<br />
Again, anything else you guys think we should add would be great.<br />
<br />
Commenting some more on the above summary, under the "main contributions" part, do you think we should count the nested VMX virtualization part as a contribution? If we have multiplexing memory and multiplexing I/O as a main contribution, it would seem to make sense to have multiplexing the CPU as well, especially within the limitations of the x86 architecture. Unless they are using someone else's technique for virtualizing these instructions.--[[User:Mbingham|Mbingham]] 21:16, 22 November 2010 (UTC)<br />
==Research problem==<br />
The paper provides a solution for Nested-virtualization on x86 based computers. Their approach is software-based, meaning that, they're not really altering the underlying architecture, and this is basically the most interesting thing about the paper, since x86 computers don't support nested-virtualization in terms of hardware. But apparently they were able to do it.<br />
In addition, generally, nested virtualization is not supported on x86 systems (the architecture is not designed with that in mind) but for example vista runs XP VM under the covers when running xp programs which shows ability for parallel virtualization on a single hypervisor.<br />
<br />
The goal of nested virtualization and multiple host hypervisors comes down to efficiency. Example: Virtualization on servers has been rapidly gaining popularity. The next evolution step is to extend a single level of memory management virtualization support to handle nested virtualization, which is critical for ''high performance''. [1]<br />
<br />
'''How does the concept apply to the quickly developing cloud computing?'''<br />
<br />
Cloud user manages his own virtual machine directly through a hypervisor of choice. In addition it provides increased security by hypervicsor-level intrusion detection.<br />
<br />
==Related work==<br />
<br />
Comparisons with other related/similar research and work:<br />
<br />
Refer to the following website and to the related work section in the paper regarding this section: <br />
http://www.spinics.net/lists/kvm/msg43940.html<br />
<br />
[This is a forum post by one of the authors of our assigned paper where he talks about more recent research work on virtualization, particularly in his first paragraph, he refers to some more recent research by the VMWare technical support team. He also talks about some of the research papers referred to in our assigned paper.] <br />
<br />
<br />
==Theory (Section 3.1)== <br />
<br />
Apparently, theres 2 models to applying nested-virtualization:<br />
<br />
* Multiple-level architecture support: where every hypervisor handles every other hypervisor running on top of it. For instance, if L0 (host hypervisor) runs L1. If L1 attempts to run L2, then the trap handling and the work needed to be done to allow L1 to instantiate a new VM is handled by L0. More generally, if L2 attempts to created its own VM, then L1 will handle the trap handling and such.<br />
<br />
* Single-level architecture support: This is the model supported by the x86 machines. This model is tied into the concept of "Trap and emulate", where every hypervisor tries to emulate the underlying hardware (the VMX chip in the paper implementation) and presents a fake ground for the hypervisor running on top of it (the guest hypervisor) to operate on, letting it think that he's running on the actual hardware. The idea here is that in order for a guest hypervisor to operate and gain hardware-level privileges, it evokes a fault or a trap, this trap or fault is then handled or caught by the main host hypervisor and then inspected to see if its a legitimate or appropriate command or request, if it is, the host gives privilige to the guest, again having it think that its actually running on the main bare-metal hardware.<br />
<br />
In this model, everything must go back to the main host hypervisor. Then the host hypervisor forwards the trap and virtualization specification to the above-level involved or responsible. For instance, if L0 runs L1. Then L1 attempts to run L2. Then the command to run L2 goes down to L0 and then L0 forwards this command to L1 again. This is the model we're interested in because this what x86 machines basically follow. Look at figure 1 in the paper for a better understanding of this.<br />
<br />
==Main contribution==<br />
The paper propose two new-developed techniques:<br />
* Multi-dimensional paging (for memory virtualization)<br />
* Multiple-level device management (for I/O virtualization)<br />
<br />
Other contributions:<br />
* Micro-optimizations to improve performance.<br />
<br />
==Implementation==<br />
The turtle project has four components that is crucial to its implementation.<br />
* Nested VMX virtualization for nested CPU virtualization<br />
* Multi-dimensional paging for nested MMU virtualization<br />
* Multi-level device assignment for nested I/O virtualization<br />
* Micro-Optimizations to make it go faster<br />
<br />
How does the Nest VMX virtualization works: L0(the lowest most hypervisor) runs L1 with VMCS0->1(virtual machine control structure).The VMCS is the fundamental data structure that hypervisor per pars, describing the virtual machine, which is passed along to the CPU to be executed. L1(also a hypervisor) prepares VMCS1->2 to run its own virtual machine which executes vmlaunch. vmlaunch will trap and L0 will have the handle the tape because L1 is running as a virtual machine do to the fact that L0 is using the architectural mod for a hypervisor. So in order to have multiplexing happen by making L2 run as a virtual machine of L1. So L0 merges VMCS's; VMCS0->1 merges with VMCS1->2 to become VMCS0->2(enabling L0 to run L2 directly). L0 will now launch a L2 which cause it to trap. L0 handles the trap itself or will forward it to L1 depending if it L1 virtual machine to handle.<br />
......<br />
in the end L1 or L0 base on the trap will finish handling it and resumes L2. this Process is repeated over again contentiously<br />
<br />
==Performance==<br />
<br />
<br />
==Critique==<br />
'''The good:'''<br />
<br />
* From what I read so far, the research showed in the paper is probably the first to achieve efficent x86 nested-virtualization without altering the hardware, relying on software-only techniques and mechanisms. They also won the Jay Lepreau best paper award.<br />
<br />
* security - being able to run other hypervisors without being detected<br />
<br />
* testing, debugging - of hypervisors<br />
<br />
'''The bad:'''<br />
<br />
* lots of exits. to be continued. (anyone whos is interested feel free to take this topic)<br />
<br />
==References==<br />
[1] http://www.haifux.org/lectures/225/ - '''Nested x86 Virtualization - Muli Ben-Yehuda'''</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:COMP_3000_Essay_2_2010_Question_9&diff=5621Talk:COMP 3000 Essay 2 2010 Question 92010-11-27T03:24:02Z<p>Csulliva: /* Implementation */</p>
<hr />
<div>=Group members=<br />
<br />
* Munther Hussain<br />
* Jonathon Slonosky<br />
* Michael Bingham<br />
* Chris Sullivan<br />
* Pawel Raubic<br />
<br />
=Group work=<br />
* Background concepts: Munther Hussain<br />
* Research problem:<br />
* Contribution:<br />
* Critique:<br />
<br />
<br />
=General discussion=<br />
<br />
Hey there, this is Munther. The prof said that we should be contacting each other to see whos still on board for the course. So please<br />
if you read this, add your name to the list of members above. You can my find my contact info in my profile page by clicking my signature. We shall talk about the details and how we will approach this in the next few days --[[User:Hesperus|Hesperus]] 16:41, 12 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in -- JSlonosky<br />
<br />
----------------------<br />
<br />
Pawel has already contacted us so he still in for the course, that makes 3 of us. The other three members, please drop in and add your name. We need to confirm the members today by 1:00 pm. --[[User:Hesperus|Hesperus]] 12:18, 15 November 2010 (UTC)<br />
<br />
----------------------<br />
<br />
Checked in --[[User:Mbingham|Mbingham]] 15:08, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in --[[User:Smcilroy|Smcilroy]] 17:03, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
To the person above me (Smcilroy): I can see that you're assigned to group 7 and not this one. So did the prof move you to this group or something ? We haven't confirmed or emailed the prof yet, I will wait until 1:00 pm. --[[User:Hesperus|Hesperus]] 17:22, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
Alright, so I just emailed the prof the list of members that have checked in so far (the names listed above plus Pawel Raubic),<br />
Smcilroy: I still don't know whether you're in this group or not, though I don't see your name listed in the group assignments on the course webpage. To the other members: if you're still interested in doing the course, please drop in here and add your name or even email me, you can find my contact info in my profile page(just click my signature).<br />
<br />
Personally speaking, I find the topic of this article (The Turtle Project) to be quite interesting and approachable, in fact we've<br />
already been playing with VirtualBox and VMWare and such things, so we should be familiar with some of the concepts the article<br />
approaches like nested-virtualization, hypervisors, supervisors, etc, things that we even covered in class and we can in fact test on our machines. I've already started reading the article, hopefully tonight we'll start posting some basic ideas or concepts and talk about the article in general. I will be in tomorrow's tutorial session in the 4th floor in case some of you guys want to get to know one another. --[[User:Hesperus|Hesperus]] 18:43, 15 November 2010 (UTC)<br />
-----<br />
Yeah, it looks pretty good to me. Unfortunately, I am attending Ozzy Osbourne on the 25th, so I'd like it if we could get ourselves organized early so I can get my part done and not letting it fall on you guys. Not that I would let that happen --JSlonosky 02:51, 16 November 2010 (UTC)<br />
-----<br />
Why waste your money on that old man ? I'd love to see Halford though, I'm sure he'll do some classic Priest material, haven't checked the new record yet, but the cover looks awful, definitely the worst and most ridiculous cover of the year. Anyways, enough music talk. I think we should get it done at least on 24th, we should leave the last day to do the editing and stuff. I removed Smcilroy from the members list, I think he checked in here by mistake because I can see him in group 7. So far, we're 5, still missing one member. --[[User:Hesperus|Hesperus]] 05:36, 16 November 2010 (UTC)<br />
-----<br />
Yeah that would be pretty sweet. I figured I might as well see him when I can; Since he is going to be dead soon. How is he not already? Alright well, the other member should show up soon, or I'd guess that we are a group of 5. --JSlonosky 16:37, 16 November 2010 (UTC)<br />
<br />
-----<br />
Hey dudes. I think we need to get going here.. the paper is due in 4 days. I just did the paper intro section (provided the title, authors, research labs, links, etc.). I have read the paper twice so far and will be spending the whole day working on the background concepts and the research problem sections. <br />
<br />
I'm still not sure on how we should divide the work and sections among the members, especially regarding the research contribution and critique, I mean those sections should not be based or written from the perspective of one person, we all need to work and discuss those paper concepts together.<br />
<br />
If anyone wants to add something, then please add but don't edit or alter the already existing content. Lets try to get as many thoughts/ideas as possible and then we will edit and filter the redundancy later. And lets make sure that we add summary comments to our edits to make it easier to keep track of everything.<br />
<br />
Also, we're still missing one member: Shawn Hansen. Its weird because on last Wednesday's lab, the prof told me that he attended the lab and signed his name, so he should still be in the course. --[[User:Hesperus|Hesperus]] 18:07, 21 November 2010 (UTC)<br />
<br />
---------<br />
Yeah man. We really do need to get on this. Not going to ozzy so I got free time now. I am reading it again to refresh my memory of it and will put notes of what I think we can criticize about it and such. What kind of references do you think we will need? Similar papers etc?<br />
If you need to a hold of me. Best way is through email. jslonosk@connect.Carleton.ca. And if that is still in our group but doesn't participate, too bad for him--JSlonosky 14:42, 22 November 2010 (UTC)<br />
----------<br />
The section on the related work has all the things we need to as far as other papers go. Also, I was able to find other research papers that are not mentioned in the paper. I will definitely be adding those paper by tonight. For the time being, I will handle the background concepts. I added a group work section below to keep track of whos doing what. I should get the background concept done hopefully by tonight. If anyone want to help with the other sections that would be great, please add your name to the section you want to handle below.<br />
<br />
I added a general paper summary below just to illustrate the general idea behind each section. If anybody wants to add anything, feel free to do so. --[[User:Hesperus|Hesperus]] 18:55, 22 November 2010 (UTC)<br />
-----------<br />
I remember the prof mentioned the most important part of the paper is the Critique so we gotta focus on that altogether not just one person for sure.--[[User:Praubic|Praubic]] 19:22, 22 November 2010 (UTC)<br />
<br />
-------------<br />
Yeah absloutely, I agree. But first, lets pin down the crucial points. And then we can discuss them collectively. If anyone happens to come across what he thinks is good or bad, then you can add it below to the good/bad points. Maybe the group work idea is bad, but I just thought maybe if we each member focuses on a specific part in the beginning, we can maybe have a better overall idea of what the paper is about. --[[User:Hesperus|Hesperus]] 19:42, 22 November 2010 (UTC)<br />
--------------<br />
Ok, another thing I figured is that the paper doesn't directly hint at why nested virtualization is necessary? I posted a link in references and I'l try to research more into the purpose of nested virtualization.--[[User:Praubic|Praubic]] 19:45, 22 November 2010 (UTC)<br />
--------------<br />
Actually the paper does talk about that. Look at the first two paragraphs in the introduction section of the paper on page 1. But you're right, they don't really elaborate, I think its because its not the purpose or the aim of the paper in the first place. --[[User:Hesperus|Hesperus]] 20:31, 22 November 2010 (UTC) <br />
--------------<br />
The stuff that Michael provided are excellent. That was actually what I was planning on doing. I will start by defining virtualization, hypervisors, computer ring security, the need and uses of nested virtualization, the models, etc. --[[User:Hesperus|Hesperus]] 22:14, 22 November 2010 (UTC)<br />
-------------<br />
So here my question who doing what in the group work and where should I focus my attention to do my part?- Csulliva<br />
-------------<br />
I have posted few things regarding the background concepts on the main page. I will go back and edit it today and talk about other things like: nested virtualization, the need and advantages of NV, the models, the trap and emulate model of x86 machines, computer paging which is discussed in the paper, computer ring security which again they touch on at some point in the paper. I can easily move some of the things I wrote in the theory section to the main page, but I want to consult the prof first on some of those things.<br />
<br />
One thing that I'm still unsure of is how far should we go here ? should we provide background on the hardware architecture used by the authors like the x86 family and the VMX chips, or maybe some of the concepts discussed later on in the testing such as optimization, emulation, para-virtualization ?<br />
<br />
I will speak and consult the prof today after our lecture. If other members want to help, you guys can start with the related work and see how the content of the paper compares to previous or even current research papers. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
------------------------<br />
In response to what Michael mentioned above in the background section: we should definitely talk about that, from what I understood, they apply the same model (the trap and emulate) but they provide optimizations and ways to increase the trap calls efficiency between the nested environments, so thats definitely a contribution, but its more of a performance optimization kind of contribution I guess, which is why I mentioned the optimizations in the contribution section below. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
---------------------------<br />
'''Ok, so for those who didn't attend today's lecture, the prof was nice enough to give us an extension for the paper, the due date now is Dec 2nd.''' And thats really good, given that some of those concepts require time to sort of formulate. I also asked the prof on the approach that we should follow in terms of presenting the material, and he mentioned that you need to provide enough information for each section to make your follow student understand what the paper is about without them having to actually read the paper or go through it in detail. He also mentioned the need to distill some of the details, if the paper spends a whole page explaining multi-dimensional paging, we should probably explain that in 2 small paragraphs or something.<br />
<br />
Also, we should always cite resources. If the resource is a book, we should cite the page number as well. --[[User:Hesperus|Hesperus]] 15:16, 23 November 2010 (UTC)<br />
---------------------------<br />
Yeah I am really thankful he left us with another week to do it. I am sure we all have at least 3 projects due soon, other than this Essay. I'll type up the stuff that I had highlighted for Tuesday as a break tomorrow. I was going to do it yesterday but he gave us an extension, so I slacked off a bit. I also forgot :/ --JSlonosky 23:43, 24 November 2010 (UTC)<br />
<br />
=Paper summary=<br />
==Background Concepts and Other Stuff==<br />
<br />
EDIT: Just noticed that someone has put their name down to do the background concept stuff, so Munther feel free to use this as a starting point if you like.<br />
<br />
The above looks good. I thought id maybe start touching on some of the sections, so let me know what you guys think. Heres what I think would be useful to go over in the Background Concepts section:<br />
<br />
* Firstly, nested virtualization. Why we use nested virtualization (paper gives example of XP inside win 7). Maybe going over the trap and emulate model of nested virtualization.<br />
* Some of the terminology of nested virtualization. The difference between guest/host hypervisors (we're already familiar with guest/host OSs), the terminology of L0, ..., Ln with L0 being the bottom hypervisor, etc<br />
* x86 nested virtualization limitations. Single level architecture, guest/host mode, VMX instructions and how to emulate them. Some of this is in section 3.2of the paper.<br />
<br />
Again, anything else you guys think we should add would be great.<br />
<br />
Commenting some more on the above summary, under the "main contributions" part, do you think we should count the nested VMX virtualization part as a contribution? If we have multiplexing memory and multiplexing I/O as a main contribution, it would seem to make sense to have multiplexing the CPU as well, especially within the limitations of the x86 architecture. Unless they are using someone else's technique for virtualizing these instructions.--[[User:Mbingham|Mbingham]] 21:16, 22 November 2010 (UTC)<br />
==Research problem==<br />
The paper provides a solution for Nested-virtualization on x86 based computers. Their approach is software-based, meaning that, they're not really altering the underlying architecture, and this is basically the most interesting thing about the paper, since x86 computers don't support nested-virtualization in terms of hardware. But apparently they were able to do it.<br />
In addition, generally, nested virtualization is not supported on x86 systems (the architecture is not designed with that in mind) but for example vista runs XP VM under the covers when running xp programs which shows ability for parallel virtualization on a single hypervisor.<br />
<br />
The goal of nested virtualization and multiple host hypervisors comes down to efficiency. Example: Virtualization on servers has been rapidly gaining popularity. The next evolution step is to extend a single level of memory management virtualization support to handle nested virtualization, which is critical for ''high performance''. [1]<br />
<br />
'''How does the concept apply to the quickly developing cloud computing?'''<br />
<br />
Cloud user manages his own virtual machine directly through a hypervisor of choice. In addition it provides increased security by hypervicsor-level intrusion detection.<br />
<br />
==Related work==<br />
<br />
Comparisons with other related/similar research and work:<br />
<br />
Refer to the following website and to the related work section in the paper regarding this section: <br />
http://www.spinics.net/lists/kvm/msg43940.html<br />
<br />
[This is a forum post by one of the authors of our assigned paper where he talks about more recent research work on virtualization, particularly in his first paragraph, he refers to some more recent research by the VMWare technical support team. He also talks about some of the research papers referred to in our assigned paper.] <br />
<br />
<br />
==Theory (Section 3.1)== <br />
<br />
Apparently, theres 2 models to applying nested-virtualization:<br />
<br />
* Multiple-level architecture support: where every hypervisor handles every other hypervisor running on top of it. For instance, if L0 (host hypervisor) runs L1. If L1 attempts to run L2, then the trap handling and the work needed to be done to allow L1 to instantiate a new VM is handled by L0. More generally, if L2 attempts to created its own VM, then L1 will handle the trap handling and such.<br />
<br />
* Single-level architecture support: This is the model supported by the x86 machines. This model is tied into the concept of "Trap and emulate", where every hypervisor tries to emulate the underlying hardware (the VMX chip in the paper implementation) and presents a fake ground for the hypervisor running on top of it (the guest hypervisor) to operate on, letting it think that he's running on the actual hardware. The idea here is that in order for a guest hypervisor to operate and gain hardware-level privileges, it evokes a fault or a trap, this trap or fault is then handled or caught by the main host hypervisor and then inspected to see if its a legitimate or appropriate command or request, if it is, the host gives privilige to the guest, again having it think that its actually running on the main bare-metal hardware.<br />
<br />
In this model, everything must go back to the main host hypervisor. Then the host hypervisor forwards the trap and virtualization specification to the above-level involved or responsible. For instance, if L0 runs L1. Then L1 attempts to run L2. Then the command to run L2 goes down to L0 and then L0 forwards this command to L1 again. This is the model we're interested in because this what x86 machines basically follow. Look at figure 1 in the paper for a better understanding of this.<br />
<br />
==Main contribution==<br />
The paper propose two new-developed techniques:<br />
* Multi-dimensional paging (for memory virtualization)<br />
* Multiple-level device management (for I/O virtualization)<br />
<br />
Other contributions:<br />
* Micro-optimizations to improve performance.<br />
<br />
==Implementation==<br />
The turtle project has four components that is crucial to its implementation.<br />
* Nested VMX virtualization for nested CPU virtualization<br />
* Multi-dimensional paging for nested MMU virtualization<br />
* Multi-level device assignment for nested I/O virtualization<br />
* Micro-Optimizations to make it go faster<br />
<br />
How does the Nest VMX virtualization works: L0(the lowest most hypervisor) runs L1 with VMCS0->1(virtual machine control structure).The VMCS is the fundamental data structure that hypervisor per pars, describing the virtual machine, which is passed along to the CPU to be executed. L1(also a hypervisor) prepares VMCS1->2 to run its own virtual machine which executes vmlaunch. vmlaunch will trap to L0 because L1 is running as a virtual machine do to the fact that L0 is using the architectural mod for a hypervisor<br />
<br />
==Performance==<br />
<br />
<br />
==Critique==<br />
'''The good:'''<br />
<br />
* From what I read so far, the research showed in the paper is probably the first to achieve efficent x86 nested-virtualization without altering the hardware, relying on software-only techniques and mechanisms. They also won the Jay Lepreau best paper award.<br />
<br />
* security - being able to run other hypervisors without being detected<br />
<br />
* testing, debugging - of hypervisors<br />
<br />
'''The bad:'''<br />
<br />
* lots of exits. to be continued. (anyone whos is interested feel free to take this topic)<br />
<br />
==References==<br />
[1] http://www.haifux.org/lectures/225/ - '''Nested x86 Virtualization - Muli Ben-Yehuda'''</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:COMP_3000_Essay_2_2010_Question_9&diff=5614Talk:COMP 3000 Essay 2 2010 Question 92010-11-27T03:04:43Z<p>Csulliva: /* Implementation */</p>
<hr />
<div>=Group members=<br />
<br />
* Munther Hussain<br />
* Jonathon Slonosky<br />
* Michael Bingham<br />
* Chris Sullivan<br />
* Pawel Raubic<br />
<br />
=Group work=<br />
* Background concepts: Munther Hussain<br />
* Research problem:<br />
* Contribution:<br />
* Critique:<br />
<br />
<br />
=General discussion=<br />
<br />
Hey there, this is Munther. The prof said that we should be contacting each other to see whos still on board for the course. So please<br />
if you read this, add your name to the list of members above. You can my find my contact info in my profile page by clicking my signature. We shall talk about the details and how we will approach this in the next few days --[[User:Hesperus|Hesperus]] 16:41, 12 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in -- JSlonosky<br />
<br />
----------------------<br />
<br />
Pawel has already contacted us so he still in for the course, that makes 3 of us. The other three members, please drop in and add your name. We need to confirm the members today by 1:00 pm. --[[User:Hesperus|Hesperus]] 12:18, 15 November 2010 (UTC)<br />
<br />
----------------------<br />
<br />
Checked in --[[User:Mbingham|Mbingham]] 15:08, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in --[[User:Smcilroy|Smcilroy]] 17:03, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
To the person above me (Smcilroy): I can see that you're assigned to group 7 and not this one. So did the prof move you to this group or something ? We haven't confirmed or emailed the prof yet, I will wait until 1:00 pm. --[[User:Hesperus|Hesperus]] 17:22, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
Alright, so I just emailed the prof the list of members that have checked in so far (the names listed above plus Pawel Raubic),<br />
Smcilroy: I still don't know whether you're in this group or not, though I don't see your name listed in the group assignments on the course webpage. To the other members: if you're still interested in doing the course, please drop in here and add your name or even email me, you can find my contact info in my profile page(just click my signature).<br />
<br />
Personally speaking, I find the topic of this article (The Turtle Project) to be quite interesting and approachable, in fact we've<br />
already been playing with VirtualBox and VMWare and such things, so we should be familiar with some of the concepts the article<br />
approaches like nested-virtualization, hypervisors, supervisors, etc, things that we even covered in class and we can in fact test on our machines. I've already started reading the article, hopefully tonight we'll start posting some basic ideas or concepts and talk about the article in general. I will be in tomorrow's tutorial session in the 4th floor in case some of you guys want to get to know one another. --[[User:Hesperus|Hesperus]] 18:43, 15 November 2010 (UTC)<br />
-----<br />
Yeah, it looks pretty good to me. Unfortunately, I am attending Ozzy Osbourne on the 25th, so I'd like it if we could get ourselves organized early so I can get my part done and not letting it fall on you guys. Not that I would let that happen --JSlonosky 02:51, 16 November 2010 (UTC)<br />
-----<br />
Why waste your money on that old man ? I'd love to see Halford though, I'm sure he'll do some classic Priest material, haven't checked the new record yet, but the cover looks awful, definitely the worst and most ridiculous cover of the year. Anyways, enough music talk. I think we should get it done at least on 24th, we should leave the last day to do the editing and stuff. I removed Smcilroy from the members list, I think he checked in here by mistake because I can see him in group 7. So far, we're 5, still missing one member. --[[User:Hesperus|Hesperus]] 05:36, 16 November 2010 (UTC)<br />
-----<br />
Yeah that would be pretty sweet. I figured I might as well see him when I can; Since he is going to be dead soon. How is he not already? Alright well, the other member should show up soon, or I'd guess that we are a group of 5. --JSlonosky 16:37, 16 November 2010 (UTC)<br />
<br />
-----<br />
Hey dudes. I think we need to get going here.. the paper is due in 4 days. I just did the paper intro section (provided the title, authors, research labs, links, etc.). I have read the paper twice so far and will be spending the whole day working on the background concepts and the research problem sections. <br />
<br />
I'm still not sure on how we should divide the work and sections among the members, especially regarding the research contribution and critique, I mean those sections should not be based or written from the perspective of one person, we all need to work and discuss those paper concepts together.<br />
<br />
If anyone wants to add something, then please add but don't edit or alter the already existing content. Lets try to get as many thoughts/ideas as possible and then we will edit and filter the redundancy later. And lets make sure that we add summary comments to our edits to make it easier to keep track of everything.<br />
<br />
Also, we're still missing one member: Shawn Hansen. Its weird because on last Wednesday's lab, the prof told me that he attended the lab and signed his name, so he should still be in the course. --[[User:Hesperus|Hesperus]] 18:07, 21 November 2010 (UTC)<br />
<br />
---------<br />
Yeah man. We really do need to get on this. Not going to ozzy so I got free time now. I am reading it again to refresh my memory of it and will put notes of what I think we can criticize about it and such. What kind of references do you think we will need? Similar papers etc?<br />
If you need to a hold of me. Best way is through email. jslonosk@connect.Carleton.ca. And if that is still in our group but doesn't participate, too bad for him--JSlonosky 14:42, 22 November 2010 (UTC)<br />
----------<br />
The section on the related work has all the things we need to as far as other papers go. Also, I was able to find other research papers that are not mentioned in the paper. I will definitely be adding those paper by tonight. For the time being, I will handle the background concepts. I added a group work section below to keep track of whos doing what. I should get the background concept done hopefully by tonight. If anyone want to help with the other sections that would be great, please add your name to the section you want to handle below.<br />
<br />
I added a general paper summary below just to illustrate the general idea behind each section. If anybody wants to add anything, feel free to do so. --[[User:Hesperus|Hesperus]] 18:55, 22 November 2010 (UTC)<br />
-----------<br />
I remember the prof mentioned the most important part of the paper is the Critique so we gotta focus on that altogether not just one person for sure.--[[User:Praubic|Praubic]] 19:22, 22 November 2010 (UTC)<br />
<br />
-------------<br />
Yeah absloutely, I agree. But first, lets pin down the crucial points. And then we can discuss them collectively. If anyone happens to come across what he thinks is good or bad, then you can add it below to the good/bad points. Maybe the group work idea is bad, but I just thought maybe if we each member focuses on a specific part in the beginning, we can maybe have a better overall idea of what the paper is about. --[[User:Hesperus|Hesperus]] 19:42, 22 November 2010 (UTC)<br />
--------------<br />
Ok, another thing I figured is that the paper doesn't directly hint at why nested virtualization is necessary? I posted a link in references and I'l try to research more into the purpose of nested virtualization.--[[User:Praubic|Praubic]] 19:45, 22 November 2010 (UTC)<br />
--------------<br />
Actually the paper does talk about that. Look at the first two paragraphs in the introduction section of the paper on page 1. But you're right, they don't really elaborate, I think its because its not the purpose or the aim of the paper in the first place. --[[User:Hesperus|Hesperus]] 20:31, 22 November 2010 (UTC) <br />
--------------<br />
The stuff that Michael provided are excellent. That was actually what I was planning on doing. I will start by defining virtualization, hypervisors, computer ring security, the need and uses of nested virtualization, the models, etc. --[[User:Hesperus|Hesperus]] 22:14, 22 November 2010 (UTC)<br />
-------------<br />
So here my question who doing what in the group work and where should I focus my attention to do my part?- Csulliva<br />
-------------<br />
I have posted few things regarding the background concepts on the main page. I will go back and edit it today and talk about other things like: nested virtualization, the need and advantages of NV, the models, the trap and emulate model of x86 machines, computer paging which is discussed in the paper, computer ring security which again they touch on at some point in the paper. I can easily move some of the things I wrote in the theory section to the main page, but I want to consult the prof first on some of those things.<br />
<br />
One thing that I'm still unsure of is how far should we go here ? should we provide background on the hardware architecture used by the authors like the x86 family and the VMX chips, or maybe some of the concepts discussed later on in the testing such as optimization, emulation, para-virtualization ?<br />
<br />
I will speak and consult the prof today after our lecture. If other members want to help, you guys can start with the related work and see how the content of the paper compares to previous or even current research papers. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
------------------------<br />
In response to what Michael mentioned above in the background section: we should definitely talk about that, from what I understood, they apply the same model (the trap and emulate) but they provide optimizations and ways to increase the trap calls efficiency between the nested environments, so thats definitely a contribution, but its more of a performance optimization kind of contribution I guess, which is why I mentioned the optimizations in the contribution section below. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
---------------------------<br />
'''Ok, so for those who didn't attend today's lecture, the prof was nice enough to give us an extension for the paper, the due date now is Dec 2nd.''' And thats really good, given that some of those concepts require time to sort of formulate. I also asked the prof on the approach that we should follow in terms of presenting the material, and he mentioned that you need to provide enough information for each section to make your follow student understand what the paper is about without them having to actually read the paper or go through it in detail. He also mentioned the need to distill some of the details, if the paper spends a whole page explaining multi-dimensional paging, we should probably explain that in 2 small paragraphs or something.<br />
<br />
Also, we should always cite resources. If the resource is a book, we should cite the page number as well. --[[User:Hesperus|Hesperus]] 15:16, 23 November 2010 (UTC)<br />
---------------------------<br />
Yeah I am really thankful he left us with another week to do it. I am sure we all have at least 3 projects due soon, other than this Essay. I'll type up the stuff that I had highlighted for Tuesday as a break tomorrow. I was going to do it yesterday but he gave us an extension, so I slacked off a bit. I also forgot :/ --JSlonosky 23:43, 24 November 2010 (UTC)<br />
<br />
=Paper summary=<br />
==Background Concepts and Other Stuff==<br />
<br />
EDIT: Just noticed that someone has put their name down to do the background concept stuff, so Munther feel free to use this as a starting point if you like.<br />
<br />
The above looks good. I thought id maybe start touching on some of the sections, so let me know what you guys think. Heres what I think would be useful to go over in the Background Concepts section:<br />
<br />
* Firstly, nested virtualization. Why we use nested virtualization (paper gives example of XP inside win 7). Maybe going over the trap and emulate model of nested virtualization.<br />
* Some of the terminology of nested virtualization. The difference between guest/host hypervisors (we're already familiar with guest/host OSs), the terminology of L0, ..., Ln with L0 being the bottom hypervisor, etc<br />
* x86 nested virtualization limitations. Single level architecture, guest/host mode, VMX instructions and how to emulate them. Some of this is in section 3.2of the paper.<br />
<br />
Again, anything else you guys think we should add would be great.<br />
<br />
Commenting some more on the above summary, under the "main contributions" part, do you think we should count the nested VMX virtualization part as a contribution? If we have multiplexing memory and multiplexing I/O as a main contribution, it would seem to make sense to have multiplexing the CPU as well, especially within the limitations of the x86 architecture. Unless they are using someone else's technique for virtualizing these instructions.--[[User:Mbingham|Mbingham]] 21:16, 22 November 2010 (UTC)<br />
==Research problem==<br />
The paper provides a solution for Nested-virtualization on x86 based computers. Their approach is software-based, meaning that, they're not really altering the underlying architecture, and this is basically the most interesting thing about the paper, since x86 computers don't support nested-virtualization in terms of hardware. But apparently they were able to do it.<br />
In addition, generally, nested virtualization is not supported on x86 systems (the architecture is not designed with that in mind) but for example vista runs XP VM under the covers when running xp programs which shows ability for parallel virtualization on a single hypervisor.<br />
<br />
The goal of nested virtualization and multiple host hypervisors comes down to efficiency. Example: Virtualization on servers has been rapidly gaining popularity. The next evolution step is to extend a single level of memory management virtualization support to handle nested virtualization, which is critical for ''high performance''. [1]<br />
<br />
'''How does the concept apply to the quickly developing cloud computing?'''<br />
<br />
Cloud user manages his own virtual machine directly through a hypervisor of choice. In addition it provides increased security by hypervicsor-level intrusion detection.<br />
<br />
==Related work==<br />
<br />
Comparisons with other related/similar research and work:<br />
<br />
Refer to the following website and to the related work section in the paper regarding this section: <br />
http://www.spinics.net/lists/kvm/msg43940.html<br />
<br />
[This is a forum post by one of the authors of our assigned paper where he talks about more recent research work on virtualization, particularly in his first paragraph, he refers to some more recent research by the VMWare technical support team. He also talks about some of the research papers referred to in our assigned paper.] <br />
<br />
<br />
==Theory (Section 3.1)== <br />
<br />
Apparently, theres 2 models to applying nested-virtualization:<br />
<br />
* Multiple-level architecture support: where every hypervisor handles every other hypervisor running on top of it. For instance, if L0 (host hypervisor) runs L1. If L1 attempts to run L2, then the trap handling and the work needed to be done to allow L1 to instantiate a new VM is handled by L0. More generally, if L2 attempts to created its own VM, then L1 will handle the trap handling and such.<br />
<br />
* Single-level architecture support: This is the model supported by the x86 machines. This model is tied into the concept of "Trap and emulate", where every hypervisor tries to emulate the underlying hardware (the VMX chip in the paper implementation) and presents a fake ground for the hypervisor running on top of it (the guest hypervisor) to operate on, letting it think that he's running on the actual hardware. The idea here is that in order for a guest hypervisor to operate and gain hardware-level privileges, it evokes a fault or a trap, this trap or fault is then handled or caught by the main host hypervisor and then inspected to see if its a legitimate or appropriate command or request, if it is, the host gives privilige to the guest, again having it think that its actually running on the main bare-metal hardware.<br />
<br />
In this model, everything must go back to the main host hypervisor. Then the host hypervisor forwards the trap and virtualization specification to the above-level involved or responsible. For instance, if L0 runs L1. Then L1 attempts to run L2. Then the command to run L2 goes down to L0 and then L0 forwards this command to L1 again. This is the model we're interested in because this what x86 machines basically follow. Look at figure 1 in the paper for a better understanding of this.<br />
<br />
==Main contribution==<br />
The paper propose two new-developed techniques:<br />
* Multi-dimensional paging (for memory virtualization)<br />
* Multiple-level device management (for I/O virtualization)<br />
<br />
Other contributions:<br />
* Micro-optimizations to improve performance.<br />
<br />
==Implementation==<br />
The turtle project has four components that is crucial to its implementation.<br />
* Nested VMX virtualization for nested CPU virtualization<br />
* Multi-dimensional paging for nested MMU virtualization<br />
* Multi-level device assignment for nested I/O virtualization<br />
* Micro-Optimizations<br />
<br />
How the Nest VMX virtualization works:<br />
<br />
==Performance==<br />
<br />
<br />
==Critique==<br />
'''The good:'''<br />
<br />
* From what I read so far, the research showed in the paper is probably the first to achieve efficent x86 nested-virtualization without altering the hardware, relying on software-only techniques and mechanisms. They also won the Jay Lepreau best paper award.<br />
<br />
* security - being able to run other hypervisors without being detected<br />
<br />
* testing, debugging - of hypervisors<br />
<br />
'''The bad:'''<br />
<br />
* lots of exits. to be continued. (anyone whos is interested feel free to take this topic)<br />
<br />
==References==<br />
[1] http://www.haifux.org/lectures/225/ - '''Nested x86 Virtualization - Muli Ben-Yehuda'''</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:COMP_3000_Essay_2_2010_Question_9&diff=5613Talk:COMP 3000 Essay 2 2010 Question 92010-11-27T03:03:13Z<p>Csulliva: /* Implementation */</p>
<hr />
<div>=Group members=<br />
<br />
* Munther Hussain<br />
* Jonathon Slonosky<br />
* Michael Bingham<br />
* Chris Sullivan<br />
* Pawel Raubic<br />
<br />
=Group work=<br />
* Background concepts: Munther Hussain<br />
* Research problem:<br />
* Contribution:<br />
* Critique:<br />
<br />
<br />
=General discussion=<br />
<br />
Hey there, this is Munther. The prof said that we should be contacting each other to see whos still on board for the course. So please<br />
if you read this, add your name to the list of members above. You can my find my contact info in my profile page by clicking my signature. We shall talk about the details and how we will approach this in the next few days --[[User:Hesperus|Hesperus]] 16:41, 12 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in -- JSlonosky<br />
<br />
----------------------<br />
<br />
Pawel has already contacted us so he still in for the course, that makes 3 of us. The other three members, please drop in and add your name. We need to confirm the members today by 1:00 pm. --[[User:Hesperus|Hesperus]] 12:18, 15 November 2010 (UTC)<br />
<br />
----------------------<br />
<br />
Checked in --[[User:Mbingham|Mbingham]] 15:08, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in --[[User:Smcilroy|Smcilroy]] 17:03, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
To the person above me (Smcilroy): I can see that you're assigned to group 7 and not this one. So did the prof move you to this group or something ? We haven't confirmed or emailed the prof yet, I will wait until 1:00 pm. --[[User:Hesperus|Hesperus]] 17:22, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
Alright, so I just emailed the prof the list of members that have checked in so far (the names listed above plus Pawel Raubic),<br />
Smcilroy: I still don't know whether you're in this group or not, though I don't see your name listed in the group assignments on the course webpage. To the other members: if you're still interested in doing the course, please drop in here and add your name or even email me, you can find my contact info in my profile page(just click my signature).<br />
<br />
Personally speaking, I find the topic of this article (The Turtle Project) to be quite interesting and approachable, in fact we've<br />
already been playing with VirtualBox and VMWare and such things, so we should be familiar with some of the concepts the article<br />
approaches like nested-virtualization, hypervisors, supervisors, etc, things that we even covered in class and we can in fact test on our machines. I've already started reading the article, hopefully tonight we'll start posting some basic ideas or concepts and talk about the article in general. I will be in tomorrow's tutorial session in the 4th floor in case some of you guys want to get to know one another. --[[User:Hesperus|Hesperus]] 18:43, 15 November 2010 (UTC)<br />
-----<br />
Yeah, it looks pretty good to me. Unfortunately, I am attending Ozzy Osbourne on the 25th, so I'd like it if we could get ourselves organized early so I can get my part done and not letting it fall on you guys. Not that I would let that happen --JSlonosky 02:51, 16 November 2010 (UTC)<br />
-----<br />
Why waste your money on that old man ? I'd love to see Halford though, I'm sure he'll do some classic Priest material, haven't checked the new record yet, but the cover looks awful, definitely the worst and most ridiculous cover of the year. Anyways, enough music talk. I think we should get it done at least on 24th, we should leave the last day to do the editing and stuff. I removed Smcilroy from the members list, I think he checked in here by mistake because I can see him in group 7. So far, we're 5, still missing one member. --[[User:Hesperus|Hesperus]] 05:36, 16 November 2010 (UTC)<br />
-----<br />
Yeah that would be pretty sweet. I figured I might as well see him when I can; Since he is going to be dead soon. How is he not already? Alright well, the other member should show up soon, or I'd guess that we are a group of 5. --JSlonosky 16:37, 16 November 2010 (UTC)<br />
<br />
-----<br />
Hey dudes. I think we need to get going here.. the paper is due in 4 days. I just did the paper intro section (provided the title, authors, research labs, links, etc.). I have read the paper twice so far and will be spending the whole day working on the background concepts and the research problem sections. <br />
<br />
I'm still not sure on how we should divide the work and sections among the members, especially regarding the research contribution and critique, I mean those sections should not be based or written from the perspective of one person, we all need to work and discuss those paper concepts together.<br />
<br />
If anyone wants to add something, then please add but don't edit or alter the already existing content. Lets try to get as many thoughts/ideas as possible and then we will edit and filter the redundancy later. And lets make sure that we add summary comments to our edits to make it easier to keep track of everything.<br />
<br />
Also, we're still missing one member: Shawn Hansen. Its weird because on last Wednesday's lab, the prof told me that he attended the lab and signed his name, so he should still be in the course. --[[User:Hesperus|Hesperus]] 18:07, 21 November 2010 (UTC)<br />
<br />
---------<br />
Yeah man. We really do need to get on this. Not going to ozzy so I got free time now. I am reading it again to refresh my memory of it and will put notes of what I think we can criticize about it and such. What kind of references do you think we will need? Similar papers etc?<br />
If you need to a hold of me. Best way is through email. jslonosk@connect.Carleton.ca. And if that is still in our group but doesn't participate, too bad for him--JSlonosky 14:42, 22 November 2010 (UTC)<br />
----------<br />
The section on the related work has all the things we need to as far as other papers go. Also, I was able to find other research papers that are not mentioned in the paper. I will definitely be adding those paper by tonight. For the time being, I will handle the background concepts. I added a group work section below to keep track of whos doing what. I should get the background concept done hopefully by tonight. If anyone want to help with the other sections that would be great, please add your name to the section you want to handle below.<br />
<br />
I added a general paper summary below just to illustrate the general idea behind each section. If anybody wants to add anything, feel free to do so. --[[User:Hesperus|Hesperus]] 18:55, 22 November 2010 (UTC)<br />
-----------<br />
I remember the prof mentioned the most important part of the paper is the Critique so we gotta focus on that altogether not just one person for sure.--[[User:Praubic|Praubic]] 19:22, 22 November 2010 (UTC)<br />
<br />
-------------<br />
Yeah absloutely, I agree. But first, lets pin down the crucial points. And then we can discuss them collectively. If anyone happens to come across what he thinks is good or bad, then you can add it below to the good/bad points. Maybe the group work idea is bad, but I just thought maybe if we each member focuses on a specific part in the beginning, we can maybe have a better overall idea of what the paper is about. --[[User:Hesperus|Hesperus]] 19:42, 22 November 2010 (UTC)<br />
--------------<br />
Ok, another thing I figured is that the paper doesn't directly hint at why nested virtualization is necessary? I posted a link in references and I'l try to research more into the purpose of nested virtualization.--[[User:Praubic|Praubic]] 19:45, 22 November 2010 (UTC)<br />
--------------<br />
Actually the paper does talk about that. Look at the first two paragraphs in the introduction section of the paper on page 1. But you're right, they don't really elaborate, I think its because its not the purpose or the aim of the paper in the first place. --[[User:Hesperus|Hesperus]] 20:31, 22 November 2010 (UTC) <br />
--------------<br />
The stuff that Michael provided are excellent. That was actually what I was planning on doing. I will start by defining virtualization, hypervisors, computer ring security, the need and uses of nested virtualization, the models, etc. --[[User:Hesperus|Hesperus]] 22:14, 22 November 2010 (UTC)<br />
-------------<br />
So here my question who doing what in the group work and where should I focus my attention to do my part?- Csulliva<br />
-------------<br />
I have posted few things regarding the background concepts on the main page. I will go back and edit it today and talk about other things like: nested virtualization, the need and advantages of NV, the models, the trap and emulate model of x86 machines, computer paging which is discussed in the paper, computer ring security which again they touch on at some point in the paper. I can easily move some of the things I wrote in the theory section to the main page, but I want to consult the prof first on some of those things.<br />
<br />
One thing that I'm still unsure of is how far should we go here ? should we provide background on the hardware architecture used by the authors like the x86 family and the VMX chips, or maybe some of the concepts discussed later on in the testing such as optimization, emulation, para-virtualization ?<br />
<br />
I will speak and consult the prof today after our lecture. If other members want to help, you guys can start with the related work and see how the content of the paper compares to previous or even current research papers. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
------------------------<br />
In response to what Michael mentioned above in the background section: we should definitely talk about that, from what I understood, they apply the same model (the trap and emulate) but they provide optimizations and ways to increase the trap calls efficiency between the nested environments, so thats definitely a contribution, but its more of a performance optimization kind of contribution I guess, which is why I mentioned the optimizations in the contribution section below. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
---------------------------<br />
'''Ok, so for those who didn't attend today's lecture, the prof was nice enough to give us an extension for the paper, the due date now is Dec 2nd.''' And thats really good, given that some of those concepts require time to sort of formulate. I also asked the prof on the approach that we should follow in terms of presenting the material, and he mentioned that you need to provide enough information for each section to make your follow student understand what the paper is about without them having to actually read the paper or go through it in detail. He also mentioned the need to distill some of the details, if the paper spends a whole page explaining multi-dimensional paging, we should probably explain that in 2 small paragraphs or something.<br />
<br />
Also, we should always cite resources. If the resource is a book, we should cite the page number as well. --[[User:Hesperus|Hesperus]] 15:16, 23 November 2010 (UTC)<br />
---------------------------<br />
Yeah I am really thankful he left us with another week to do it. I am sure we all have at least 3 projects due soon, other than this Essay. I'll type up the stuff that I had highlighted for Tuesday as a break tomorrow. I was going to do it yesterday but he gave us an extension, so I slacked off a bit. I also forgot :/ --JSlonosky 23:43, 24 November 2010 (UTC)<br />
<br />
=Paper summary=<br />
==Background Concepts and Other Stuff==<br />
<br />
EDIT: Just noticed that someone has put their name down to do the background concept stuff, so Munther feel free to use this as a starting point if you like.<br />
<br />
The above looks good. I thought id maybe start touching on some of the sections, so let me know what you guys think. Heres what I think would be useful to go over in the Background Concepts section:<br />
<br />
* Firstly, nested virtualization. Why we use nested virtualization (paper gives example of XP inside win 7). Maybe going over the trap and emulate model of nested virtualization.<br />
* Some of the terminology of nested virtualization. The difference between guest/host hypervisors (we're already familiar with guest/host OSs), the terminology of L0, ..., Ln with L0 being the bottom hypervisor, etc<br />
* x86 nested virtualization limitations. Single level architecture, guest/host mode, VMX instructions and how to emulate them. Some of this is in section 3.2of the paper.<br />
<br />
Again, anything else you guys think we should add would be great.<br />
<br />
Commenting some more on the above summary, under the "main contributions" part, do you think we should count the nested VMX virtualization part as a contribution? If we have multiplexing memory and multiplexing I/O as a main contribution, it would seem to make sense to have multiplexing the CPU as well, especially within the limitations of the x86 architecture. Unless they are using someone else's technique for virtualizing these instructions.--[[User:Mbingham|Mbingham]] 21:16, 22 November 2010 (UTC)<br />
==Research problem==<br />
The paper provides a solution for Nested-virtualization on x86 based computers. Their approach is software-based, meaning that, they're not really altering the underlying architecture, and this is basically the most interesting thing about the paper, since x86 computers don't support nested-virtualization in terms of hardware. But apparently they were able to do it.<br />
In addition, generally, nested virtualization is not supported on x86 systems (the architecture is not designed with that in mind) but for example vista runs XP VM under the covers when running xp programs which shows ability for parallel virtualization on a single hypervisor.<br />
<br />
The goal of nested virtualization and multiple host hypervisors comes down to efficiency. Example: Virtualization on servers has been rapidly gaining popularity. The next evolution step is to extend a single level of memory management virtualization support to handle nested virtualization, which is critical for ''high performance''. [1]<br />
<br />
'''How does the concept apply to the quickly developing cloud computing?'''<br />
<br />
Cloud user manages his own virtual machine directly through a hypervisor of choice. In addition it provides increased security by hypervicsor-level intrusion detection.<br />
<br />
==Related work==<br />
<br />
Comparisons with other related/similar research and work:<br />
<br />
Refer to the following website and to the related work section in the paper regarding this section: <br />
http://www.spinics.net/lists/kvm/msg43940.html<br />
<br />
[This is a forum post by one of the authors of our assigned paper where he talks about more recent research work on virtualization, particularly in his first paragraph, he refers to some more recent research by the VMWare technical support team. He also talks about some of the research papers referred to in our assigned paper.] <br />
<br />
<br />
==Theory (Section 3.1)== <br />
<br />
Apparently, theres 2 models to applying nested-virtualization:<br />
<br />
* Multiple-level architecture support: where every hypervisor handles every other hypervisor running on top of it. For instance, if L0 (host hypervisor) runs L1. If L1 attempts to run L2, then the trap handling and the work needed to be done to allow L1 to instantiate a new VM is handled by L0. More generally, if L2 attempts to created its own VM, then L1 will handle the trap handling and such.<br />
<br />
* Single-level architecture support: This is the model supported by the x86 machines. This model is tied into the concept of "Trap and emulate", where every hypervisor tries to emulate the underlying hardware (the VMX chip in the paper implementation) and presents a fake ground for the hypervisor running on top of it (the guest hypervisor) to operate on, letting it think that he's running on the actual hardware. The idea here is that in order for a guest hypervisor to operate and gain hardware-level privileges, it evokes a fault or a trap, this trap or fault is then handled or caught by the main host hypervisor and then inspected to see if its a legitimate or appropriate command or request, if it is, the host gives privilige to the guest, again having it think that its actually running on the main bare-metal hardware.<br />
<br />
In this model, everything must go back to the main host hypervisor. Then the host hypervisor forwards the trap and virtualization specification to the above-level involved or responsible. For instance, if L0 runs L1. Then L1 attempts to run L2. Then the command to run L2 goes down to L0 and then L0 forwards this command to L1 again. This is the model we're interested in because this what x86 machines basically follow. Look at figure 1 in the paper for a better understanding of this.<br />
<br />
==Main contribution==<br />
The paper propose two new-developed techniques:<br />
* Multi-dimensional paging (for memory virtualization)<br />
* Multiple-level device management (for I/O virtualization)<br />
<br />
Other contributions:<br />
* Micro-optimizations to improve performance.<br />
<br />
==Implementation==<br />
The turtle project has four components that is crucial to its implementation.<br />
Nested VMX virtualization for nested CPU virtualization<br />
2. Multi-dimensional paging for nested MMU virtualization<br />
3. Multi-level device assignment for nested I/O virtualization<br />
4. Micro-Optimizations<br />
<br />
==Performance==<br />
<br />
<br />
==Critique==<br />
'''The good:'''<br />
<br />
* From what I read so far, the research showed in the paper is probably the first to achieve efficent x86 nested-virtualization without altering the hardware, relying on software-only techniques and mechanisms. They also won the Jay Lepreau best paper award.<br />
<br />
* security - being able to run other hypervisors without being detected<br />
<br />
* testing, debugging - of hypervisors<br />
<br />
'''The bad:'''<br />
<br />
* lots of exits. to be continued. (anyone whos is interested feel free to take this topic)<br />
<br />
==References==<br />
[1] http://www.haifux.org/lectures/225/ - '''Nested x86 Virtualization - Muli Ben-Yehuda'''</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:COMP_3000_Essay_2_2010_Question_9&diff=5612Talk:COMP 3000 Essay 2 2010 Question 92010-11-27T03:02:41Z<p>Csulliva: /* Implementation */</p>
<hr />
<div>=Group members=<br />
<br />
* Munther Hussain<br />
* Jonathon Slonosky<br />
* Michael Bingham<br />
* Chris Sullivan<br />
* Pawel Raubic<br />
<br />
=Group work=<br />
* Background concepts: Munther Hussain<br />
* Research problem:<br />
* Contribution:<br />
* Critique:<br />
<br />
<br />
=General discussion=<br />
<br />
Hey there, this is Munther. The prof said that we should be contacting each other to see whos still on board for the course. So please<br />
if you read this, add your name to the list of members above. You can my find my contact info in my profile page by clicking my signature. We shall talk about the details and how we will approach this in the next few days --[[User:Hesperus|Hesperus]] 16:41, 12 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in -- JSlonosky<br />
<br />
----------------------<br />
<br />
Pawel has already contacted us so he still in for the course, that makes 3 of us. The other three members, please drop in and add your name. We need to confirm the members today by 1:00 pm. --[[User:Hesperus|Hesperus]] 12:18, 15 November 2010 (UTC)<br />
<br />
----------------------<br />
<br />
Checked in --[[User:Mbingham|Mbingham]] 15:08, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in --[[User:Smcilroy|Smcilroy]] 17:03, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
To the person above me (Smcilroy): I can see that you're assigned to group 7 and not this one. So did the prof move you to this group or something ? We haven't confirmed or emailed the prof yet, I will wait until 1:00 pm. --[[User:Hesperus|Hesperus]] 17:22, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
Alright, so I just emailed the prof the list of members that have checked in so far (the names listed above plus Pawel Raubic),<br />
Smcilroy: I still don't know whether you're in this group or not, though I don't see your name listed in the group assignments on the course webpage. To the other members: if you're still interested in doing the course, please drop in here and add your name or even email me, you can find my contact info in my profile page(just click my signature).<br />
<br />
Personally speaking, I find the topic of this article (The Turtle Project) to be quite interesting and approachable, in fact we've<br />
already been playing with VirtualBox and VMWare and such things, so we should be familiar with some of the concepts the article<br />
approaches like nested-virtualization, hypervisors, supervisors, etc, things that we even covered in class and we can in fact test on our machines. I've already started reading the article, hopefully tonight we'll start posting some basic ideas or concepts and talk about the article in general. I will be in tomorrow's tutorial session in the 4th floor in case some of you guys want to get to know one another. --[[User:Hesperus|Hesperus]] 18:43, 15 November 2010 (UTC)<br />
-----<br />
Yeah, it looks pretty good to me. Unfortunately, I am attending Ozzy Osbourne on the 25th, so I'd like it if we could get ourselves organized early so I can get my part done and not letting it fall on you guys. Not that I would let that happen --JSlonosky 02:51, 16 November 2010 (UTC)<br />
-----<br />
Why waste your money on that old man ? I'd love to see Halford though, I'm sure he'll do some classic Priest material, haven't checked the new record yet, but the cover looks awful, definitely the worst and most ridiculous cover of the year. Anyways, enough music talk. I think we should get it done at least on 24th, we should leave the last day to do the editing and stuff. I removed Smcilroy from the members list, I think he checked in here by mistake because I can see him in group 7. So far, we're 5, still missing one member. --[[User:Hesperus|Hesperus]] 05:36, 16 November 2010 (UTC)<br />
-----<br />
Yeah that would be pretty sweet. I figured I might as well see him when I can; Since he is going to be dead soon. How is he not already? Alright well, the other member should show up soon, or I'd guess that we are a group of 5. --JSlonosky 16:37, 16 November 2010 (UTC)<br />
<br />
-----<br />
Hey dudes. I think we need to get going here.. the paper is due in 4 days. I just did the paper intro section (provided the title, authors, research labs, links, etc.). I have read the paper twice so far and will be spending the whole day working on the background concepts and the research problem sections. <br />
<br />
I'm still not sure on how we should divide the work and sections among the members, especially regarding the research contribution and critique, I mean those sections should not be based or written from the perspective of one person, we all need to work and discuss those paper concepts together.<br />
<br />
If anyone wants to add something, then please add but don't edit or alter the already existing content. Lets try to get as many thoughts/ideas as possible and then we will edit and filter the redundancy later. And lets make sure that we add summary comments to our edits to make it easier to keep track of everything.<br />
<br />
Also, we're still missing one member: Shawn Hansen. Its weird because on last Wednesday's lab, the prof told me that he attended the lab and signed his name, so he should still be in the course. --[[User:Hesperus|Hesperus]] 18:07, 21 November 2010 (UTC)<br />
<br />
---------<br />
Yeah man. We really do need to get on this. Not going to ozzy so I got free time now. I am reading it again to refresh my memory of it and will put notes of what I think we can criticize about it and such. What kind of references do you think we will need? Similar papers etc?<br />
If you need to a hold of me. Best way is through email. jslonosk@connect.Carleton.ca. And if that is still in our group but doesn't participate, too bad for him--JSlonosky 14:42, 22 November 2010 (UTC)<br />
----------<br />
The section on the related work has all the things we need to as far as other papers go. Also, I was able to find other research papers that are not mentioned in the paper. I will definitely be adding those paper by tonight. For the time being, I will handle the background concepts. I added a group work section below to keep track of whos doing what. I should get the background concept done hopefully by tonight. If anyone want to help with the other sections that would be great, please add your name to the section you want to handle below.<br />
<br />
I added a general paper summary below just to illustrate the general idea behind each section. If anybody wants to add anything, feel free to do so. --[[User:Hesperus|Hesperus]] 18:55, 22 November 2010 (UTC)<br />
-----------<br />
I remember the prof mentioned the most important part of the paper is the Critique so we gotta focus on that altogether not just one person for sure.--[[User:Praubic|Praubic]] 19:22, 22 November 2010 (UTC)<br />
<br />
-------------<br />
Yeah absloutely, I agree. But first, lets pin down the crucial points. And then we can discuss them collectively. If anyone happens to come across what he thinks is good or bad, then you can add it below to the good/bad points. Maybe the group work idea is bad, but I just thought maybe if we each member focuses on a specific part in the beginning, we can maybe have a better overall idea of what the paper is about. --[[User:Hesperus|Hesperus]] 19:42, 22 November 2010 (UTC)<br />
--------------<br />
Ok, another thing I figured is that the paper doesn't directly hint at why nested virtualization is necessary? I posted a link in references and I'l try to research more into the purpose of nested virtualization.--[[User:Praubic|Praubic]] 19:45, 22 November 2010 (UTC)<br />
--------------<br />
Actually the paper does talk about that. Look at the first two paragraphs in the introduction section of the paper on page 1. But you're right, they don't really elaborate, I think its because its not the purpose or the aim of the paper in the first place. --[[User:Hesperus|Hesperus]] 20:31, 22 November 2010 (UTC) <br />
--------------<br />
The stuff that Michael provided are excellent. That was actually what I was planning on doing. I will start by defining virtualization, hypervisors, computer ring security, the need and uses of nested virtualization, the models, etc. --[[User:Hesperus|Hesperus]] 22:14, 22 November 2010 (UTC)<br />
-------------<br />
So here my question who doing what in the group work and where should I focus my attention to do my part?- Csulliva<br />
-------------<br />
I have posted few things regarding the background concepts on the main page. I will go back and edit it today and talk about other things like: nested virtualization, the need and advantages of NV, the models, the trap and emulate model of x86 machines, computer paging which is discussed in the paper, computer ring security which again they touch on at some point in the paper. I can easily move some of the things I wrote in the theory section to the main page, but I want to consult the prof first on some of those things.<br />
<br />
One thing that I'm still unsure of is how far should we go here ? should we provide background on the hardware architecture used by the authors like the x86 family and the VMX chips, or maybe some of the concepts discussed later on in the testing such as optimization, emulation, para-virtualization ?<br />
<br />
I will speak and consult the prof today after our lecture. If other members want to help, you guys can start with the related work and see how the content of the paper compares to previous or even current research papers. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
------------------------<br />
In response to what Michael mentioned above in the background section: we should definitely talk about that, from what I understood, they apply the same model (the trap and emulate) but they provide optimizations and ways to increase the trap calls efficiency between the nested environments, so thats definitely a contribution, but its more of a performance optimization kind of contribution I guess, which is why I mentioned the optimizations in the contribution section below. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
---------------------------<br />
'''Ok, so for those who didn't attend today's lecture, the prof was nice enough to give us an extension for the paper, the due date now is Dec 2nd.''' And thats really good, given that some of those concepts require time to sort of formulate. I also asked the prof on the approach that we should follow in terms of presenting the material, and he mentioned that you need to provide enough information for each section to make your follow student understand what the paper is about without them having to actually read the paper or go through it in detail. He also mentioned the need to distill some of the details, if the paper spends a whole page explaining multi-dimensional paging, we should probably explain that in 2 small paragraphs or something.<br />
<br />
Also, we should always cite resources. If the resource is a book, we should cite the page number as well. --[[User:Hesperus|Hesperus]] 15:16, 23 November 2010 (UTC)<br />
---------------------------<br />
Yeah I am really thankful he left us with another week to do it. I am sure we all have at least 3 projects due soon, other than this Essay. I'll type up the stuff that I had highlighted for Tuesday as a break tomorrow. I was going to do it yesterday but he gave us an extension, so I slacked off a bit. I also forgot :/ --JSlonosky 23:43, 24 November 2010 (UTC)<br />
<br />
=Paper summary=<br />
==Background Concepts and Other Stuff==<br />
<br />
EDIT: Just noticed that someone has put their name down to do the background concept stuff, so Munther feel free to use this as a starting point if you like.<br />
<br />
The above looks good. I thought id maybe start touching on some of the sections, so let me know what you guys think. Heres what I think would be useful to go over in the Background Concepts section:<br />
<br />
* Firstly, nested virtualization. Why we use nested virtualization (paper gives example of XP inside win 7). Maybe going over the trap and emulate model of nested virtualization.<br />
* Some of the terminology of nested virtualization. The difference between guest/host hypervisors (we're already familiar with guest/host OSs), the terminology of L0, ..., Ln with L0 being the bottom hypervisor, etc<br />
* x86 nested virtualization limitations. Single level architecture, guest/host mode, VMX instructions and how to emulate them. Some of this is in section 3.2of the paper.<br />
<br />
Again, anything else you guys think we should add would be great.<br />
<br />
Commenting some more on the above summary, under the "main contributions" part, do you think we should count the nested VMX virtualization part as a contribution? If we have multiplexing memory and multiplexing I/O as a main contribution, it would seem to make sense to have multiplexing the CPU as well, especially within the limitations of the x86 architecture. Unless they are using someone else's technique for virtualizing these instructions.--[[User:Mbingham|Mbingham]] 21:16, 22 November 2010 (UTC)<br />
==Research problem==<br />
The paper provides a solution for Nested-virtualization on x86 based computers. Their approach is software-based, meaning that, they're not really altering the underlying architecture, and this is basically the most interesting thing about the paper, since x86 computers don't support nested-virtualization in terms of hardware. But apparently they were able to do it.<br />
In addition, generally, nested virtualization is not supported on x86 systems (the architecture is not designed with that in mind) but for example vista runs XP VM under the covers when running xp programs which shows ability for parallel virtualization on a single hypervisor.<br />
<br />
The goal of nested virtualization and multiple host hypervisors comes down to efficiency. Example: Virtualization on servers has been rapidly gaining popularity. The next evolution step is to extend a single level of memory management virtualization support to handle nested virtualization, which is critical for ''high performance''. [1]<br />
<br />
'''How does the concept apply to the quickly developing cloud computing?'''<br />
<br />
Cloud user manages his own virtual machine directly through a hypervisor of choice. In addition it provides increased security by hypervicsor-level intrusion detection.<br />
<br />
==Related work==<br />
<br />
Comparisons with other related/similar research and work:<br />
<br />
Refer to the following website and to the related work section in the paper regarding this section: <br />
http://www.spinics.net/lists/kvm/msg43940.html<br />
<br />
[This is a forum post by one of the authors of our assigned paper where he talks about more recent research work on virtualization, particularly in his first paragraph, he refers to some more recent research by the VMWare technical support team. He also talks about some of the research papers referred to in our assigned paper.] <br />
<br />
<br />
==Theory (Section 3.1)== <br />
<br />
Apparently, theres 2 models to applying nested-virtualization:<br />
<br />
* Multiple-level architecture support: where every hypervisor handles every other hypervisor running on top of it. For instance, if L0 (host hypervisor) runs L1. If L1 attempts to run L2, then the trap handling and the work needed to be done to allow L1 to instantiate a new VM is handled by L0. More generally, if L2 attempts to created its own VM, then L1 will handle the trap handling and such.<br />
<br />
* Single-level architecture support: This is the model supported by the x86 machines. This model is tied into the concept of "Trap and emulate", where every hypervisor tries to emulate the underlying hardware (the VMX chip in the paper implementation) and presents a fake ground for the hypervisor running on top of it (the guest hypervisor) to operate on, letting it think that he's running on the actual hardware. The idea here is that in order for a guest hypervisor to operate and gain hardware-level privileges, it evokes a fault or a trap, this trap or fault is then handled or caught by the main host hypervisor and then inspected to see if its a legitimate or appropriate command or request, if it is, the host gives privilige to the guest, again having it think that its actually running on the main bare-metal hardware.<br />
<br />
In this model, everything must go back to the main host hypervisor. Then the host hypervisor forwards the trap and virtualization specification to the above-level involved or responsible. For instance, if L0 runs L1. Then L1 attempts to run L2. Then the command to run L2 goes down to L0 and then L0 forwards this command to L1 again. This is the model we're interested in because this what x86 machines basically follow. Look at figure 1 in the paper for a better understanding of this.<br />
<br />
==Main contribution==<br />
The paper propose two new-developed techniques:<br />
* Multi-dimensional paging (for memory virtualization)<br />
* Multiple-level device management (for I/O virtualization)<br />
<br />
Other contributions:<br />
* Micro-optimizations to improve performance.<br />
<br />
==Implementation==<br />
The turtle project has four components that is crucial to its implementation.<br />
1. Nested VMX virtualization for nested CPU virtualization<br />
2. Multi-dimensional paging for nested MMU virtualization<br />
3. Multi-level device assignment for nested I/O virtualization<br />
4. Micro-Optimizations<br />
<br />
==Performance==<br />
<br />
<br />
==Critique==<br />
'''The good:'''<br />
<br />
* From what I read so far, the research showed in the paper is probably the first to achieve efficent x86 nested-virtualization without altering the hardware, relying on software-only techniques and mechanisms. They also won the Jay Lepreau best paper award.<br />
<br />
* security - being able to run other hypervisors without being detected<br />
<br />
* testing, debugging - of hypervisors<br />
<br />
'''The bad:'''<br />
<br />
* lots of exits. to be continued. (anyone whos is interested feel free to take this topic)<br />
<br />
==References==<br />
[1] http://www.haifux.org/lectures/225/ - '''Nested x86 Virtualization - Muli Ben-Yehuda'''</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:COMP_3000_Essay_2_2010_Question_9&diff=5611Talk:COMP 3000 Essay 2 2010 Question 92010-11-27T02:33:31Z<p>Csulliva: /* Theory (Section 3.1) */</p>
<hr />
<div>=Group members=<br />
<br />
* Munther Hussain<br />
* Jonathon Slonosky<br />
* Michael Bingham<br />
* Chris Sullivan<br />
* Pawel Raubic<br />
<br />
=Group work=<br />
* Background concepts: Munther Hussain<br />
* Research problem:<br />
* Contribution:<br />
* Critique:<br />
<br />
<br />
=General discussion=<br />
<br />
Hey there, this is Munther. The prof said that we should be contacting each other to see whos still on board for the course. So please<br />
if you read this, add your name to the list of members above. You can my find my contact info in my profile page by clicking my signature. We shall talk about the details and how we will approach this in the next few days --[[User:Hesperus|Hesperus]] 16:41, 12 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in -- JSlonosky<br />
<br />
----------------------<br />
<br />
Pawel has already contacted us so he still in for the course, that makes 3 of us. The other three members, please drop in and add your name. We need to confirm the members today by 1:00 pm. --[[User:Hesperus|Hesperus]] 12:18, 15 November 2010 (UTC)<br />
<br />
----------------------<br />
<br />
Checked in --[[User:Mbingham|Mbingham]] 15:08, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in --[[User:Smcilroy|Smcilroy]] 17:03, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
To the person above me (Smcilroy): I can see that you're assigned to group 7 and not this one. So did the prof move you to this group or something ? We haven't confirmed or emailed the prof yet, I will wait until 1:00 pm. --[[User:Hesperus|Hesperus]] 17:22, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
Alright, so I just emailed the prof the list of members that have checked in so far (the names listed above plus Pawel Raubic),<br />
Smcilroy: I still don't know whether you're in this group or not, though I don't see your name listed in the group assignments on the course webpage. To the other members: if you're still interested in doing the course, please drop in here and add your name or even email me, you can find my contact info in my profile page(just click my signature).<br />
<br />
Personally speaking, I find the topic of this article (The Turtle Project) to be quite interesting and approachable, in fact we've<br />
already been playing with VirtualBox and VMWare and such things, so we should be familiar with some of the concepts the article<br />
approaches like nested-virtualization, hypervisors, supervisors, etc, things that we even covered in class and we can in fact test on our machines. I've already started reading the article, hopefully tonight we'll start posting some basic ideas or concepts and talk about the article in general. I will be in tomorrow's tutorial session in the 4th floor in case some of you guys want to get to know one another. --[[User:Hesperus|Hesperus]] 18:43, 15 November 2010 (UTC)<br />
-----<br />
Yeah, it looks pretty good to me. Unfortunately, I am attending Ozzy Osbourne on the 25th, so I'd like it if we could get ourselves organized early so I can get my part done and not letting it fall on you guys. Not that I would let that happen --JSlonosky 02:51, 16 November 2010 (UTC)<br />
-----<br />
Why waste your money on that old man ? I'd love to see Halford though, I'm sure he'll do some classic Priest material, haven't checked the new record yet, but the cover looks awful, definitely the worst and most ridiculous cover of the year. Anyways, enough music talk. I think we should get it done at least on 24th, we should leave the last day to do the editing and stuff. I removed Smcilroy from the members list, I think he checked in here by mistake because I can see him in group 7. So far, we're 5, still missing one member. --[[User:Hesperus|Hesperus]] 05:36, 16 November 2010 (UTC)<br />
-----<br />
Yeah that would be pretty sweet. I figured I might as well see him when I can; Since he is going to be dead soon. How is he not already? Alright well, the other member should show up soon, or I'd guess that we are a group of 5. --JSlonosky 16:37, 16 November 2010 (UTC)<br />
<br />
-----<br />
Hey dudes. I think we need to get going here.. the paper is due in 4 days. I just did the paper intro section (provided the title, authors, research labs, links, etc.). I have read the paper twice so far and will be spending the whole day working on the background concepts and the research problem sections. <br />
<br />
I'm still not sure on how we should divide the work and sections among the members, especially regarding the research contribution and critique, I mean those sections should not be based or written from the perspective of one person, we all need to work and discuss those paper concepts together.<br />
<br />
If anyone wants to add something, then please add but don't edit or alter the already existing content. Lets try to get as many thoughts/ideas as possible and then we will edit and filter the redundancy later. And lets make sure that we add summary comments to our edits to make it easier to keep track of everything.<br />
<br />
Also, we're still missing one member: Shawn Hansen. Its weird because on last Wednesday's lab, the prof told me that he attended the lab and signed his name, so he should still be in the course. --[[User:Hesperus|Hesperus]] 18:07, 21 November 2010 (UTC)<br />
<br />
---------<br />
Yeah man. We really do need to get on this. Not going to ozzy so I got free time now. I am reading it again to refresh my memory of it and will put notes of what I think we can criticize about it and such. What kind of references do you think we will need? Similar papers etc?<br />
If you need to a hold of me. Best way is through email. jslonosk@connect.Carleton.ca. And if that is still in our group but doesn't participate, too bad for him--JSlonosky 14:42, 22 November 2010 (UTC)<br />
----------<br />
The section on the related work has all the things we need to as far as other papers go. Also, I was able to find other research papers that are not mentioned in the paper. I will definitely be adding those paper by tonight. For the time being, I will handle the background concepts. I added a group work section below to keep track of whos doing what. I should get the background concept done hopefully by tonight. If anyone want to help with the other sections that would be great, please add your name to the section you want to handle below.<br />
<br />
I added a general paper summary below just to illustrate the general idea behind each section. If anybody wants to add anything, feel free to do so. --[[User:Hesperus|Hesperus]] 18:55, 22 November 2010 (UTC)<br />
-----------<br />
I remember the prof mentioned the most important part of the paper is the Critique so we gotta focus on that altogether not just one person for sure.--[[User:Praubic|Praubic]] 19:22, 22 November 2010 (UTC)<br />
<br />
-------------<br />
Yeah absloutely, I agree. But first, lets pin down the crucial points. And then we can discuss them collectively. If anyone happens to come across what he thinks is good or bad, then you can add it below to the good/bad points. Maybe the group work idea is bad, but I just thought maybe if we each member focuses on a specific part in the beginning, we can maybe have a better overall idea of what the paper is about. --[[User:Hesperus|Hesperus]] 19:42, 22 November 2010 (UTC)<br />
--------------<br />
Ok, another thing I figured is that the paper doesn't directly hint at why nested virtualization is necessary? I posted a link in references and I'l try to research more into the purpose of nested virtualization.--[[User:Praubic|Praubic]] 19:45, 22 November 2010 (UTC)<br />
--------------<br />
Actually the paper does talk about that. Look at the first two paragraphs in the introduction section of the paper on page 1. But you're right, they don't really elaborate, I think its because its not the purpose or the aim of the paper in the first place. --[[User:Hesperus|Hesperus]] 20:31, 22 November 2010 (UTC) <br />
--------------<br />
The stuff that Michael provided are excellent. That was actually what I was planning on doing. I will start by defining virtualization, hypervisors, computer ring security, the need and uses of nested virtualization, the models, etc. --[[User:Hesperus|Hesperus]] 22:14, 22 November 2010 (UTC)<br />
-------------<br />
So here my question who doing what in the group work and where should I focus my attention to do my part?- Csulliva<br />
-------------<br />
I have posted few things regarding the background concepts on the main page. I will go back and edit it today and talk about other things like: nested virtualization, the need and advantages of NV, the models, the trap and emulate model of x86 machines, computer paging which is discussed in the paper, computer ring security which again they touch on at some point in the paper. I can easily move some of the things I wrote in the theory section to the main page, but I want to consult the prof first on some of those things.<br />
<br />
One thing that I'm still unsure of is how far should we go here ? should we provide background on the hardware architecture used by the authors like the x86 family and the VMX chips, or maybe some of the concepts discussed later on in the testing such as optimization, emulation, para-virtualization ?<br />
<br />
I will speak and consult the prof today after our lecture. If other members want to help, you guys can start with the related work and see how the content of the paper compares to previous or even current research papers. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
------------------------<br />
In response to what Michael mentioned above in the background section: we should definitely talk about that, from what I understood, they apply the same model (the trap and emulate) but they provide optimizations and ways to increase the trap calls efficiency between the nested environments, so thats definitely a contribution, but its more of a performance optimization kind of contribution I guess, which is why I mentioned the optimizations in the contribution section below. --[[User:Hesperus|Hesperus]] 08:08, 23 November 2010 (UTC)<br />
---------------------------<br />
'''Ok, so for those who didn't attend today's lecture, the prof was nice enough to give us an extension for the paper, the due date now is Dec 2nd.''' And thats really good, given that some of those concepts require time to sort of formulate. I also asked the prof on the approach that we should follow in terms of presenting the material, and he mentioned that you need to provide enough information for each section to make your follow student understand what the paper is about without them having to actually read the paper or go through it in detail. He also mentioned the need to distill some of the details, if the paper spends a whole page explaining multi-dimensional paging, we should probably explain that in 2 small paragraphs or something.<br />
<br />
Also, we should always cite resources. If the resource is a book, we should cite the page number as well. --[[User:Hesperus|Hesperus]] 15:16, 23 November 2010 (UTC)<br />
---------------------------<br />
Yeah I am really thankful he left us with another week to do it. I am sure we all have at least 3 projects due soon, other than this Essay. I'll type up the stuff that I had highlighted for Tuesday as a break tomorrow. I was going to do it yesterday but he gave us an extension, so I slacked off a bit. I also forgot :/ --JSlonosky 23:43, 24 November 2010 (UTC)<br />
<br />
=Paper summary=<br />
==Background Concepts and Other Stuff==<br />
<br />
EDIT: Just noticed that someone has put their name down to do the background concept stuff, so Munther feel free to use this as a starting point if you like.<br />
<br />
The above looks good. I thought id maybe start touching on some of the sections, so let me know what you guys think. Heres what I think would be useful to go over in the Background Concepts section:<br />
<br />
* Firstly, nested virtualization. Why we use nested virtualization (paper gives example of XP inside win 7). Maybe going over the trap and emulate model of nested virtualization.<br />
* Some of the terminology of nested virtualization. The difference between guest/host hypervisors (we're already familiar with guest/host OSs), the terminology of L0, ..., Ln with L0 being the bottom hypervisor, etc<br />
* x86 nested virtualization limitations. Single level architecture, guest/host mode, VMX instructions and how to emulate them. Some of this is in section 3.2of the paper.<br />
<br />
Again, anything else you guys think we should add would be great.<br />
<br />
Commenting some more on the above summary, under the "main contributions" part, do you think we should count the nested VMX virtualization part as a contribution? If we have multiplexing memory and multiplexing I/O as a main contribution, it would seem to make sense to have multiplexing the CPU as well, especially within the limitations of the x86 architecture. Unless they are using someone else's technique for virtualizing these instructions.--[[User:Mbingham|Mbingham]] 21:16, 22 November 2010 (UTC)<br />
==Research problem==<br />
The paper provides a solution for Nested-virtualization on x86 based computers. Their approach is software-based, meaning that, they're not really altering the underlying architecture, and this is basically the most interesting thing about the paper, since x86 computers don't support nested-virtualization in terms of hardware. But apparently they were able to do it.<br />
In addition, generally, nested virtualization is not supported on x86 systems (the architecture is not designed with that in mind) but for example vista runs XP VM under the covers when running xp programs which shows ability for parallel virtualization on a single hypervisor.<br />
<br />
The goal of nested virtualization and multiple host hypervisors comes down to efficiency. Example: Virtualization on servers has been rapidly gaining popularity. The next evolution step is to extend a single level of memory management virtualization support to handle nested virtualization, which is critical for ''high performance''. [1]<br />
<br />
'''How does the concept apply to the quickly developing cloud computing?'''<br />
<br />
Cloud user manages his own virtual machine directly through a hypervisor of choice. In addition it provides increased security by hypervicsor-level intrusion detection.<br />
<br />
==Related work==<br />
<br />
Comparisons with other related/similar research and work:<br />
<br />
Refer to the following website and to the related work section in the paper regarding this section: <br />
http://www.spinics.net/lists/kvm/msg43940.html<br />
<br />
[This is a forum post by one of the authors of our assigned paper where he talks about more recent research work on virtualization, particularly in his first paragraph, he refers to some more recent research by the VMWare technical support team. He also talks about some of the research papers referred to in our assigned paper.] <br />
<br />
<br />
==Theory (Section 3.1)== <br />
<br />
Apparently, theres 2 models to applying nested-virtualization:<br />
<br />
* Multiple-level architecture support: where every hypervisor handles every other hypervisor running on top of it. For instance, if L0 (host hypervisor) runs L1. If L1 attempts to run L2, then the trap handling and the work needed to be done to allow L1 to instantiate a new VM is handled by L0. More generally, if L2 attempts to created its own VM, then L1 will handle the trap handling and such.<br />
<br />
* Single-level architecture support: This is the model supported by the x86 machines. This model is tied into the concept of "Trap and emulate", where every hypervisor tries to emulate the underlying hardware (the VMX chip in the paper implementation) and presents a fake ground for the hypervisor running on top of it (the guest hypervisor) to operate on, letting it think that he's running on the actual hardware. The idea here is that in order for a guest hypervisor to operate and gain hardware-level privileges, it evokes a fault or a trap, this trap or fault is then handled or caught by the main host hypervisor and then inspected to see if its a legitimate or appropriate command or request, if it is, the host gives privilige to the guest, again having it think that its actually running on the main bare-metal hardware.<br />
<br />
In this model, everything must go back to the main host hypervisor. Then the host hypervisor forwards the trap and virtualization specification to the above-level involved or responsible. For instance, if L0 runs L1. Then L1 attempts to run L2. Then the command to run L2 goes down to L0 and then L0 forwards this command to L1 again. This is the model we're interested in because this what x86 machines basically follow. Look at figure 1 in the paper for a better understanding of this.<br />
<br />
==Main contribution==<br />
The paper propose two new-developed techniques:<br />
* Multi-dimensional paging (for memory virtualization)<br />
* Multiple-level device management (for I/O virtualization)<br />
<br />
Other contributions:<br />
* Micro-optimizations to improve performance.<br />
<br />
==Implementation==<br />
<br />
<br />
==Performance==<br />
<br />
<br />
==Critique==<br />
'''The good:'''<br />
<br />
* From what I read so far, the research showed in the paper is probably the first to achieve efficent x86 nested-virtualization without altering the hardware, relying on software-only techniques and mechanisms. They also won the Jay Lepreau best paper award.<br />
<br />
* security - being able to run other hypervisors without being detected<br />
<br />
* testing, debugging - of hypervisors<br />
<br />
'''The bad:'''<br />
<br />
* lots of exits. to be continued. (anyone whos is interested feel free to take this topic)<br />
<br />
==References==<br />
[1] http://www.haifux.org/lectures/225/ - '''Nested x86 Virtualization - Muli Ben-Yehuda'''</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:COMP_3000_Essay_2_2010_Question_9&diff=5420Talk:COMP 3000 Essay 2 2010 Question 92010-11-23T00:32:44Z<p>Csulliva: /* General discussion */</p>
<hr />
<div>=Group members=<br />
<br />
* Munther Hussain<br />
* Jonathon Slonosky<br />
* Michael Bingham<br />
* Chris Sullivan<br />
* Pawel Raubic<br />
<br />
=Group work=<br />
* Background concepts: Munther Hussain<br />
* Research problem:<br />
* Contribution:<br />
* Critique:<br />
<br />
<br />
=General discussion=<br />
<br />
Hey there, this is Munther. The prof said that we should be contacting each other to see whos still on board for the course. So please<br />
if you read this, add your name to the list of members above. You can my find my contact info in my profile page by clicking my signature. We shall talk about the details and how we will approach this in the next few days --[[User:Hesperus|Hesperus]] 16:41, 12 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in -- JSlonosky<br />
<br />
----------------------<br />
<br />
Pawel has already contacted us so he still in for the course, that makes 3 of us. The other three members, please drop in and add your name. We need to confirm the members today by 1:00 pm. --[[User:Hesperus|Hesperus]] 12:18, 15 November 2010 (UTC)<br />
<br />
----------------------<br />
<br />
Checked in --[[User:Mbingham|Mbingham]] 15:08, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in --[[User:Smcilroy|Smcilroy]] 17:03, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
To the person above me (Smcilroy): I can see that you're assigned to group 7 and not this one. So did the prof move you to this group or something ? We haven't confirmed or emailed the prof yet, I will wait until 1:00 pm. --[[User:Hesperus|Hesperus]] 17:22, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
Alright, so I just emailed the prof the list of members that have checked in so far (the names listed above plus Pawel Raubic),<br />
Smcilroy: I still don't know whether you're in this group or not, though I don't see your name listed in the group assignments on the course webpage. To the other members: if you're still interested in doing the course, please drop in here and add your name or even email me, you can find my contact info in my profile page(just click my signature).<br />
<br />
Personally speaking, I find the topic of this article (The Turtle Project) to be quite interesting and approachable, in fact we've<br />
already been playing with VirtualBox and VMWare and such things, so we should be familiar with some of the concepts the article<br />
approaches like nested-virtualization, hypervisors, supervisors, etc, things that we even covered in class and we can in fact test on our machines. I've already started reading the article, hopefully tonight we'll start posting some basic ideas or concepts and talk about the article in general. I will be in tomorrow's tutorial session in the 4th floor in case some of you guys want to get to know one another. --[[User:Hesperus|Hesperus]] 18:43, 15 November 2010 (UTC)<br />
-----<br />
Yeah, it looks pretty good to me. Unfortunately, I am attending Ozzy Osbourne on the 25th, so I'd like it if we could get ourselves organized early so I can get my part done and not letting it fall on you guys. Not that I would let that happen --JSlonosky 02:51, 16 November 2010 (UTC)<br />
-----<br />
Why waste your money on that old man ? I'd love to see Halford though, I'm sure he'll do some classic Priest material, haven't checked the new record yet, but the cover looks awful, definitely the worst and most ridiculous cover of the year. Anyways, enough music talk. I think we should get it done at least on 24th, we should leave the last day to do the editing and stuff. I removed Smcilroy from the members list, I think he checked in here by mistake because I can see him in group 7. So far, we're 5, still missing one member. --[[User:Hesperus|Hesperus]] 05:36, 16 November 2010 (UTC)<br />
-----<br />
Yeah that would be pretty sweet. I figured I might as well see him when I can; Since he is going to be dead soon. How is he not already? Alright well, the other member should show up soon, or I'd guess that we are a group of 5. --JSlonosky 16:37, 16 November 2010 (UTC)<br />
<br />
-----<br />
Hey dudes. I think we need to get going here.. the paper is due in 4 days. I just did the paper intro section (provided the title, authors, research labs, links, etc.). I have read the paper twice so far and will be spending the whole day working on the background concepts and the research problem sections. <br />
<br />
I'm still not sure on how we should divide the work and sections among the members, especially regarding the research contribution and critique, I mean those sections should not be based or written from the perspective of one person, we all need to work and discuss those paper concepts together.<br />
<br />
If anyone wants to add something, then please add but don't edit or alter the already existing content. Lets try to get as many thoughts/ideas as possible and then we will edit and filter the redundancy later. And lets make sure that we add summary comments to our edits to make it easier to keep track of everything.<br />
<br />
Also, we're still missing one member: Shawn Hansen. Its weird because on last Wednesday's lab, the prof told me that he attended the lab and signed his name, so he should still be in the course. --[[User:Hesperus|Hesperus]] 18:07, 21 November 2010 (UTC)<br />
<br />
---------<br />
Yeah man. We really do need to get on this. Not going to ozzy so I got free time now. I am reading it again to refresh my memory of it and will put notes of what I think we can criticize about it and such. What kind of references do you think we will need? Similar papers etc?<br />
If you need to a hold of me. Best way is through email. jslonosk@connect.Carleton.ca. And if that is still in our group but doesn't participate, too bad for him--JSlonosky 14:42, 22 November 2010 (UTC)<br />
----------<br />
The section on the related work has all the things we need to as far as other papers go. Also, I was able to find other research papers that are not mentioned in the paper. I will definitely be adding those paper by tonight. For the time being, I will handle the background concepts. I added a group work section below to keep track of whos doing what. I should get the background concept done hopefully by tonight. If anyone want to help with the other sections that would be great, please add your name to the section you want to handle below.<br />
<br />
I added a general paper summary below just to illustrate the general idea behind each section. If anybody wants to add anything, feel free to do so. --[[User:Hesperus|Hesperus]] 18:55, 22 November 2010 (UTC)<br />
-----------<br />
I remember the prof mentioned the most important part of the paper is the Critique so we gotta focus on that altogether not just one person for sure.--[[User:Praubic|Praubic]] 19:22, 22 November 2010 (UTC)<br />
<br />
-------------<br />
Yeah absloutely, I agree. But first, lets pin down the crucial points. And then we can discuss them collectively. If anyone happens to come across what he thinks is good or bad, then you can add it below to the good/bad points. Maybe the group work idea is bad, but I just thought maybe if we each member focuses on a specific part in the beginning, we can maybe have a better overall idea of what the paper is about. --[[User:Hesperus|Hesperus]] 19:42, 22 November 2010 (UTC)<br />
--------------<br />
Ok, another thing I figured is that the paper doesn't directly hint at why nested virtualization is necessary? I posted a link in references and I'l try to research more into the purpose of nested virtualization.--[[User:Praubic|Praubic]] 19:45, 22 November 2010 (UTC)<br />
--------------<br />
Actually the paper does talk about that. Look at the first two paragraphs in the introduction section of the paper on page 1. But you're right, they don't really elaborate, I think its because its not the purpose or the aim of the paper in the first place. --[[User:Hesperus|Hesperus]] 20:31, 22 November 2010 (UTC) <br />
--------------<br />
The stuff that Michael provided are excellent. That was actually what I was planning on doing. I will start by defining virtualization, hypervisors, computer ring security, the need and uses of nested virtualization, the models, etc. --[[User:Hesperus|Hesperus]] 22:14, 22 November 2010 (UTC)<br />
-------------<br />
So here my question who doing what in the group work and where should I focus my attention to do my part?- Csulliva<br />
<br />
=Paper summary=<br />
<br />
==The idea/goal==<br />
The paper provides a solution for Nested-virtualization on x86 based computers. Their approach is software-based, meaning that, they're not really altering the underlying architecture, and this is basically the most interesting thing about the paper, since x86 computers don't support nested-virtualization in terms of hardware. But apparently they were able to do it.<br />
In addition, generally, nested virtualization is not supported on x86 systems (the architecture is not designed with that in mind) but for example vista runs XP VM under the covers when running xp programs which shows ability for parallel virtualization on a single hypervisor.<br />
<br />
The goal of nested virtualization and multiple host hypervisors comes down to efficiency. Example: Virtualization on servers has been rapidly gaining popularity. The next evolution step is to extend a single level of memory management virtualization support to handle nested virtualization, which is critical for ''high performance''. [1]<br />
<br />
----<br />
<br />
==Related work==<br />
<br />
<br />
==Theory (Section 3.1)== <br />
<br />
Apparently, theres 2 models to applying nested-virtualization:<br />
<br />
* Multiple-level architecture support: where every hypervisor handles every other hypervisor running on top of it. For instance, if L0 (host hypervisor) runs L1. If L1 attempts to run L2, then the trap handling and the work needed to be done to allow L1 to instantiate a new VM is handled by L0. More generally, if L2 attempts to created its own VM, then L1 will handle the trap handling and such.<br />
<br />
* Single-level architecture support: This is the model supported by the x86 machines. This model is tied into the concept of "Trap and emulate", where every hypervisor tries to emulate the underlying hardware (the VMX chip in the paper implementation) and presents a fake ground for the hypervisor running on top of it (the guest hypervisor) to operate on, letting it think that he's running on the actual hardware. The idea here is that in order for a guest hypervisor to operate and gain hardware-level privileges, it evokes a fault or a trap, this trap or fault is then handled or caught by the main host hypervisor and then inspected to see if its a legitimate or appropriate command or request, if it is, the host gives privilige to the guest, again having it think that its actually running on the main bare-metal hardware.<br />
<br />
In this model, everything must go back to the main host hypervisor. Then the hosy hypervisor forwards the trap and virtualization specification to the above-level involved or responsible. For instance, if L0 runs L1. Then L1 attempts to run L2. Then the command to run L2 goes down to L0 and then L0 forwards this command to L1 again. This is the model we're interested in because this what x86 machines basically follow. Look at figure 1 in the paper for a better understanding of this.<br />
<br />
==Main contribution==<br />
The paper propose two new-developed techniques:<br />
* Multi-dimensional paging (for memory virtualization)<br />
* Multiple-level device management (for I/O virtualization)<br />
<br />
Other contributions:<br />
* Micro-optimizations to improve performance.<br />
<br />
==Implementation==<br />
<br />
<br />
==Performance==<br />
<br />
<br />
==Critique==<br />
'''The good:'''<br />
<br />
* From what I read so far, the research showed in the paper is probably the first to achieve efficent x86 nested-virtualization without altering the hardware, relying on software-only techniques and mechanisms. They also won the Jay Lepreau best paper award.<br />
<br />
* security - being able to run other hypervisors without being detected<br />
<br />
* testing, debugging - of hypervisors<br />
<br />
'''The bad:'''<br />
<br />
* lots of exits. to be continued. (anyone whos is interested feel free to take this topic)<br />
<br />
==References==<br />
[1] http://www.haifux.org/lectures/225/ - '''Nested x86 Virtualization - Muli Ben-Yehuda'''<br />
<br />
==Background Concepts and Other Stuff==<br />
<br />
EDIT: Just noticed that someone has put their name down to do the background concept stuff, so Munther feel free to use this as a starting point if you like.<br />
<br />
The above looks good. I thought id maybe start touching on some of the sections, so let me know what you guys think. Heres what I think would be useful to go over in the Background Concepts section:<br />
<br />
* Firstly, nested virtualization. Why we use nested virtualization (paper gives example of XP inside win 7). Maybe going over the trap and emulate model of nested virtualization.<br />
* Some of the terminology of nested virtualization. The difference between guest/host hypervisors (we're already familiar with guest/host OSs), the terminology of L0, ..., Ln with L0 being the bottom hypervisor, etc<br />
* x86 nested virtualization limitations. Single level architecture, guest/host mode, VMX instructions and how to emulate them. Some of this is in section 3.2of the paper.<br />
<br />
Again, anything else you guys think we should add would be great.<br />
<br />
Commenting some more on the above summary, under the "main contributions" part, do you think we should count the nested VMX virtualization part as a contribution? If we have multiplexing memory and multiplexing I/O as a main contribution, it would seem to make sense to have multiplexing the CPU as well, especially within the limitations of the x86 architecture. Unless they are using someone else's technique for virtualizing these instructions.--[[User:Mbingham|Mbingham]] 21:16, 22 November 2010 (UTC)</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:COMP_3000_Essay_2_2010_Question_9&diff=5024Talk:COMP 3000 Essay 2 2010 Question 92010-11-15T19:07:53Z<p>Csulliva: /* Group members */</p>
<hr />
<div>=Group members=<br />
<br />
* Munther Hussain<br />
* Jonathon Slonosky<br />
* Michael Bingham<br />
* Smcilroy<br />
* Chris Sullivan<br />
* Pawel Raubic<br />
<br />
=General discussion=<br />
<br />
Hey there, this is Munther. The prof said that we should be contacting each other to see whos still on board for the course. So please<br />
if you read this, add your name to the list of members above. You can my find my contact info in my profile page by clicking my signature. We shall talk about the details and how we will approach this in the next few days --[[User:Hesperus|Hesperus]] 16:41, 12 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in -- JSlonosky<br />
<br />
----------------------<br />
<br />
Pawel has already contacted us so he still in for the course, that makes 3 of us. The other three members, please drop in and add your name. We need to confirm the members today by 1:00 pm. --[[User:Hesperus|Hesperus]] 12:18, 15 November 2010 (UTC)<br />
<br />
----------------------<br />
<br />
Checked in --[[User:Mbingham|Mbingham]] 15:08, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in --[[User:Smcilroy|Smcilroy]] 17:03, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
To the person above me (Smcilroy): I can see that you're assigned to group 7 and not this one. So did the prof moved you to this group or something ? We haven't confirmed or emailed the prof yet, I will wait until 1:00 pm. --[[User:Hesperus|Hesperus]] 17:22, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
Alright, so I just emailed the prof the list of members that have checked in so far (the names listed above plus Pawel Raubic),<br />
Smcilroy: I still don't know whether you're in this group or not, though I don't see your name listed in the group assignments on the course webpage. To the other members: if you're still interested in doing the course, please drop in here and add your name or even email me, you can find my contact info in my profile page(just click my signature).<br />
<br />
Personally speaking, I find the topic of this article (The Turtle Project) to be quite interesting and approachable, in fact we've<br />
already been playing with VirtualBox and VMWare and such things, so we should be familiar with some of the concepts the article<br />
approaches like nested-virtualization, hypervisors, supervisors, etc, things that we even covered in class and we can in fact test on our machines. I've already started reading the article, hopefully tonight we'll start posting some basic ideas or concepts and talk about the article in general. I will be in tomorrow's tutorial session in the 4th floor in case some of you guys want to get to know one another. --[[User:Hesperus|Hesperus]] 18:43, 15 November 2010 (UTC)</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:COMP_3000_Essay_2_2010_Question_9&diff=5023Talk:COMP 3000 Essay 2 2010 Question 92010-11-15T19:06:46Z<p>Csulliva: </p>
<hr />
<div>=Group members=<br />
<br />
* Munther Hussain<br />
* Jonathon Slonosky<br />
* Michael Bingham<br />
* Smcilroy<br />
* Chris Sullivan<br />
<br />
=General discussion=<br />
<br />
Hey there, this is Munther. The prof said that we should be contacting each other to see whos still on board for the course. So please<br />
if you read this, add your name to the list of members above. You can my find my contact info in my profile page by clicking my signature. We shall talk about the details and how we will approach this in the next few days --[[User:Hesperus|Hesperus]] 16:41, 12 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in -- JSlonosky<br />
<br />
----------------------<br />
<br />
Pawel has already contacted us so he still in for the course, that makes 3 of us. The other three members, please drop in and add your name. We need to confirm the members today by 1:00 pm. --[[User:Hesperus|Hesperus]] 12:18, 15 November 2010 (UTC)<br />
<br />
----------------------<br />
<br />
Checked in --[[User:Mbingham|Mbingham]] 15:08, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
<br />
Checked in --[[User:Smcilroy|Smcilroy]] 17:03, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
To the person above me (Smcilroy): I can see that you're assigned to group 7 and not this one. So did the prof moved you to this group or something ? We haven't confirmed or emailed the prof yet, I will wait until 1:00 pm. --[[User:Hesperus|Hesperus]] 17:22, 15 November 2010 (UTC)<br />
<br />
---------------------<br />
Alright, so I just emailed the prof the list of members that have checked in so far (the names listed above plus Pawel Raubic),<br />
Smcilroy: I still don't know whether you're in this group or not, though I don't see your name listed in the group assignments on the course webpage. To the other members: if you're still interested in doing the course, please drop in here and add your name or even email me, you can find my contact info in my profile page(just click my signature).<br />
<br />
Personally speaking, I find the topic of this article (The Turtle Project) to be quite interesting and approachable, in fact we've<br />
already been playing with VirtualBox and VMWare and such things, so we should be familiar with some of the concepts the article<br />
approaches like nested-virtualization, hypervisors, supervisors, etc, things that we even covered in class and we can in fact test on our machines. I've already started reading the article, hopefully tonight we'll start posting some basic ideas or concepts and talk about the article in general. I will be in tomorrow's tutorial session in the 4th floor in case some of you guys want to get to know one another. --[[User:Hesperus|Hesperus]] 18:43, 15 November 2010 (UTC)</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=COMP_3000_Essay_1_2010_Question_2&diff=4604COMP 3000 Essay 1 2010 Question 22010-10-15T07:31:30Z<p>Csulliva: /* Information Maintenance Calls */</p>
<hr />
<div>=Question=<br />
How do the available system calls in modern versions of the Linux Kernel (2.6.30+) compare with the system calls available in the earliest versions of UNIX? How has the system call interface been expanded, and why? Focus on major changes or extensions in functionality.<br />
<br />
=Answer=<br />
<br />
A system call is a mean by which programs in the user space can access kernel services. Systems calls vary from operating system to operating system, although the underlying concepts tends to be the same. In general, a process is not supposed to be able to access the kernel directly. It can't access kernel memory and it can't call kernel functions. When the CPU prevents a process from accessing the kernel, this prevention is commonly known as, the protected mode. On the other hand, system calls are an exception to this rule. For example, older x86 processors used an interrupt mechanism to go from user-space to kernel-space, but newer processor (PentiumII+) provided instructions that optimize this transition using sysenter and sysexit instructions (Hayward, Mike. Intel P6 vs P7 system call performance. [http://lkml.org/lkml/2002/12/9/13], December 9, 2002). All system calls are small programs built using the C programming language.<br />
<br />
The Unix and Linux systems calls are roughly grouped into 6 major categories: file management, device management, information maintenance, process control, communications and miscellaneous calls. The miscellaneous calls are all the ones that don’t really fit in the other categories, like system calls dealing with errors. Today, the Unix and Linux operating system contains hundreds of system calls but in general, they all came from the 35 system calls that came with one of the original UNIX OS in the early 70s. In the next paragraphs, we’re going to describe the various system calls in each of the categories mentioned above, their evolution through history (major changes in functionality) and a comparison with the earliest versions of UNIX.<br />
<br />
<br />
== File Management Calls==<br />
<br />
The system calls in this group deal with every type of operation that is required to run a file system in the operating system. Create file, delete file, opening a file and closing a file are just a few examples of them and most of them hardly changed throughout the years. <br />
<br />
<br />
''chmod'', ''chown'' and ''chdir'' have been available since the first original UNIX (1971) and they are still used in today’s Linux kernels. The ''chmod'' and ''chown'' calls allows the users to change the file attributes and implements security to the file system. The system call ''chdir'' allows the process to change the current working directory. In the 4th distribution of UNIX from Berkeley (4BSD), new system calls were added to give more control of the file system to the applications. The call ''chroot'' allows the process to change the current root directory with one specified in a path argument. ''fchmod'' and ''fchdir'' are the same as ''chmod'' and ''chdir'' except they takes file descriptors as arguments. As of Linux kernel 2.1.81, the ''chown'' system call now follows symbolic links and therefore, they introduced a new system call, ''lchown'', that does not follow symbolic links.<br />
<br />
<br />
Another four of the original UNIX system calls are ''open'', ''creat'', ''mkdir'' and ''close''. The ''open'' and ''creat'' calls allows processes to open and possibly create a file or device. Arguments flags are used to set from access modes, like O_RDONLY(read-only), to status flags, like O_APPEND(append mode). The only modifications made to the system calls were the addition of status flags where some of them are linux-specific. The ''close'' call allows processes to close a file descriptor preventing it to be reused. No changes were made to it. ''mkdir'' allows the creation of a file directory. In the earliest version of Unix, to delete a directory, users needed to make a series of ''link'' and ''unlink'' system calls. With Unix 4.2BSD, ''rmdir'' was added and helped solve the problem. The ''rename'' call was also added in 4.2BSD allowing processes to change the name or the location of a file. As file system became more complex, these new system calls helped the users gain better control over them.<br />
<br />
<br />
There is also system calls used to find, access and modify files. They are ’‘read’’, ‘‘write’’, ‘‘seek’’ and ‘‘stat’’. These were also part of the first UNIX built. The ‘‘read’’ and ‘‘write’’ system calls allows to read and write from a file (assigned to a file descriptor). The only change was in the Unix System V release 4(SVR4) where a ''write'' call could be interrupted at anytime. The ‘‘seek’’ system calls is used to go to a specified position in a file. This calls used a 16 bit address offset. But this was replaced very quickly for ‘‘lseek’’ as early as SVR4. It allows the call to use 32 bit address offsets. It is still used in modern Linux and Unix systems. As of now, developers are trying to implement ‘‘lseek64’’, a system call that will use 64 bit addresses. The ‘‘stat’’ system calls allows processes to get the status of a file. With SVR4, 2 other version of that system call were created: ‘‘fstat’’ and ‘‘lstat’’. They both do the same thing except ‘‘lstat’’ give the status of symbolic links and ‘‘fstat’’ give the status of a file specified by a file descriptor. Different operating systems will output different values to represent the state of a file. Since kernel 2.5.48, the stat returned a nanoseconds field in the file’s timestamp. With the release of 4.4BSD, two new system calls called ‘‘statvfs’’ and ‘‘fstatvfs’’ were introduced to provide information about a mounted file system. They both do the same thing except fstatvfs takes file descriptors as an argument. These calls are only used in an UNIX environment. In Linux, it has ‘‘statfs’’ and ‘‘fstatfs’’ to support that same call.<br />
<br />
<br />
The last two original UNIX system calls in this category that are still used today are ''link'' and ''unlink''. ''link'' creates a hard link to an existing file and ''unlink'' deletes a file link’s name and possibly the file it refers to. If the name refers to a symbolic link, only the link is removed. No major changes were done to the ''unlink'' system calls but new system calls were create from ''link''. The ''symlink'' system call was added in 4.2BSD to allow the creation of symbolic links in the file system. <br />
<br />
<br />
In the Linux 2.6.16 build, multiple system calls were created so that the calls could deal with relative pathnames as arguments. They can easily be spotted as the system call names all finish with 'at'. Here is a sample list of the created system calls: ''openat'', ''mkdirat'', ''fchmodat'', ''fchownat'', ''fstatat'', ''linkat'', ''unlinkat'', ''renameat'' and ''fchmodat''.<br />
<br />
== Device Management Calls==<br />
<br />
The device management system calls are linked to hardware and they are mainly used to requests for devices, release devices, to logically attach a device or to detach it, get and modified device attributes and read and write to them. <br />
<br />
<br />
Two of the most important system calls for the UNIX and Linux operating system is ‘‘mount’’ and ‘‘umount’’. These were among the few system calls available in the first version of UNIX in 1971. The two calls allowed the operating system to load file systems on storage devices. A few changes were done to the mount system calls. Most of these changes were the creation of new mount flags to enhance performance. For example, since Linux 2.5.19, the MS_DIRSYNC flag permits the directory changes on a file system synchronous. Another Linux improvement was to provide per-process mount namespaces. This was added on the 2.4.19 kernel. If a process was created using clone() with the CLONE_NEWNS flag, the process will have a new namespace initialized to be a copy of the namespace of the process that was cloned. The ‘‘umount’’ system call unmounted the file system from the storage device. The only noteworthy change to ‘‘umount’’ was the creation of ‘‘umount2’’ in Linux 2.1.116. It is the same as ‘‘umount’’ except it allows different flags to control the operation.<br />
<br />
<br />
The ‘‘open’’, ‘‘read’’ and ‘‘write’’ calls can also be used to access devices. As discussed in the previous section, arguments flags are used to better control the device. You would use them as if the devices were files using the appropriate flags.<br />
<br />
<br />
With the SVR4 came the system call ‘‘mmap’’. This system call is used to map or unmap files or devices into memory. Once a device is mapped, the system call returns a pointer to the mapped area allowing processes to access that device. This system call is still used in a Unix environment but since Linux 2.4, Linux replaced it by the mmap2 system call. It is basically the same as mmap except for a final argument specifying the offset into a file in 4096-byte units. This enables the mapping of large files.<br />
<br />
<br />
In version 7 of Unix, ‘‘ioctl’’ system call is used for device-specific operations that can’t be done using the standard system calls. This helps to deal with a multitude of devices. Each device drivers would provide a set of ioctl request code to allow various operations on their device. Each various request code are hardware dependent so there is no standard available for this system call.<br />
<br />
== Information Maintenance Calls==<br />
Information maintenance calls are system calls that return the computers personal information back to the user or change it completely. These type of calls can be split up into three groups get/set time or date, get/set system data and get/set process, file, or device attributes. To fully understand the difference between Linux and UNIX in regrades to system calls, one must explore the three sub-types of information maintenance calls and see how they have changed over time.<br />
<br />
The first sub type is Get/set of time and/or date. In Linux, this can be done by a few different system calls, there are: 'gettimeofday' to get the time, 'settimeofday' to set it, 'time' returns the time in seconds and a few other ones like 'ftime'.In the earliest versions UNIX the used the system call was 'stime', which was used to interact with time and dates. 'stime' could return the time and date and sets the system’s idea of the time and date by altering the seconds. 'stime' is still being used by Linux because it is successful, unlike 'settimeofday', which was created to change timezones (tz_dsttime) as well as the time but each occurrence of this field call in the kernel source (apart from declaration) is a bug thus failing. <br />
<br />
The second sub type is get/set system data. UNIX does this using the following commands: 'open', 'read', 'close', and 'write'. 'open' opens a file so the file can be written to or read from. 'read' retrieves data from the file, and 'write' modifies data in the file. 'close' is used to indicate that the file is no longer in use. Linux uses the same set of commands for the same purposes.In addition to those system calls there Linux has there own unique system calls which are: 'olduname' gets name and information about current kernel, similar to that is 'uname' gets name and information about current kernel (which is used in the newer versions of UNIX not the older ones), 'iopl' which changes I/O privilege level and 'sysfs' which gets file system type information.<br />
<br />
The third sub type is get/set process, file, or device attributes, in UNIX there are several system calls for processing file and device attributes, some of these examples are common to both UNIX and Linux: 'stat' gets file status, 'fork' which spawns a new process, and 'stty' which sets the mode of typewriter.The 'wait' system call is used in both as well the only really difference is that in the Linux version wait store status information in a integer which take the integer itself as an argument, not a pointer to itself. In Linux there are a lot more system calls regarding this type and here are a few of them: 'capget' gets the capabilities of the process, 'capset' sets the capabilities process, 'getppid' gets process identification. The 'capget' and 'capset' interact with the raw kernel interface to getting and setting thread capabilities. These two system calls are specific to Linux and as such the use of these functions (in particular the format of the cap_user_*_t types) are updated as the kernel is updated. The 'getppid' returns the process ID of the calling process and never has any errors.<br />
<br />
== Process Control Calls==<br />
<br />
Process Control calls are system calls that handle the start, termination and other tasks that might be required <br />
for a process to run correctly.<br />
<br />
In unix there are 10 system calls that make up Process Control Calls. These are:<br />
''fork()'',''wait()'',''execl()'',''execlp()'',''execle()'',''execvp()'',''execv()'',''execve()'',''exit()'',''signal()'',''kill()''. <br />
<br />
<br />
''fork()'': It takes a process and creates an identical processes, which in turn makes one the parent process and the <br />
other the child process. When ''fork()'' succeds it returns 0 to the child process and returns the PID of the child process to the parent process. When it fails, ''fork()'' returns -1 to the parent process.<br />
<br />
''wait()'': This call makes a parent process wait for the child process to end. It returns the pid of the child process that is <br />
done. Wait fails if the process has no child process to wait for or its points to an invalid address.<br />
<br />
<br />
''execl()'',''execlp()'',''execle()'',''execvp()'',''execv()'', are system calls based on the same principle that the system call <br />
takes as an argument a binary file and converts it into a process. When the system call works properly it does <br />
not return, instead it gives control to the new process which replaces the process that called the system call.<br />
each of these are called when different arguments are given.<br />
<br />
The following are the definitions for the these system calls as described by this [http://www.di.uevora.pt/~lmr/syscalls.html]<br />
<br />
''execl()'': Takes the path name of an executable program (binary file) as its first argument. The rest of the arguments are a list of command<br />
line arguments to the new program (argv[]). The list terminated with a null pointer<br />
<br />
''execle()'': Same as execl(), except that the end of the argument list is followed by a pointer to a null-terminated list of character<br />
pointers that is passed a the environment of the new program<br />
<br />
''execv()'': Takes the path name of an executable program (binary file) as it first argument. The second argument is a pointer to a list of<br />
character pointers (like argv[]) that is passed as command line arguments to the new program.<br />
<br />
''execve()'': Same as execv(), except that a third argument is given as a pointer to a list of character pointers (like argv[]) that is passed as the environment of the new program.<br />
<br />
''execlp()'': Same as execl(), except that the program name doesn't have to be a full path name, and it can be a shell program instead of executable module.<br />
''execvp()'': Same as execv(), except that the program name doesn't have to be a full path name, and it can be a shell program instead of an executable module.<br />
<br />
<br />
''signal()'': This system call is sent to the process when the proper conditions are met. When the program receives the signal it can act in three different ways. The first is to ignore completely, it wont matter how many times the signal is sent the process will not do anything because of it. The only signal that can't be ignored or caught is SIGKILL(). The second is to have the signal set to its default state which means when the process receives it, the process will end. The last option is to catch the signal, when this occurs the unix system will give control to a function that will execute according to how appropriate it is for the process. <br />
<br />
<br />
''kill()'': The system sends a signal to the process when something occurs. It fails if the signal_name is not a correct signal. There is no process with the PID that matches the argument value.<br />
<br />
''exit()'': This call ends the process that calls it and returns the exit status value.<br />
<br />
In linux, all of these unix system calls have couterparts in linux except for the exec group of system calls, only execve exists. Also these system calls behave the same way in linux. However the system call ''signal()'' is not recommended to use because of its different implementations in different versions of linux and unix. It is better to use ''sigaction()''. It changes the actions of the process when it receives a valid signal except SIGKILL and SIGSTOP. As newer versions of linux are released, these system calls will always never have major modifications but other system calls, based on these, may be created because specific cases which would make it easier to write programs.<br />
<br />
== Communications Calls==<br />
<br />
The communication calls relates to the concept of processes having the ability to communicate with one another. Similar to how humans use a telephone as their portal to communicate with eachother, communication calls use "pipes" as their gateway. <br />
<br />
In unix there are four subgroups of system calls that are related to communications calls: pipelines, messages, semaphores, and shared memory.<br />
The following are the system calls that belong to each of the subgroups. <br />
<br />
Pipelines: ''pipe()'' The pipe() command consists of two components. int pipe (file_descriptors) & int file_descriptors[2]. File_descriptors is an array consisting of two parts as well. One is for reading the data, and the other is for writing the data. Both writing and reading data will read in sequential order along with fully completing it's task. I.e.) There are no partial writes, the pipe will write the whole data that was sent and complete the transmission. The same concept holds for the reading where it will be read all the way through before reading another pipe or new information coming into the pipe. <br />
<br />
<br />
Messages: ''msgget()'',''msgsnd()'',''msgrcv(),''msgctl()''<br />
<br />
Semaphores: ''semget()'','' semop()''<br />
<br />
Shared Memory: ''shmget()'', ''shmat()'',''shmdt()''<br />
<br />
== Miscellaneous System Calls ==<br />
<br />
== Conclusion ==<br />
<br />
How do the available system calls in modern versions of the Linux Kernel (2.6.30+) compare with the system calls available in the earliest versions of UNIX? How has the system call interface been expanded, and why? Focus on major changes or extensions in functionality. <br />
<br />
System Calls have been an essential component to the structure of the Linux Kernel(2.6.30+) and Unix Operating Systems for a long period of time. They are the gateway between the user space and the kernel services. More specifically, it allows the User space to acquire the kernel services unlike processes which do not have this authority. Over the years of development in the Linux and Unix OS, the system calls have not had drastic changes to them. Rather than having radical changes to system calls, the development of system calls has merely added more specific system calls to solve new issues that occur within the OS. Hence, this concept has led the birth of 35 system calls to grow to an astonishing quantity consisting of hundreds of system calls. With hundreds of system calls available at ones disposable, all can be catgeorized into 6 major groups: file management, device management, information maintenance, process control, communications and miscellaneous calls. Operating Systems are a colossal program consisiting of very intrinsic pieces all coming together to form what we now know today as Linux Kernel(2.6.30+) or Unix. System calls are simply a small building block, but nevertheless an essential piece, to the tower that is our Operating System. <br />
<br />
<br />
<br />
= References =<br />
<br />
Salus, Peter H. A Quarter Century of Unix, Publisher: Addison-Wesly Professional, June 10, 1994.<br />
<br />
Unix Programming Manual, http://cm.bell-labs.com/cm/cs/who/dmr/1stEdman.html, November 3, 1971.<br />
<br />
BSD System Calls Manual. http://www.unix.com/man-page/FreeBSD/2/, The Unix and Linux Forums.<br />
<br />
Linux Programmer's Manual, Linux man-pages project.<br />
http://www.kernel.org/doc/man-pages/<br />
<br />
Mendonça Rato, Luís Miguel,professor,university of evora. http://www.di.uevora.pt/~lmr/syscalls.html</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=COMP_3000_Essay_1_2010_Question_2&diff=4598COMP 3000 Essay 1 2010 Question 22010-10-15T07:23:46Z<p>Csulliva: /* Information Maintenance Calls */</p>
<hr />
<div>=Question=<br />
How do the available system calls in modern versions of the Linux Kernel (2.6.30+) compare with the system calls available in the earliest versions of UNIX? How has the system call interface been expanded, and why? Focus on major changes or extensions in functionality.<br />
<br />
=Answer=<br />
<br />
A system call is a mean by which programs in the user space can access kernel services. Systems calls vary from operating system to operating system, although the underlying concepts tends to be the same. In general, a process is not supposed to be able to access the kernel directly. It can't access kernel memory and it can't call kernel functions. When the CPU prevents a process from accessing the kernel, this prevention is commonly known as, the protected mode. On the other hand, system calls are an exception to this rule. For example, older x86 processors used an interrupt mechanism to go from user-space to kernel-space, but newer processor (PentiumII+) provided instructions that optimize this transition using sysenter and sysexit instructions (Hayward, Mike. Intel P6 vs P7 system call performance. [http://lkml.org/lkml/2002/12/9/13], December 9, 2002). All system calls are small programs built using the C programming language.<br />
<br />
The Unix and Linux systems calls are roughly grouped into 6 major categories: file management, device management, information maintenance, process control, communications and miscellaneous calls. The miscellaneous calls are all the ones that don’t really fit in the other categories, like system calls dealing with errors. Today, the Unix and Linux operating system contains hundreds of system calls but in general, they all came from the 35 system calls that came with one of the original UNIX OS in the early 70s. In the next paragraphs, we’re going to describe the various system calls in each of the categories mentioned above, their evolution through history (major changes in functionality) and a comparison with the earliest versions of UNIX.<br />
<br />
<br />
== File Management Calls==<br />
<br />
The system calls in this group deal with every type of operation that is required to run a file system in the operating system. Create file, delete file, opening a file and closing a file are just a few examples of them and most of them hardly changed throughout the years. <br />
<br />
<br />
''chmod'', ''chown'' and ''chdir'' have been available since the first original UNIX (1971) and they are still used in today’s Linux kernels. The ''chmod'' and ''chown'' calls allows the users to change the file attributes and implements security to the file system. The system call ''chdir'' allows the process to change the current working directory. In the 4th distribution of UNIX from Berkeley (4BSD), new system calls were added to give more control of the file system to the applications. The call ''chroot'' allows the process to change the current root directory with one specified in a path argument. ''fchmod'' and ''fchdir'' are the same as ''chmod'' and ''chdir'' except they takes file descriptors as arguments. As of Linux kernel 2.1.81, the ''chown'' system call now follows symbolic links and therefore, they introduced a new system call, ''lchown'', that does not follow symbolic links.<br />
<br />
<br />
Another four of the original UNIX system calls are ''open'', ''creat'', ''mkdir'' and ''close''. The ''open'' and ''creat'' calls allows processes to open and possibly create a file or device. Arguments flags are used to set from access modes, like O_RDONLY(read-only), to status flags, like O_APPEND(append mode). The only modifications made to the system calls were the addition of status flags where some of them are linux-specific. The ''close'' call allows processes to close a file descriptor preventing it to be reused. No changes were made to it. ''mkdir'' allows the creation of a file directory. In the earliest version of Unix, to delete a directory, users needed to make a series of ''link'' and ''unlink'' system calls. With Unix 4.2BSD, ''rmdir'' was added and helped solve the problem. The ''rename'' call was also added in 4.2BSD allowing processes to change the name or the location of a file. As file system became more complex, these new system calls helped the users gain better control over them.<br />
<br />
<br />
There is also system calls used to find, access and modify files. They are ’‘read’’, ‘‘write’’, ‘‘seek’’ and ‘‘stat’’. These were also part of the first UNIX built. The ‘‘read’’ and ‘‘write’’ system calls allows to read and write from a file (assigned to a file descriptor). The only change was in the Unix System V release 4(SVR4) where a ''write'' call could be interrupted at anytime. The ‘‘seek’’ system calls is used to go to a specified position in a file. This calls used a 16 bit address offset. But this was replaced very quickly for ‘‘lseek’’ as early as SVR4. It allows the call to use 32 bit address offsets. It is still used in modern Linux and Unix systems. As of now, developers are trying to implement ‘‘lseek64’’, a system call that will use 64 bit addresses. The ‘‘stat’’ system calls allows processes to get the status of a file. With SVR4, 2 other version of that system call were created: ‘‘fstat’’ and ‘‘lstat’’. They both do the same thing except ‘‘lstat’’ give the status of symbolic links and ‘‘fstat’’ give the status of a file specified by a file descriptor. Different operating systems will output different values to represent the state of a file. Since kernel 2.5.48, the stat returned a nanoseconds field in the file’s timestamp. With the release of 4.4BSD, two new system calls called ‘‘statvfs’’ and ‘‘fstatvfs’’ were introduced to provide information about a mounted file system. They both do the same thing except fstatvfs takes file descriptors as an argument. These calls are only used in an UNIX environment. In Linux, it has ‘‘statfs’’ and ‘‘fstatfs’’ to support that same call.<br />
<br />
<br />
The last two original UNIX system calls in this category that are still used today are ''link'' and ''unlink''. ''link'' creates a hard link to an existing file and ''unlink'' deletes a file link’s name and possibly the file it refers to. If the name refers to a symbolic link, only the link is removed. No major changes were done to the ''unlink'' system calls but new system calls were create from ''link''. The ''symlink'' system call was added in 4.2BSD to allow the creation of symbolic links in the file system. <br />
<br />
<br />
In the Linux 2.6.16 build, multiple system calls were created so that the calls could deal with relative pathnames as arguments. They can easily be spotted as the system call names all finish with 'at'. Here is a sample list of the created system calls: ''openat'', ''mkdirat'', ''fchmodat'', ''fchownat'', ''fstatat'', ''linkat'', ''unlinkat'', ''renameat'' and ''fchmodat''.<br />
<br />
== Device Management Calls==<br />
<br />
The device management system calls are linked to hardware and they are mainly used to requests for devices, release devices, to logically attach a device or to detach it, get and modified device attributes and read and write to them. <br />
<br />
<br />
Two of the most important system calls for the UNIX and Linux operating system is ‘‘mount’’ and ‘‘umount’’. These were among the few system calls available in the first version of UNIX in 1971. The two calls allowed the operating system to load file systems on storage devices. A few changes were done to the mount system calls. Most of these changes were the creation of new mount flags to enhance performance. For example, since Linux 2.5.19, the MS_DIRSYNC flag permits the directory changes on a file system synchronous. Another Linux improvement was to provide per-process mount namespaces. This was added on the 2.4.19 kernel. If a process was created using clone() with the CLONE_NEWNS flag, the process will have a new namespace initialized to be a copy of the namespace of the process that was cloned. The ‘‘umount’’ system call unmounted the file system from the storage device. The only noteworthy change to ‘‘umount’’ was the creation of ‘‘umount2’’ in Linux 2.1.116. It is the same as ‘‘umount’’ except it allows different flags to control the operation.<br />
<br />
<br />
The ‘‘open’’, ‘‘read’’ and ‘‘write’’ calls can also be used to access devices. As discussed in the previous section, arguments flags are used to better control the device. You would use them as if the devices were files using the appropriate flags.<br />
<br />
<br />
With the SVR4 came the system call ‘‘mmap’’. This system call is used to map or unmap files or devices into memory. Once a device is mapped, the system call returns a pointer to the mapped area allowing processes to access that device. This system call is still used in a Unix environment but since Linux 2.4, Linux replaced it by the mmap2 system call. It is basically the same as mmap except for a final argument specifying the offset into a file in 4096-byte units. This enables the mapping of large files.<br />
<br />
<br />
In version 7 of Unix, ‘‘ioctl’’ system call is used for device-specific operations that can’t be done using the standard system calls. This helps to deal with a multitude of devices. Each device drivers would provide a set of ioctl request code to allow various operations on their device. Each various request code are hardware dependent so there is no standard available for this system call.<br />
<br />
== Information Maintenance Calls==<br />
Information maintenance calls are system calls that return the computers personal information back to the user or change it completely. These type of calls can be split up into three groups get/set time or date, get/set system data and get/set process, file, or device attributes. To fully understand the difference between Linux and UNIX in regrades to system calls, one must explore the three sub-types of information maintenance calls and see how they have changed over time.<br />
<br />
The first sub type is Get/set of time and/or date. In Linux, this can be done by a few different system calls, there are: 'gettimeofday' to get the time, 'settimeofday' to set it, 'time' returns the time in seconds and a few other ones like 'ftime'.In the earliest versions UNIX the used the system call was 'stime', which was used to interact with time and dates. 'stime' could return the time and date and sets the system’s idea of the time and date by altering the seconds. 'stime' is still being used by Linux because it is successful, unlike 'settimeofday', which was created to change timezones (tz_dsttime) as well as the time but each occurrence of this field call in the kernel source (apart from declaration) is a bug thus failing. <br />
<br />
The second sub type is get/set system data. UNIX does this using the following commands: 'open', 'read', 'close', and 'write'. 'open' opens a file so the file can be written to or read from. 'read' retrieves data from the file, and 'write' modifies data in the file. 'close' is used to indicate that the file is no longer in use. Linux uses the same set of commands for the same purposes.In addition to those system calls there Linux has there own unique system calls which are: 'olduname' gets name and information about current kernel, similar to that is 'uname' gets name and information about current kernel (which is used in the newer versions of UNIX not the older ones), 'iopl' which changes I/O privilege level and 'sysfs' which gets file system type information.<br />
<br />
The third sub type is get/set process, file, or device attributes, in UNIX there are several system calls for processing file and device attributes, some of these examples are common to both UNIX and Linux: 'stat' gets file status, 'fork' spawns a new process and 'stty' sets the mode of typewriter. In Linux there are a lot more system calls regarding the third sub type and here are a few of them: 'capget' gets the capabilities of the process, 'capset' sets the capabilities process, 'getppid' gets process identification , 'capget' and 'capset' interact with the raw kernel interface for getting and setting thread capabilities. These two system calls are specific to Linux and as such the use of these functions (in particular the format of the cap_user_*_t types) are updated as the kernel is updated. The 'getppid' returns the process ID of the calling process and never has any errors.<br />
<br />
== Process Control Calls==<br />
<br />
Process Control calls are system calls that handle the start, termination and other tasks that might be required <br />
for a process to run correctly.<br />
<br />
In unix there are 10 system calls that make up Process Control Calls. These are:<br />
''fork()'',''wait()'',''execl()'',''execlp()'',''execle()'',''execvp()'',''execv()'',''execve()'',''exit()'',''signal()'',''kill()''. <br />
<br />
<br />
''fork()'': It takes a process and creates an identical processes, which in turn makes one the parent process and the <br />
other the child process. When ''fork()'' succeds it returns 0 to the child process and returns the PID of the child process to the parent process. When it fails, ''fork()'' returns -1 to the parent process.<br />
<br />
''wait()'': This call makes a parent process wait for the child process to end. It returns the pid of the child process that is <br />
done. Wait fails if the process has no child process to wait for or its points to an invalid address.<br />
<br />
<br />
''execl()'',''execlp()'',''execle()'',''execvp()'',''execv()'', are system calls based on the same principle that the system call <br />
takes as an argument a binary file and converts it into a process. When the system call works properly it does <br />
not return, instead it gives control to the new process which replaces the process that called the system call.<br />
each of these are called when different arguments are given.<br />
<br />
The following are the definitions for the these system calls as described by this [http://www.di.uevora.pt/~lmr/syscalls.html]<br />
<br />
''execl()'': Takes the path name of an executable program (binary file) as its first argument. The rest of the arguments are a list of command<br />
line arguments to the new program (argv[]). The list terminated with a null pointer<br />
<br />
''execle()'': Same as execl(), except that the end of the argument list is followed by a pointer to a null-terminated list of character<br />
pointers that is passed a the environment of the new program<br />
<br />
''execv()'': Takes the path name of an executable program (binary file) as it first argument. The second argument is a pointer to a list of<br />
character pointers (like argv[]) that is passed as command line arguments to the new program.<br />
<br />
''execve()'': Same as execv(), except that a third argument is given as a pointer to a list of character pointers (like argv[]) that is passed as the environment of the new program.<br />
<br />
''execlp()'': Same as execl(), except that the program name doesn't have to be a full path name, and it can be a shell program instead of executable module.<br />
''execvp()'': Same as execv(), except that the program name doesn't have to be a full path name, and it can be a shell program instead of an executable module.<br />
<br />
<br />
''signal()'': This system call is sent to the process when the proper conditions are met. When the program receives the signal it can act in three different ways. The first is to ignore completely, it wont matter how many times the signal is sent the process will not do anything because of it. The only signal that can't be ignored or caught is SIGKILL(). The second is to have the signal set to its default state which means when the process receives it, the process will end. The last option is to catch the signal, when this occurs the unix system will give control to a function that will execute according to how appropriate it is for the process. <br />
<br />
<br />
''kill()'': The system sends a signal to the process when something occurs. It fails if the signal_name is not a correct signal. There is no process with the PID that matches the argument value.<br />
<br />
''exit()'': This call ends the process that calls it and returns the exit status value.<br />
<br />
In linux, all of these unix system calls have couterparts in linux except for the exec group of system calls, only execve exists. Also these system calls behave the same way in linux. However the system call ''signal()'' is not recommended to use because of its different implementations in different versions of linux and unix. It is better to use ''sigaction()''. It changes the actions of the process when it receives a valid signal except SIGKILL and SIGSTOP. As newer versions of linux are released, these system calls will always never have major modifications but other system calls, based on these, may be created because specific cases which would make it easier to write programs.<br />
<br />
== Communications Calls==<br />
<br />
The communication calls relates to the concept of processes having the ability to communicate with one another. Similar to how humans use a telephone as their portal to communicate with eachother, communication calls use "pipes" as their gateway. <br />
<br />
In unix there are four subgroups of system calls that are related to communications calls: pipelines, messages, semaphores, and shared memory.<br />
The following are the system calls that belong to each of the subgroups. <br />
<br />
Pipelines: ''pipe()'' The pipe() command consists of two components. int pipe (file_descriptors) & int file_descriptors[2]. File_descriptors is an array consisting of two parts as well. One is for reading the data, and the other is for writing the data. Both writing and reading data will read in sequential order along with fully completing it's task. I.e.) There are no partial writes, the pipe will write the whole <br />
<br />
<br />
Messages: ''msgget()'',''msgsnd()'',''msgrcv(),''msgctl()''<br />
<br />
Semaphores: ''semget()'','' semop()''<br />
<br />
Shared Memory: ''shmget()'', ''shmat()'',''shmdt()''<br />
<br />
== Miscellaneous System Calls ==<br />
<br />
== Conclusion ==<br />
<br />
How do the available system calls in modern versions of the Linux Kernel (2.6.30+) compare with the system calls available in the earliest versions of UNIX? How has the system call interface been expanded, and why? Focus on major changes or extensions in functionality. <br />
<br />
System Calls have been an essential component to the structure of the Linux Kernel(2.6.30+) and Unix Operating Systems for a long period of time. They are the gateway between the user space and the kernel services. More specifically, it allows the User space to acquire the kernel services unlike processes which do not have this authority. Over the years of development in the Linux and Unix OS, the system calls have not had drastic changes to them. Rather than having radical changes to system calls, the development of system calls has merely added more specific system calls to solve new issues that occur within the OS. Hence, this concept has led the birth of 35 system calls to grow to an astonishing quantity consisting of hundreds of system calls. With hundreds of system calls available at ones disposable, all can be catgeorized into 6 major groups: file management, device management, information maintenance, process control, communications and miscellaneous calls. Operating Systems are a colossal program consisiting of very intrinsic pieces all coming together to form what we now know today as Linux Kernel(2.6.30+) or Unix. System calls are simply a small building block, but nevertheless an essential piece, to the tower that is our Operating System. <br />
<br />
<br />
<br />
= References =<br />
<br />
Salus, Peter H. A Quarter Century of Unix, Publisher: Addison-Wesly Professional, June 10, 1994.<br />
<br />
Unix Programming Manual, http://cm.bell-labs.com/cm/cs/who/dmr/1stEdman.html, November 3, 1971.<br />
<br />
BSD System Calls Manual. http://www.unix.com/man-page/FreeBSD/2/, The Unix and Linux Forums.<br />
<br />
Linux Programmer's Manual, Linux man-pages project.<br />
http://www.kernel.org/doc/man-pages/<br />
<br />
Mendonça Rato, Luís Miguel,professor,university of evora. http://www.di.uevora.pt/~lmr/syscalls.html</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=COMP_3000_Essay_1_2010_Question_2&diff=4101COMP 3000 Essay 1 2010 Question 22010-10-14T21:27:06Z<p>Csulliva: /* Information Maintenance Calls */</p>
<hr />
<div>=Question=<br />
How do the available system calls in modern versions of the Linux Kernel (2.6.30+) compare with the system calls available in the earliest versions of UNIX? How has the system call interface been expanded, and why? Focus on major changes or extensions in functionality.<br />
<br />
=Answer=<br />
<br />
A system call is a mean by which programs in the user space can access kernel services. Systems calls vary from operating system to operating system, although the underlying concepts tends to be the same. In general, a process is not supposed to be able to access the kernel directly. It can't access kernel memory and it can't call kernel functions. When the CPU prevents a process from accessing the kernel, this prevention is commonly known as, the protected mode. On the other hand, system calls are an exception to this rule. For example, older x86 processors used an interrupt mechanism to go from user-space to kernel-space, but newer processor (PentiumII+) provided instructions that optimize this transition using sysenter and sysexit instructions (Hayward, Mike. Intel P6 vs P7 system call performance. [http://lkml.org/lkml/2002/12/9/13], December 9, 2002). All system calls are small programs built using the C programming language.<br />
<br />
The Unix and Linux systems calls are roughly grouped into 6 major categories: file management, device management, information maintenance, process control, communications and miscellaneous calls. The miscellaneous calls are all the ones that don’t really fit in the other categories, like system calls dealing with errors. Today, the Unix and Linux operating system contains hundreds of system calls but in general, they all came from the 35 system calls that came with one of the original UNIX OS in the early 70s. In the next paragraphs, we’re going to describe the various system calls in each of the categories mentioned above, their evolution through history (major changes in functionality) and a comparison with the earliest versions of UNIX.<br />
<br />
<br />
== File Management Calls==<br />
<br />
The system calls in this group deal with every type of operation that is required to run a file system in the operating system. Create file, delete file, opening a file and closing a file are just a few examples of them and most of them hardly changed throughout the years. <br />
<br />
<br />
''chmod'', ''chown'' and ''chdir'' has been available since the first original UNIX (1971) and it is still used in today’s Linux kernels. The ''chmod'' and ''chown'' calls allows the users to change the file attributes and implements security to the file system. The system call ''chdir'' allows the process to change the current working directory. In the 4th distribution of UNIX from Berkeley (4BSD), new system calls were added to be able to give more control on the file system to the applications. The call ''chroot'' allows the process to change the current root directory with one specified in a path argument. ''fchmod'' and ''fchdir'' are the same as ''chmod'' and ''chdir'' except it takes file descriptors as arguments. As of Linux kernel 2.1.81, the ''chown'' system call follows symbolic link and introduce a new system call, ''lchown'', that does not follow symbolic links.<br />
<br />
<br />
Another four of the original UNIX system calls are ''open'', ''creat'', ''mkdir'' and ''close''. The ''open'' and ''creat'' calls allows processes to open and possibly create a file or device. Arguments flags are used to set either access modes, like O_RDONLY(read-only), to status flags, like O_APPEND(append mode). The only modifications made to the system calls were the addition of status flags where some of them are only linux-specific. The ''close'' call allows processes to close a file descriptor preventing it to be reused. No changes were made to it. ''mkdir'' allows the creation of a file directory. At that point, to delete a directory, users would need to make a series of ''link'' and ''unlink'' system calls. With Unix 4.2BSD, ''rmdir'' and solved the problem. The ''rename'' call was also added in 4.2BSD allowing processes to change the name or the location of a file.<br />
<br />
<br />
There is also system calls used to find, access and modify files. They are ’‘read’’, ‘‘write’’, ‘‘seek’’ and ‘‘stat’’. These were all part of earliest UNIX built. The ‘‘read’’ and ‘‘write’’ system calls allows to read and write from a file (assigned to a file descriptor). The only change was in SVR4 where a write can be interrupted at anytime. The ‘‘seek’’ system calls is used to go to a specified position in a file. This calls used a 16 bit address. But this was replaced very quickly for ‘‘lseek’’ as early as SVR4. It allows the call to use 32 bit addresses. It is still used in modern Linux and Unix systems even if developers are trying to implement ‘‘lseek64’’, a system call that will use 64 bit addresses. The ‘‘stat’’ system calls allows processes to get the status of a file. With SVR4, 2 other version of that system call were created: ‘‘fstat’’ and ‘‘lstat’’. They both do the same thing except ‘‘lstat’’ give the status of symbolic links and ‘‘fstat’’ give the status of a file specified by a file descriptor. Different operating systems will output different values to represent the state of a file. Since kernel 2.5.48, the stat returned a nanoseconds field in the file’s timestamp. With the release of 4.4BSD, two new system calls called ‘‘statvfs’’ and ‘‘fstatvfs’’ were introduced to provide information about a mounted file system. They both do the same thing except fstatvfs takes file descriptors as an argument. These calls are only used in an UNIX environment. In Linux, it has ‘‘statfs’’ and ‘‘fstatfs’’ to support that same call.<br />
<br />
<br />
The last two original UNIX system calls in this category that are still used today are ''link'' and ''unlink''. ''link'' creates a hard link to an existing file and ''unlink'' deletes a file link’s name and possibly the file it refers to. If the name refers to a symbolic link, only the link is removed. No major changes were done to the ''unlink'' system calls but new system calls were create from ''link''. The ''symlink'' system call was added in 4.2BSD to allow the creation of symbolic links in the file system. <br />
<br />
<br />
In the Linux 2.6.16 build, multiple system calls were created so that the calls could deal with relative pathnames as arguments. They can easily be spotted as the system call names all finish with 'at'. Here is a sample list of the created system calls: ''openat'', ''mkdirat'', ''fchmodat'', ''fchownat'', ''fstatat'', ''linkat'', ''unlinkat'', ''renameat'' and ''fchmodat''.<br />
<br />
== Device Management Calls==<br />
<br />
The device management system calls are linked to hardware and they are mainly used to requests for devices, release devices, to logically attach a device or to detach it, get and modified device attributes and read and write to them. <br />
<br />
<br />
Two of the most important system calls for the UNIX and Linux operating system is ‘‘mount’’ and ‘‘umount’’. These were among the few system calls available in UNIX in the 70s. The two calls allowed the operating system to load file systems on storage devices. A few changes were done to the mount system calls most of them were the creation of new mount flags to enhance performance. For example, since Linux 2.5.19, the MS_DIRSYNC flag permits the directory changes on a file system synchronous. Another Linux improvement was to provide per-process mount namespaces. This was added on the 2.4.19 kernel. If a process was created using clone() with the CLONE_NEWNS flag, the process will have a new namespace initialized to be a copy of the namespace of the process that was cloned. The ‘‘umount’’ system call unmounted the file system from the storage device. The only noteworthy change to ‘‘umount’’ was the creation of ‘‘umount2’’ in Linux 2.1.116. It is the same as ‘‘umount’’ except it allows different flags to control the operation.<br />
<br />
<br />
The ‘‘open’’, ‘‘read’’ and ‘‘write’’ calls can also be used to access devices. As discussed in the previous section, arguments flags are used to better control the device. You would use them as if the devices were files using the appropriate flags.<br />
<br />
<br />
With the System V Unix revision 4(SVR4) came the system call ‘‘mmap’’. This system call is used to map or unmap files or devices into memory. Once a device is mapped, the system call returns a pointer to the mapped area allowing processes to access that device. This system call is still used in a Unix environment but since Linux 2.4, Linux replaced it by the mmap2 system call. It is basically the same as mmap except for a final argument specifying the offset into a file in 4096-byte units. This enables the mapping of large files.<br />
<br />
<br />
In version 7 of Unix, ‘‘ioctl’’ system call is used for device-specific operations that can’t be done using the standard system calls. This helps to deal with a multitude of devices. Each device drivers would provide a set of ioctl request code to allow various operations on their device. Each various request code are hardware dependent so there is no standard available for this system call.<br />
<br />
== Information Maintenance Calls==<br />
Information maintenance calls are system calls that return the computers personal information back to the user or change it completely. These type of calls can be split up into three groups get/set time or date, get/set system data and get/set process, file, or device attributes. To fully understand the difference between Linux and UNIX in regrades to system calls, one must explore the three sub-types of information maintenance calls and see how they have changed over time.<br />
<br />
The first sub type is Get/set of time and/or date. In Linux, this can be done by a few different system calls, there are: 'gettimeofday' to get the time, 'settimeofday' to set it, 'time' returns the time in seconds and a few other ones like 'ftime'.In the earliest versions UNIX the used the system call was 'stime', which was used to interact with time and dates. 'stime' could return the time and date and sets the system’s idea of the time and date by altering the seconds. 'stime' is still being used by Linux because it is successful, unlike 'settimeofday', which was created to change timezones (tz_dsttime) as well as the time but each occurrence of this field call in the kernel source (apart from declaration) is a bug thus failing. <br />
<br />
The second sub type is get/set system data. UNIX does this by....<br />
<br />
The third sub type is get/set process, file, or device attributes, in UNIX there are several system calls for processing file and device attributes, some of these example are common to both UNIX and Linux are: 'stat' gets file status, 'fork' spawns new process and 'stty' sets mode of typewriter. In Linux there a lot more system calls regarding the third sub type here are a few of them: 'capget' get the capabilities of the process, 'capset' sets the capabilities process, 'getppid' gets process identification(add more) The 'capget' and 'capset' interacted with the raw kernel interface for getting and setting thread capabilities. These two system calls are specific to Linux and as suck the us of these functions (in particular the format of the cap_user_*_t types) are update as the kernel is update.The 'getppid' returns the process ID of the calling process and never has any errors.<br />
<br />
== Process Control Calls==<br />
<br />
== Communications Calls==<br />
<br />
== Miscellaneous System Calls ==<br />
<br />
= References =<br />
<br />
Salus, Peter H. A Quarter Century of Unix, Publisher: Addison-Wesly Professional, June 10, 1994.<br />
<br />
Unix Programming Manual, http://cm.bell-labs.com/cm/cs/who/dmr/1stEdman.html, November 3, 1971.<br />
<br />
BSD System Calls Manual. http://www.unix.com/man-page/FreeBSD/2/, The Unix and Linux Forums.<br />
<br />
Linux Programmer's Manual, Linux man-pages project.<br />
http://www.kernel.org/doc/man-pages/</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=COMP_3000_Essay_1_2010_Question_2&diff=4042COMP 3000 Essay 1 2010 Question 22010-10-14T20:06:14Z<p>Csulliva: /* Information Maintenance Calls */</p>
<hr />
<div>=Question=<br />
How do the available system calls in modern versions of the Linux Kernel (2.6.30+) compare with the system calls available in the earliest versions of UNIX? How has the system call interface been expanded, and why? Focus on major changes or extensions in functionality.<br />
<br />
=Answer=<br />
<br />
A system call is a mean by which programs in the user space can access kernel services. Systems calls vary from operating system to operating system, although the underlying concepts tends to be the same. In general, a process is not supposed to be able to access the kernel directly. It can't access kernel memory and it can't call kernel functions. When the CPU prevents a process from accessing the kernel, this prevention is commonly known as, the protected mode. On the other hand, system calls are an exception to this rule. For example, older x86 processors used an interrupt mechanism to go from user-space to kernel-space, but newer processor (PentiumII+) provided instructions that optimize this transition using sysenter and sysexit instructions (Hayward, Mike. Intel P6 vs P7 system call performance. [http://lkml.org/lkml/2002/12/9/13], December 9, 2002). All system calls are small programs built using the C programming language.<br />
<br />
The Unix and Linux systems calls are roughly grouped into 6 major categories: file management, device management, information maintenance, process control, communications and miscellaneous calls. The miscellaneous calls are all the ones that don’t really fit in the other categories, like system calls dealing with errors. Today, the Unix and Linux operating system contains hundreds of system calls but in general, they all came from the 35 system calls that came with one of the original UNIX OS in the early 70s. In the next paragraphs, we’re going to describe the various system calls in each of the categories mentioned above, their evolution through history (major changes in functionality) and a comparison with the earliest versions of UNIX.<br />
<br />
<br />
== File Management Calls==<br />
<br />
The system calls in this group deal with every type of operation that is required to run a file system in the operating system. Create file, delete file, opening a file and closing a file are just a few examples of them and most of them hardly changed throughout the years. <br />
<br />
<br />
''chmod'', ''chown'' and ''chdir'' has been available since the first original UNIX (1971) and it is still used in today’s Linux kernels. The ''chmod'' and ''chown'' calls allows the users to change the file attributes and implements security to the file system. The system call ''chdir'' allows the process to change the current working directory. In the 4th distribution of UNIX from Berkeley (4BSD), new system calls were added to be able to give more control on the file system to the applications. The call ''chroot'' allows the process to change the current root directory with one specified in a path argument. ''fchmod'' and ''fchdir'' are the same as ''chmod'' and ''chdir'' except it takes file descriptors as arguments. As of Linux kernel 2.1.81, the ''chown'' system call follows symbolic link and introduce a new system call, ''lchown'', that does not follow symbolic links.<br />
<br />
<br />
Another four of the original UNIX system calls are ''open'', ''creat'', ''mkdir'' and ''close''. The ''open'' and ''creat'' calls allows processes to open and possibly create a file or device. Arguments flags are used to set either access modes, like O_RDONLY(read-only), to status flags, like O_APPEND(append mode). The only modifications made to the system calls were the addition of status flags where some of them are only linux-specific. The ''close'' call allows processes to close a file descriptor preventing it to be reused. No changes were made to it. ''mkdir'' allows the creation of a file directory. At that point, to delete a directory, users would need to make a series of ''link'' and ''unlink'' system calls. With Unix 4.2BSD, ''rmdir'' and solved the problem. The ''rename'' call was also added in 4.2BSD allowing processes to change the name or the location of a file.<br />
<br />
<br />
There is also system calls used to find, access and modify files. They are ’‘read’’, ‘‘write’’, ‘‘seek’’ and ‘‘stat’’. These were all part of earliest UNIX built. The ‘‘read’’ and ‘‘write’’ system calls allows to read and write from a file (assigned to a file descriptor). The only change was in SVR4 where a write can be interrupted at anytime. The ‘‘seek’’ system calls is used to go to a specified position in a file. This calls used a 16 bit address. But this was replaced very quickly for ‘‘lseek’’ as early as SVR4. It allows the call to use 32 bit addresses. It is still used in modern Linux and Unix systems even if developers are trying to implement ‘‘lseek64’’, a system call that will use 64 bit addresses. The ‘‘stat’’ system calls allows processes to get the status of a file. With SVR4, 2 other version of that system call were created: ‘‘fstat’’ and ‘‘lstat’’. They both do the same thing except ‘‘lstat’’ give the status of symbolic links and ‘‘fstat’’ give the status of a file specified by a file descriptor. Different operating systems will output different values to represent the state of a file. Since kernel 2.5.48, the stat returned a nanoseconds field in the file’s timestamp. With the release of 4.4BSD, two new system calls called ‘‘statvfs’’ and ‘‘fstatvfs’’ were introduced to provide information about a mounted file system. They both do the same thing except fstatvfs takes file descriptors as an argument. These calls are only used in an UNIX environment. In Linux, it has ‘‘statfs’’ and ‘‘fstatfs’’ to support that same call.<br />
<br />
<br />
The last two original UNIX system calls in this category that are still used today are ''link'' and ''unlink''. ''link'' creates a hard link to an existing file and ''unlink'' deletes a file link’s name and possibly the file it refers to. If the name refers to a symbolic link, only the link is removed. No major changes were done to the ''unlink'' system calls but new system calls were create from ''link''. The ''symlink'' system call was added in 4.2BSD to allow the creation of symbolic links in the file system. <br />
<br />
<br />
In the Linux 2.6.16 build, multiple system calls were created so that the calls could deal with relative pathnames as arguments. They can easily be spotted as the system call names all finish with 'at'. Here is a sample list of the created system calls: ''openat'', ''mkdirat'', ''fchmodat'', ''fchownat'', ''fstatat'', ''linkat'', ''unlinkat'', ''renameat'' and ''fchmodat''.<br />
<br />
== Device Management Calls==<br />
<br />
The device management system calls are linked to hardware and they are mainly used to requests for devices, release devices, to logically attach a device or to detach it, get and modified device attributes and read and write to them. <br />
<br />
<br />
Two of the most important system calls for the UNIX and Linux operating system is ‘‘mount’’ and ‘‘umount’’. These were among the few system calls available in UNIX in the 70s. The two calls allowed the operating system to load file systems on storage devices. A few changes were done to the mount system calls most of them were the creation of new mount flags to enhance performance. For example, since Linux 2.5.19, the MS_DIRSYNC flag permits the directory changes on a file system synchronous. Another Linux improvement was to provide per-process mount namespaces. This was added on the 2.4.19 kernel. If a process was created using clone() with the CLONE_NEWNS flag, the process will have a new namespace initialized to be a copy of the namespace of the process that was cloned. The ‘‘umount’’ system call unmounted the file system from the storage device. The only noteworthy change to ‘‘umount’’ was the creation of ‘‘umount2’’ in Linux 2.1.116. It is the same as ‘‘umount’’ except it allows different flags to control the operation.<br />
<br />
<br />
The ‘‘open’’, ‘‘read’’ and ‘‘write’’ calls can also be used to access devices. As discussed in the previous section, arguments flags are used to better control the device. You would use them as if the devices were files using the appropriate flags.<br />
<br />
<br />
With the System V Unix revision 4(SVR4) came the system call ‘‘mmap’’. This system call is used to map or unmap files or devices into memory. Once a device is mapped, the system call returns a pointer to the mapped area allowing processes to access that device. This system call is still used in a Unix environment but since Linux 2.4, Linux replaced it by the mmap2 system call. It is basically the same as mmap except for a final argument specifying the offset into a file in 4096-byte units. This enables the mapping of large files.<br />
<br />
<br />
In version 7 of Unix, ‘‘ioctl’’ system call is used for device-specific operations that can’t be done using the standard system calls. This helps to deal with a multitude of devices. Each device drivers would provide a set of ioctl request code to allow various operations on their device. Each various request code are hardware dependent so there is no standard available for this system call.<br />
<br />
== Information Maintenance Calls==<br />
Information maintenance calls are system calls that return the computers personal information back to the user or change it completely. These type of calls can be split up into three groups get/set time or date, get/set system data and get/set process, file, or device attributes. To fully understand the difference between Linux and UNIX in regrades to system calls, one must explore the three sub-types of information maintenance calls and see how they have changed over time.<br />
<br />
The first sub type is Get/set of time and/or date. In Linux, this can be done by a few different system calls, there are: 'gettimeofday' to get the time, 'settimeofday' to set it, 'time' returns the time in seconds and a few other ones like 'ftime'.In the earliest versions UNIX the used the system call was 'stime', which was used to interact with time and dates. 'stime' could return the time and date and sets the system’s idea of the time and date by altering the seconds. 'stime' is still being used by Linux because it is successful, unlike 'settimeofday', which was created to change timezones (tz_dsttime) as well as the time but each occurrence of this field call in the kernel source (apart from declaration) is a bug thus failing. <br />
<br />
The second sub type is get/set system data. UNIX does this by....<br />
<br />
The third sub type is get/set process, file, or device attributes, in UNIX there are several system calls for processing file and device attributes, some of these example are common to both UNIX and Linux are: 'stat' gets file status, 'fork' spawns new process and 'stty' sets mode of typewriter. In Linux there alot more system calls regaruding the third sub type here are a few of them: 'capget' get the capbailites of the proccess, 'capset' sets the capabilities process(add more) The 'capget' and 'capset' interacted with the raw kernel interface for getting and setting thread capabilities. These two system calls are specific to Linux and as suck the us of these functions (in particular the format of the cap_user_*_t types) are update as the kernel is update.<br />
<br />
== Process Control Calls==<br />
<br />
== Communications Calls==<br />
<br />
== Miscellaneous System Calls ==<br />
<br />
= References =<br />
<br />
Salus, Peter H. A Quarter Century of Unix, Publisher: Addison-Wesly Professional, June 10, 1994.<br />
<br />
Unix Programming Manual, http://cm.bell-labs.com/cm/cs/who/dmr/1stEdman.html, November 3, 1971.<br />
<br />
BSD System Calls Manual. http://www.unix.com/man-page/FreeBSD/2/, The Unix and Linux Forums.<br />
<br />
Linux Programmer's Manual, Linux man-pages project.<br />
http://www.kernel.org/doc/man-pages/</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=COMP_3000_Essay_1_2010_Question_2&diff=4001COMP 3000 Essay 1 2010 Question 22010-10-14T19:41:23Z<p>Csulliva: /* Information Maintenance Calls */</p>
<hr />
<div>=Question=<br />
How do the available system calls in modern versions of the Linux Kernel (2.6.30+) compare with the system calls available in the earliest versions of UNIX? How has the system call interface been expanded, and why? Focus on major changes or extensions in functionality.<br />
<br />
=Answer=<br />
<br />
A system call is a mean by which programs in the user space can access kernel services. Systems calls vary from operating system to operating system, although the underlying concepts tends to be the same. In general, a process is not supposed to be able to access the kernel directly. It can't access kernel memory and it can't call kernel functions. When the CPU prevents a process from accessing the kernel, this prevention is commonly known as, the protected mode. On the other hand, system calls are an exception to this rule. For example, older x86 processors used an interrupt mechanism to go from user-space to kernel-space, but newer processor (PentiumII+) provided instructions that optimize this transition using sysenter and sysexit instructions (Hayward, Mike. Intel P6 vs P7 system call performance. [http://lkml.org/lkml/2002/12/9/13], December 9, 2002). All system calls are small programs built using the C programming language.<br />
<br />
The Unix and Linux systems calls are roughly grouped into 6 major categories: file management, device management, information maintenance, process control, communications and miscellaneous calls. The miscellaneous calls are all the ones that don’t really fit in the other categories, like system calls dealing with errors. Today, the Unix and Linux operating system contains hundreds of system calls but in general, they all came from the 35 system calls that came with one of the original UNIX OS in the early 70s. In the next paragraphs, we’re going to describe the various system calls in each of the categories mentioned above, their evolution through history (major changes in functionality) and a comparison with the earliest versions of UNIX.<br />
<br />
<br />
== File Management Calls==<br />
<br />
The system calls in this group deal with every type of operation that is required to run a file system in the operating system. Create file, delete file, opening a file and closing a file are just a few examples of them and most of them hardly changed throughout the years. <br />
<br />
<br />
''chmod'', ''chown'' and ''chdir'' has been available since the first original UNIX (1971) and it is still used in today’s Linux kernels. The ''chmod'' and ''chown'' calls allows the users to change the file attributes and implements security to the file system. The system call ''chdir'' allows the process to change the current working directory. In the 4th distribution of UNIX from Berkeley (4BSD), new system calls were added to be able to give more control on the file system to the applications. The call ''chroot'' allows the process to change the current root directory with one specified in a path argument. ''fchmod'' and ''fchdir'' are the same as ''chmod'' and ''chdir'' except it takes file descriptors as arguments. As of Linux kernel 2.1.81, the ''chown'' system call follows symbolic link and introduce a new system call, ''lchown'', that does not follow symbolic links.<br />
<br />
<br />
Another four of the original UNIX system calls are ''open'', ''creat'', ''mkdir'' and ''close''. The ''open'' and ''creat'' calls allows processes to open and possibly create a file or device. Arguments flags are used to set either access modes, like O_RDONLY(read-only), to status flags, like O_APPEND(append mode). The only modifications made to the system calls were the addition of status flags where some of them are only linux-specific. The ''close'' call allows processes to close a file descriptor preventing it to be reused. No changes were made to it. ''mkdir'' allows the creation of a file directory. At that point, to delete a directory, users would need to make a series of ''link'' and ''unlink'' system calls. With Unix 4.2BSD, ''rmdir'' and solved the problem. The ''rename'' call was also added in 4.2BSD allowing processes to change the name or the location of a file.<br />
<br />
<br />
There is also system calls used to find, access and modify files. They are ’‘read’’, ‘‘write’’, ‘‘seek’’ and ‘‘stat’’. These were all part of earliest UNIX built. The ‘‘read’’ and ‘‘write’’ system calls allows to read and write from a file (assigned to a file descriptor). The only change was in SVR4 where a write can be interrupted at anytime. The ‘‘seek’’ system calls is used to go to a specified position in a file. This calls used a 16 bit address. But this was replaced very quickly for ‘‘lseek’’ as early as SVR4. It allows the call to use 32 bit addresses. It is still used in modern Linux and Unix systems even if developers are trying to implement ‘‘lseek64’’, a system call that will use 64 bit addresses. The ‘‘stat’’ system calls allows processes to get the status of a file. With SVR4, 2 other version of that system call were created: ‘‘fstat’’ and ‘‘lstat’’. They both do the same thing except ‘‘lstat’’ give the status of symbolic links and ‘‘fstat’’ give the status of a file specified by a file descriptor. Different operating systems will output different values to represent the state of a file. Since kernel 2.5.48, the stat returned a nanoseconds field in the file’s timestamp. With the release of 4.4BSD, two new system calls called ‘‘statvfs’’ and ‘‘fstatvfs’’ were introduced to provide information about a mounted file system. They both do the same thing except fstatvfs takes file descriptors as an argument. These calls are only used in an UNIX environment. In Linux, it has ‘‘statfs’’ and ‘‘fstatfs’’ to support that same call.<br />
<br />
<br />
The last two original UNIX system calls in this category that are still used today are ''link'' and ''unlink''. ''link'' creates a hard link to an existing file and ''unlink'' deletes a file link’s name and possibly the file it refers to. If the name refers to a symbolic link, only the link is removed. No major changes were done to the ''unlink'' system calls but new system calls were create from ''link''. The ''symlink'' system call was added in 4.2BSD to allow the creation of symbolic links in the file system. <br />
<br />
<br />
In the Linux 2.6.16 build, multiple system calls were created so that the calls could deal with relative pathnames as arguments. They can easily be spotted as the system call names all finish with 'at'. Here is a sample list of the created system calls: ''openat'', ''mkdirat'', ''fchmodat'', ''fchownat'', ''fstatat'', ''linkat'', ''unlinkat'', ''renameat'' and ''fchmodat''.<br />
<br />
== Device Management Calls==<br />
<br />
The device management system calls are linked to hardware and they are mainly used to requests for devices, release devices, to logically attach a device or to detach it, get and modified device attributes and read and write to them. <br />
<br />
<br />
Two of the most important system calls for the UNIX and Linux operating system is ‘‘mount’’ and ‘‘umount’’. These were among the few system calls available in UNIX in the 70s. The two calls allowed the operating system to load file systems on storage devices. A few changes were done to the mount system calls most of them were the creation of new mount flags to enhance performance. For example, since Linux 2.5.19, the MS_DIRSYNC flag permits the directory changes on a file system synchronous. Another Linux improvement was to provide per-process mount namespaces. This was added on the 2.4.19 kernel. If a process was created using clone() with the CLONE_NEWNS flag, the process will have a new namespace initialized to be a copy of the namespace of the process that was cloned. The ‘‘umount’’ system call unmounted the file system from the storage device. The only noteworthy change to ‘‘umount’’ was the creation of ‘‘umount2’’ in Linux 2.1.116. It is the same as ‘‘umount’’ except it allows different flags to control the operation.<br />
<br />
<br />
The ‘‘open’’, ‘‘read’’ and ‘‘write’’ calls can also be used to access devices. As discussed in the previous section, arguments flags are used to better control the device. You would use them as if the devices were files using the appropriate flags.<br />
<br />
<br />
With the System V Unix revision 4(SVR4) came the system call ‘‘mmap’’. This system call is used to map or unmap files or devices into memory. Once a device is mapped, the system call returns a pointer to the mapped area allowing processes to access that device. This system call is still used in a Unix environment but since Linux 2.4, Linux replaced it by the mmap2 system call. It is basically the same as mmap except for a final argument specifying the offset into a file in 4096-byte units. This enables the mapping of large files.<br />
<br />
<br />
In version 7 of Unix, ‘‘ioctl’’ system call is used for device-specific operations that can’t be done using the standard system calls. This helps to deal with a multitude of devices. Each device drivers would provide a set of ioctl request code to allow various operations on their device. Each various request code are hardware dependent so there is no standard available for this system call.<br />
<br />
== Information Maintenance Calls==<br />
Information maintenance calls are system calls that return the computers personal information back to the user or change it completely. These type of calls can be split up into three groups get/set time or date, get/set system data and get/set process, file, or device attributes. To fully understand the difference between Linux and UNIX in regrades to system call one must explore the three sub type of information maintenance calls and see how they have changed over time.<br />
<br />
The first sub type is Get/set of time and/or date, in Linux this can be done by a few different system call, there is: 'gettimeofday' to get the time, 'settimeofday' to set it, 'time' returns the time in seconds and a few other ones like 'ftime'.In the earliest versions UNIX the used the system call was 'stime', which was used to interact with time and dates. Stime could return the time and date and sets the system’s idea of the time and date by altering the seconds. 'stime' is still being used by Linux because it is successful, unlike 'settimeofday' which was created to change timezones (tz_dsttime) as well as the time but each occurrence of this field call in the kernel source(apart for declaration) is a bug thus failing. <br />
<br />
The second sub type is get/set system data. UNIX does this by....<br />
<br />
The third sub type is get/set process, file, or device attributes, in UNIX there are several system calls for processing file and device attributes, some of these example are: 'stat' gets file status, 'fork' spawns new process and 'stty' sets mode of typewriter.<br />
<br />
== Process Control Calls==<br />
<br />
== Communications Calls==<br />
<br />
== Miscellaneous System Calls ==<br />
<br />
= References =<br />
<br />
Salus, Peter H. A Quarter Century of Unix, Publisher: Addison-Wesly Professional, June 10, 1994.<br />
<br />
Unix Programming Manual, http://cm.bell-labs.com/cm/cs/who/dmr/1stEdman.html, November 3, 1971.<br />
<br />
BSD System Calls Manual. http://www.unix.com/man-page/FreeBSD/2/, The Unix and Linux Forums.<br />
<br />
Linux Programmer's Manual, Linux man-pages project.<br />
http://www.kernel.org/doc/man-pages/</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:COMP_3000_Essay_1_2010_Question_2&diff=3994Talk:COMP 3000 Essay 1 2010 Question 22010-10-14T19:32:20Z<p>Csulliva: </p>
<hr />
<div>Not in this group and I'm not completely sure if this is relevant but I found that UNIX used the POSIX standard while Linux used LSB which is based on the POSIX standard. <br />
This article outlines some conflicts between them [https://www.opengroup.org/platform/single_unix_specification/uploads/40/13450/POSIX_and_Linux_Application_Compatibility_Final_-_v1.0.pdf]. I didn't find the actual comparisons very comprehensible but the ideas are there. --[[User:Slay|Slay]] 15:05, 7 October 2010 (UTC)<br />
<br />
<br />
Uh, where did Figure 1 and much of the current text come from? It looks like it was cut and pasted from random source. Please don't plagarize! --[[User:Soma|Anil]] (19:24, 8 October 2010 (UTC))<br />
<br />
Look into the reference article "Kernel command using Linux system calls". Plagiarism is not my goal. I'm using my own words to make a simple but complete description of a system call using the interrupt method. Check the references and If you think it is too close, please let me know. It is hard when an author makes such a good and clear description.--[[User:Sblais2|Sblais2]] 21:02, 8 October 2010 (UTC)<br />
<br />
I thought it would be nice to first describe what is a system calls and the two current methods of doing them. The first is the interrupt method. The second which is used in Linux 2.6.18+ is using the sysenter and sysexit instructions.--[[User:Sblais2|Sblais2]] 19:56, 8 October 2010 (UTC)<br />
<br />
You can't use that figure. And you can't copy the text either, even if you change the words slightly. But really, you're just wasting your time. This question is not talking about how system calls are invoked; if you wanted to discuss this, you should be discussing system call invocation mechanisms on the PDP-11 and VAX systems! Here I'm interested in what are the calls, i.e., kernel functions that can be invoked by a regular program.--[[User:Soma|Anil]]<br />
<br />
This link provides about 40 UNIX system calls along with example on where they would be used from the looks of it: [http://www.di.uevora.pt/~lmr/syscalls.html]. --[[User:Apharan2|Apharan2]]<br />
<br />
Thank you for clarifying things. I will go that route. --[[User:Sblais2|Sblais2]] 13:08, 12 October 2010 (UTC)<br />
<br />
I don't see everyone contributing to this group. Please do let the others in your group know, divide your work into sections and discuss here. If you have questions - ask.--[[User:praman|Preeti]]<br />
<br />
<br />
This link shows all the system calls from Linux 2.6.33 [http://www.kernel.org/doc/man-pages/online/pages/man2/syscalls.2.html]<br />
--[[User:Sblais2|Sblais2]] 23:36, 12 October 2010 (UTC)<br />
<br />
As no one in our group made suggestion on the format of our essay, I've put one in place. In your research, each system calls should fit in one of the category. If someone picks one up. Please let me know ASAP. I will be working on that all day. Read the intro's last paragraph if your not sure what you should write on. My english writing skills are not perfect so if one of you guys see ways to improved the text, please do. --[[User:Sblais2|Sblais2]] 14:29, 13 October 2010 (UTC)<br />
<br />
Well I feel like I'm the only one in that team but...Anyway I've completed the first 2 sections. Please try working on the next 4. If you want to modify something, please post a small gist of it in here so we can all validate. Thanks. --[[User:Sblais2|Sblais2]] 20:10, 13 October 2010 (UTC)<br />
<br />
I am wondering if we have actually split up the work accordingly i am going to a temped to answer Information Maintenance if anyone has dibs please let me know - Csulliva<br />
I am finding this site that I find very helpfull to understand system called for linux an UNIX <br />
http://ss64.com/bash/<br />
-Csulliva<br />
<br />
<br />
I'll do process control calls. and help out on the last part that is not written up yet.I'll read the other parts as well just to get an understanding. [[User:Apharan2|Apharan2]]<br />
<br />
Csullliva, be careful not to confuse system calls and shell commands. Some of them have actually the same name, like ''mkdir''. But shell commands is on the user-level. Some of them will actually do system calls to complete the operation.<br />
It's good to finally hear from you guys.--[[User:Sblais2|Sblais2]] 01:39, 14 October 2010 (UTC)<br />
<br />
I'll work on the communication calls and the miscellaneous system calls. Not sure if you guys wanted to add more to this, but I can help out with writing a conclusion as well. I'm somewhat good at writing, so if i see any little things that I could touch up on, i'll help out with that.-R.arteaga<br />
<br />
after my confusion with bash and system calls i had some trouble find a system calls for linux that would effect time here a web site I found that helped me out with description regarding the calls http://www.digilife.be/quickreferences/QRC/LINUX%20System%20Call%20Quick%20Reference.pdf<br />
hopefully i am on the write track now....some one stop me if i am not -Csulliva<br />
<br />
Looks ok to me Csulliva, might want to check the link I posted in this discussion. It shows all the system calls in the Linux kernel 2.6.30. Then even show history information in it. It is then easy to track early Unix implementation. R.arteaga -> That would be great. I started thinking about a conclusion but writing is not my forte (unless I am underestimating myself). --[[User:Sblais2|Sblais2]] 11:59, 14 October 2010 (UTC)<br />
<br />
Also not to forget to add your references. I added mine in the reference section. --[[User:Sblais2|Sblais2]] 19:02, 14 October 2010 (UTC)<br />
<br />
My writing skills have never been any good. I've read through a whole bunch of the page and fixed a few typos here and there. I want to add to the "Information Maintenance Calls" section, but I can't promise that it will be any good. So feel free to help me out. -Dlangloi<br />
<br />
okay well i am currently working on the information maintenance calls part and i am a little stuck on the type system data so by all means help out.. that being said can anyone give me a hint on a system call that works with a system data in UNIX because i read the manual and i still drawing a blank, thanks-Csulliva</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=COMP_3000_Essay_1_2010_Question_2&diff=3992COMP 3000 Essay 1 2010 Question 22010-10-14T19:29:34Z<p>Csulliva: /* Information Maintenance Calls */</p>
<hr />
<div>=Question=<br />
How do the available system calls in modern versions of the Linux Kernel (2.6.30+) compare with the system calls available in the earliest versions of UNIX? How has the system call interface been expanded, and why? Focus on major changes or extensions in functionality.<br />
<br />
=Answer=<br />
<br />
A system call is a mean by which programs in the user space can access kernel services. Systems calls vary from operating system to operating system, although the underlying concepts tends to be the same. In general, a process is not supposed to be able to access the kernel directly. It can't access kernel memory and it can't call kernel functions. When the CPU prevents a process from accessing the kernel, this prevention is commonly known as, the protected mode. On the other hand, system calls are an exception to this rule. For example, older x86 processors used an interrupt mechanism to go from user-space to kernel-space, but newer processor (PentiumII+) provided instructions that optimize this transition using sysenter and sysexit instructions (Hayward, Mike. Intel P6 vs P7 system call performance. [http://lkml.org/lkml/2002/12/9/13], December 9, 2002). All system calls are small programs built using the C programming language.<br />
<br />
The Unix and Linux systems calls are roughly grouped into 6 major categories: file management, device management, information maintenance, process control, communications and miscellaneous calls. The miscellaneous calls are all the ones that don’t really fit in the other categories, like system calls dealing with errors. Today, the Unix and Linux operating system contains hundreds of system calls but in general, they all came from the 35 system calls that came with one of the original UNIX OS in the early 70s. In the next paragraphs, we’re going to describe the various system calls in each of the categories mentioned above, their evolution through history (major changes in functionality) and a comparison with the earliest versions of UNIX.<br />
<br />
<br />
== File Management Calls==<br />
<br />
The system calls in this group deal with every type of operation that is required to run a file system in the operating system. Create file, delete file, opening a file and closing a file are just a few examples of them and most of them hardly changed throughout the years. <br />
<br />
<br />
''chmod'', ''chown'' and ''chdir'' has been available since the first original UNIX (1971) and it is still used in today’s Linux kernels. The ''chmod'' and ''chown'' calls allows the users to change the file attributes and implements security to the file system. The system call ''chdir'' allows the process to change the current working directory. In the 4th distribution of UNIX from Berkeley (4BSD), new system calls were added to be able to give more control on the file system to the applications. The call ''chroot'' allows the process to change the current root directory with one specified in a path argument. ''fchmod'' and ''fchdir'' are the same as ''chmod'' and ''chdir'' except it takes file descriptors as arguments. As of Linux kernel 2.1.81, the ''chown'' system call follows symbolic link and introduce a new system call, ''lchown'', that does not follow symbolic links.<br />
<br />
<br />
Another four of the original UNIX system calls are ''open'', ''creat'', ''mkdir'' and ''close''. The ''open'' and ''creat'' calls allows processes to open and possibly create a file or device. Arguments flags are used to set either access modes, like O_RDONLY(read-only), to status flags, like O_APPEND(append mode). The only modifications made to the system calls were the addition of status flags where some of them are only linux-specific. The ''close'' call allows processes to close a file descriptor preventing it to be reused. No changes were made to it. ''mkdir'' allows the creation of a file directory. At that point, to delete a directory, users would need to make a series of ''link'' and ''unlink'' system calls. With Unix 4.2BSD, ''rmdir'' and solved the problem. The ''rename'' call was also added in 4.2BSD allowing processes to change the name or the location of a file.<br />
<br />
<br />
There is also system calls used to find, access and modify files. They are ’‘read’’, ‘‘write’’, ‘‘seek’’ and ‘‘stat’’. These were all part of earliest UNIX built. The ‘‘read’’ and ‘‘write’’ system calls allows to read and write from a file (assigned to a file descriptor). The only change was in SVR4 where a write can be interrupted at anytime. The ‘‘seek’’ system calls is used to go to a specified position in a file. This calls used a 16 bit address. But this was replaced very quickly for ‘‘lseek’’ as early as SVR4. It allows the call to use 32 bit addresses. It is still used in modern Linux and Unix systems even if developers are trying to implement ‘‘lseek64’’, a system call that will use 64 bit addresses. The ‘‘stat’’ system calls allows processes to get the status of a file. With SVR4, 2 other version of that system call were created: ‘‘fstat’’ and ‘‘lstat’’. They both do the same thing except ‘‘lstat’’ give the status of symbolic links and ‘‘fstat’’ give the status of a file specified by a file descriptor. Different operating systems will output different values to represent the state of a file. Since kernel 2.5.48, the stat returned a nanoseconds field in the file’s timestamp. With the release of 4.4BSD, two new system calls called ‘‘statvfs’’ and ‘‘fstatvfs’’ were introduced to provide information about a mounted file system. They both do the same thing except fstatvfs takes file descriptors as an argument. These calls are only used in an UNIX environment. In Linux, it has ‘‘statfs’’ and ‘‘fstatfs’’ to support that same call.<br />
<br />
<br />
The last two original UNIX system calls in this category that are still used today are ''link'' and ''unlink''. ''link'' creates a hard link to an existing file and ''unlink'' deletes a file link’s name and possibly the file it refers to. If the name refers to a symbolic link, only the link is removed. No major changes were done to the ''unlink'' system calls but new system calls were create from ''link''. The ''symlink'' system call was added in 4.2BSD to allow the creation of symbolic links in the file system. <br />
<br />
<br />
In the Linux 2.6.16 build, multiple system calls were created so that the calls could deal with relative pathnames as arguments. They can easily be spotted as the system call names all finish with 'at'. Here is a sample list of the created system calls: ''openat'', ''mkdirat'', ''fchmodat'', ''fchownat'', ''fstatat'', ''linkat'', ''unlinkat'', ''renameat'' and ''fchmodat''.<br />
<br />
== Device Management Calls==<br />
<br />
The device management system calls are linked to hardware and they are mainly used to requests for devices, release devices, to logically attach a device or to detach it, get and modified device attributes and read and write to them. <br />
<br />
<br />
Two of the most important system calls for the UNIX and Linux operating system is ‘‘mount’’ and ‘‘umount’’. These were among the few system calls available in UNIX in the 70s. The two calls allowed the operating system to load file systems on storage devices. A few changes were done to the mount system calls most of them were the creation of new mount flags to enhance performance. For example, since Linux 2.5.19, the MS_DIRSYNC flag permits the directory changes on a file system synchronous. Another Linux improvement was to provide per-process mount namespaces. This was added on the 2.4.19 kernel. If a process was created using clone() with the CLONE_NEWNS flag, the process will have a new namespace initialized to be a copy of the namespace of the process that was cloned. The ‘‘umount’’ system call unmounted the file system from the storage device. The only noteworthy change to ‘‘umount’’ was the creation of ‘‘umount2’’ in Linux 2.1.116. It is the same as ‘‘umount’’ except it allows different flags to control the operation.<br />
<br />
<br />
The ‘‘open’’, ‘‘read’’ and ‘‘write’’ calls can also be used to access devices. As discussed in the previous section, arguments flags are used to better control the device. You would use them as if the devices were files using the appropriate flags.<br />
<br />
<br />
With the System V Unix revision 4(SVR4) came the system call ‘‘mmap’’. This system call is used to map or unmap files or devices into memory. Once a device is mapped, the system call returns a pointer to the mapped area allowing processes to access that device. This system call is still used in a Unix environment but since Linux 2.4, Linux replaced it by the mmap2 system call. It is basically the same as mmap except for a final argument specifying the offset into a file in 4096-byte units. This enables the mapping of large files.<br />
<br />
<br />
In version 7 of Unix, ‘‘ioctl’’ system call is used for device-specific operations that can’t be done using the standard system calls. This helps to deal with a multitude of devices. Each device drivers would provide a set of ioctl request code to allow various operations on their device. Each various request code are hardware dependent so there is no standard available for this system call.<br />
<br />
== Information Maintenance Calls==<br />
Information maintenance calls are system calls that return the computers personal information back to the user or change it completely. These type of calls can be split up into three groups get/set time or date, get/set system data and get/set process, file, or device attributes. To fully understand the difference between Linux and UNIX in regrades to system call one must explore the three sub type of information maintenance calls and see how they have changed over time.<br />
<br />
The first sub type is Get/set of time and/or date, in Linux this can be done by a few different system call, there is: 'gettimeofday' to get the time, 'settimeofday' to set it, 'time' returns the time in seconds and a few other ones like 'ftime'.In the earliest versions UNIX the used the system call was 'stime', which was used to interact with time and dates. Stime could return the time and date and sets the system’s idea of the time and date by altering the seconds. 'stime' is still being used by Linux because it is successful, unlike 'settimeofday' which was created to change timezones (tz_dsttime) as well as the time but each occurrence of this field call in the kernel source(apart for declaration) is a bug thus failing. <br />
<br />
The second sub type is get/set system data. UNIX does this by....<br />
<br />
== Process Control Calls==<br />
<br />
== Communications Calls==<br />
<br />
== Miscellaneous System Calls ==<br />
<br />
= References =<br />
<br />
Salus, Peter H. A Quarter Century of Unix, Publisher: Addison-Wesly Professional, June 10, 1994.<br />
<br />
Unix Programming Manual, http://cm.bell-labs.com/cm/cs/who/dmr/1stEdman.html, November 3, 1971.<br />
<br />
BSD System Calls Manual. http://www.unix.com/man-page/FreeBSD/2/, The Unix and Linux Forums.<br />
<br />
Linux Programmer's Manual, Linux man-pages project.<br />
http://www.kernel.org/doc/man-pages/</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=COMP_3000_Essay_1_2010_Question_2&diff=3807COMP 3000 Essay 1 2010 Question 22010-10-14T15:22:26Z<p>Csulliva: /* Information Maintenance Calls */</p>
<hr />
<div>=Question=<br />
How do the available system calls in modern versions of the Linux Kernel (2.6.30+) compare with the system calls available in the earliest versions of UNIX? How has the system call interface been expanded, and why? Focus on major changes or extensions in functionality.<br />
<br />
=Answer=<br />
<br />
A system call is a mean by which programs in the user space can access kernel services. Systems calls vary from operating system to operating system, although the underlying concepts tends to be the same. In general, a process is not supposed to be able to access the kernel directly. It can't access kernel memory and it can't call kernel functions. When the CPU prevents a process from accessing the kernel, this prevention is commonly known as, the protected mode. On the other hand, system calls are an exception to this rule. For example, older x86 processors used an interrupt mechanism to go from user-space to kernel-space, but newer processor (PentiumII+) provided instructions that optimize this transition (using sysenter and sysexit instructions). All system calls are small programs built using the C programming language.<br />
<br />
The Unix and Linux systems calls are roughly grouped into 6 major categories: file management, device management, information maintenance, process control, communications and miscellaneous calls. The miscellaneous calls are all the ones that don’t really fit in the other categories, like system calls dealing with errors. Today, the Unix and Linux operating system contains hundreds of system calls but in general, they all came from the 35 system calls that came with one of the original UNIX OS in the early 70s. In the next paragraphs, we’re going to describe the various system calls in each of the categories mentioned above, their evolution through history (major changes in functionality) and a comparison with the earliest versions of UNIX.<br />
<br />
<br />
== File Management Calls==<br />
<br />
The system calls in this group deal with every type of operation that is required to run a file system in the operating system. Create file, delete file, opening a file and closing a file are just a few examples of them and most of them hardly changed throughout the years. <br />
<br />
<br />
''chmod'', ''chown'' and ''chdir'' has been available since the earliest UNIX and it is still used in today’s Linux kernels. The ''chmod'' and ''chown'' calls allows the users to change the file attributes and implements security to the file system. The system call ''chdir'' allows the process to change the current working directory. In the 4th distribution of UNIX from Berkeley (4BSD), new system calls were added to be able to give more control on the file system to the applications. The call ''chroot'' allows the process to change the current root directory with one specified in a path argument. ''fchmod'' and ''fchdir'' are the same as ''chmod'' and ''chdir'' except it takes file descriptors as arguments. As of Linux kernel 2.1.81, the ''chown'' system call follows symbolic link and introduce a new system call, ''lchown'', that does not follow symbolic links. As of Linux 2.6.16, ''fchownat'' and ''fchmodat'' was added. It operates the same way as ''chown'' and ''chmod'' but takes more arguments to deal with relative pathnames. <br />
<br />
<br />
Another four of the original UNIX system calls are ''open'', ''creat'', ''mkdir'' and ''close''. The ''open'' and ''creat'' calls allows processes to open and possibly create a file or device. Arguments flags are used to set either access modes, like O_RDONLY(read-only), to status flags, like O_APPEND(append mode). The only modifications made to the system calls were the addition of status flags where some of them are only linux-specific. The ''close'' call allows processes to close a file descriptor preventing it to be reused. No changes were made to it. ''mkdir'' allows the creation of a file directory. At that point, to delete a directory, users would need to make a series of ''link'' and ''unlink'' system calls. With Unix 4.2BSD, ''rmdir'' and solved the problem. The ''rename'' call was also added in 4.2BSD allowing processes to change the name or the location of a file.As of Linux 2.6.16, ''openat'', ''mkdirat'' and ''renameat'' was added. It for the same reasons as ''fchmodat'' and ''fchmownat''. <br />
<br />
<br />
There is also system calls used to find, access and modify files. They are ’‘read’’, ‘‘write’’, ‘‘seek’’ and ‘‘stat’’. These were all part of earliest UNIX built. The ‘‘read’’ and ‘‘write’’ system calls allows to read and write from a file (assigned to a file descriptor). The only change was in SVR4 where a write can be interrupted at anytime. The ‘‘seek’’ system calls is used to go to a specified position in a file. This calls used a 16 bit address. But this was replaced very quickly for ‘‘lseek’’ as early as SVR4. It allows the call to use 32 bit addresses. It is still used in modern Linux and Unix systems even if developers are trying to implement ‘‘lseek64’’, a system call that will use 64 bit addresses. The ‘‘stat’’ system calls allows processes to get the status of a file. With SVR4, 2 other version of that system call were created: ‘‘fstat’’ and ‘‘lstat’’. They both do the same thing except ‘‘lstat’’ give the status of symbolic links and ‘‘fstat’’ give the status of a file specified by a file descriptor. Different operating systems will output different values to represent the state of a file. Since kernel 2.5.48, the stat returned a nanoseconds field in the file’s timestamp. The ‘‘fstatat’’ system call was added to Linux kernel 2.6.16. This is again for the same reason as ‘‘openat’’. With the release of 4.4BSD, two new system calls called ‘‘statvfs’’ and ‘‘fstatvfs’’ were introduced to provide information about a mounted file system. They both do the same thing except fstatvfs takes file descriptors as an argument. These calls are only used in an UNIX environment. In Linux, it has ‘‘statfs’’ and ‘‘fstatfs’’ to support that same call.<br />
<br />
<br />
The last two original UNIX system calls in this category that are still used today are ''link'' and ''unlink''. ''link'' creates a hard link to an existing file and ''unlink'' deletes a file link’s name and possibly the file it refers to. If the name refers to a symbolic link, only the link is removed. No major changes were done to the ''unlink'' system calls but new system calls were create from ''link''. The ''symlink'' system call was added in 4.2BSD to allow the creation of symbolic links in the file system. Again in Linux 2.6.16, ''linkat'' and ''unlinkat'' were added for the same reasons as ''openat'', ''fchmadat'' and ''fchownat''.<br />
<br />
== Device Management Calls==<br />
<br />
The device management system calls are linked to hardware and they are mainly used to requests for devices, release devices, to logically attach a device or to detach it, get and modified device attributes and read and write to them. <br />
<br />
<br />
Two of the most important system calls for the UNIX and Linux operating system is ‘‘mount’’ and ‘‘umount’’. These were among the few system calls available in UNIX in the 70s. The two calls allowed the operating system to load file systems on storage devices. A few changes were done to the mount system calls most of them were the creation of new mount flags to enhance performance. For example, since Linux 2.5.19, the MS_DIRSYNC flag permits the directory changes on a file system synchronous. Another Linux improvement was to provide per-process mount namespaces. This was added on the 2.4.19 kernel. If a process was created using clone() with the CLONE_NEWNS flag, the process will have a new namespace initialized to be a copy of the namespace of the process that was cloned. The ‘‘umount’’ system call unmounted the file system from the storage device. The only noteworthy change to ‘‘umount’’ was the creation of ‘‘umount2’’ in Linux 2.1.116. It is the same as ‘‘umount’’ except it allows different flags to control the operation.<br />
<br />
<br />
The ‘‘open’’, ‘‘read’’ and ‘‘write’’ calls can also be used to access devices. As discussed in the previous section, arguments flags are used to better control the device. You would use them as if the devices were files using the appropriate flags.<br />
<br />
<br />
With the System V Unix revision 4(SVR4) came the system call ‘‘mmap’’. This system call is used to map or unmap files or devices into memory. Once a device is mapped, the system call returns a pointer to the mapped area allowing processes to access that device. This system call is still used in a Unix environment but since Linux 2.4, Linux replaced it by the mmap2 system call. It is basically the same as mmap except for a final argument specifying the offset into a file in 4096-byte units. This enables the mapping of large files.<br />
<br />
<br />
In version 7 of Unix, ‘‘ioctl’’ system call is used for device-specific operations that can’t be done using the standard system calls. This helps to deal with a multitude of devices. Each device drivers would provide a set of ioctl request code to allow various operations on their device. Each various request code are hardware dependent so there is no standard available for this system call.<br />
<br />
== Information Maintenance Calls==<br />
Information maintenance calls are system calls that return the computers personal information back to the user or change it completely. These type of calls can be split up into three groups get/set time or date, get/set system data and get/set process,file, or device attributes. To fully understand the difference between Linux and UNIX in regrades to system call one must explore the three sub type of information maintenance calls and see how they have changed over time.<br />
<br />
The First sub type is Get/set of time and/or date, in Linux this can be done by a few different system call, there is: 'gettimeofday' to get the time, 'settimeofday' to set it, 'time' returns the time in seconds. The earliest versions UNIX used the system call 'stime' to interacted with time and dates. Stime could return the time and date and sets the system’s idea of the time and date by altering the seconds. 'stime' is still being used by Linux because it is successful, unlike 'settimeofday' which was created to change timezones (tz_dsttime) as well as the time but each occurrence of this field in the kernel source(apart for declaration) is a bug thus failing. (come back to) <br />
<br />
The second sub type is get/set system data. UNIX does this by....<br />
<br />
== Process Control Calls==<br />
<br />
== Communications Calls==<br />
<br />
== Miscellaneous System Calls ==<br />
<br />
= References =<br />
Here is the original manual --[[User:Lmundt|Lmundt]] 18:29, 7 October 2010 (UTC)<br />
http://cm.bell-labs.com/cm/cs/who/dmr/1stEdman.html<br />
<br />
Linux Programmer's Manual, Linux man-pages project.<br />
http://www.kernel.org/doc/man-pages/</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=COMP_3000_Essay_1_2010_Question_2&diff=3722COMP 3000 Essay 1 2010 Question 22010-10-14T13:35:59Z<p>Csulliva: /* Information Maintenance Calls */</p>
<hr />
<div>=Question=<br />
How do the available system calls in modern versions of the Linux Kernel (2.6.30+) compare with the system calls available in the earliest versions of UNIX? How has the system call interface been expanded, and why? Focus on major changes or extensions in functionality.<br />
<br />
=Answer=<br />
<br />
A system call is a mean by which programs in the user space can access kernel services. Systems calls vary from operating system to operating system, although the underlying concepts tends to be the same. In general, a process is not supposed to be able to access the kernel directly. It can't access kernel memory and it can't call kernel functions. When the CPU prevents a process from accessing the kernel, this prevention is commonly known as, the protected mode. On the other hand, system calls are an exception to this rule. For example, older x86 processors used an interrupt mechanism to go from user-space to kernel-space, but newer processor (PentiumII+) provided instructions that optimize this transition (using sysenter and sysexit instructions). All system calls are small programs built using the C programming language.<br />
<br />
The Unix and Linux systems calls are roughly grouped into 6 major categories: file management, device management, information maintenance, process control, communications and miscellaneous calls. The miscellaneous calls are all the ones that don’t really fit in the other categories, like system calls dealing with errors. Today, the Unix and Linux operating system contains hundreds of system calls but in general, they all came from the 35 system calls that came with one of the original UNIX OS in the early 70s. In the next paragraphs, we’re going to describe the various system calls in each of the categories mentioned above, their evolution through history (major changes in functionality) and a comparison with the earliest versions of UNIX.<br />
<br />
<br />
== File Management Calls==<br />
<br />
The system calls in this group deal with every type of operation that is required to run a file system in the operating system. Create file, delete file, opening a file and closing a file are just a few examples of them and most of them hardly changed throughout the years. <br />
<br />
<br />
''chmod'', ''chown'' and ''chdir'' has been available since the earliest UNIX and it is still used in today’s Linux kernels. The ''chmod'' and ''chown'' calls allows the users to change the file attributes and implements security to the file system. The system call ''chdir'' allows the process to change the current working directory. In the 4th distribution of UNIX from Berkeley (4BSD), new system calls were added to be able to give more control on the file system to the applications. The call ''chroot'' allows the process to change the current root directory with one specified in a path argument. ''fchmod'' and ''fchdir'' are the same as ''chmod'' and ''chdir'' except it takes file descriptors as arguments. As of Linux kernel 2.1.81, the ''chown'' system call follows symbolic link and introduce a new system call, ''lchown'', that does not follow symbolic links. As of Linux 2.6.16, ''fchownat'' and ''fchmodat'' was added. It operates the same way as ''chown'' and ''chmod'' but takes more arguments to deal with relative pathnames. <br />
<br />
<br />
Another four of the original UNIX system calls are ''open'', ''creat'', ''mkdir'' and ''close''. The ''open'' and ''creat'' calls allows processes to open and possibly create a file or device. Arguments flags are used to set either access modes, like O_RDONLY(read-only), to status flags, like O_APPEND(append mode). The only modifications made to the system calls were the addition of status flags where some of them are only linux-specific. The ''close'' call allows processes to close a file descriptor preventing it to be reused. No changes were made to it. ''mkdir'' allows the creation of a file directory. At that point, to delete a directory, users would need to make a series of ''link'' and ''unlink'' system calls. With Unix 4.2BSD, ''rmdir'' and solved the problem. The ''rename'' call was also added in 4.2BSD allowing processes to change the name or the location of a file.As of Linux 2.6.16, ''openat'', ''mkdirat'' and ''renameat'' was added. It for the same reasons as ''fchmodat'' and ''fchmownat''. <br />
<br />
<br />
There is also system calls used to find, access and modify files. They are ’‘read’’, ‘‘write’’, ‘‘seek’’ and ‘‘stat’’. These were all part of earliest UNIX built. The ‘‘read’’ and ‘‘write’’ system calls allows to read and write from a file (assigned to a file descriptor). The only change was in SVR4 where a write can be interrupted at anytime. The ‘‘seek’’ system calls is used to go to a specified position in a file. This calls used a 16 bit address. But this was replaced very quickly for ‘‘lseek’’ as early as SVR4. It allows the call to use 32 bit addresses. It is still used in modern Linux and Unix systems even if developers are trying to implement ‘‘lseek64’’, a system call that will use 64 bit addresses. The ‘‘stat’’ system calls allows processes to get the status of a file. With SVR4, 2 other version of that system call were created: ‘‘fstat’’ and ‘‘lstat’’. They both do the same thing except ‘‘lstat’’ give the status of symbolic links and ‘‘fstat’’ give the status of a file specified by a file descriptor. Different operating systems will output different values to represent the state of a file. Since kernel 2.5.48, the stat returned a nanoseconds field in the file’s timestamp. The ‘‘fstatat’’ system call was added to Linux kernel 2.6.16. This is again for the same reason as ‘‘openat’’. With the release of 4.4BSD, two new system calls called ‘‘statvfs’’ and ‘‘fstatvfs’’ were introduced to provide information about a mounted file system. They both do the same thing except fstatvfs takes file descriptors as an argument. These calls are only used in an UNIX environment. In Linux, it has ‘‘statfs’’ and ‘‘fstatfs’’ to support that same call.<br />
<br />
<br />
The last two original UNIX system calls in this category that are still used today are ''link'' and ''unlink''. ''link'' creates a hard link to an existing file and ''unlink'' deletes a file link’s name and possibly the file it refers to. If the name refers to a symbolic link, only the link is removed. No major changes were done to the ''unlink'' system calls but new system calls were create from ''link''. The ''symlink'' system call was added in 4.2BSD to allow the creation of symbolic links in the file system. Again in Linux 2.6.16, ''linkat'' and ''unlinkat'' were added for the same reasons as ''openat'', ''fchmadat'' and ''fchownat''.<br />
<br />
== Device Management Calls==<br />
<br />
The device management system calls are linked to hardware and they are mainly used to requests for devices, release devices, to logically attach a device or to detach it, get and modified device attributes and read and write to them. <br />
<br />
<br />
Two of the most important system calls for the UNIX and Linux operating system is ‘‘mount’’ and ‘‘umount’’. These were among the few system calls available in UNIX in the 70s. The two calls allowed the operating system to load file systems on storage devices. A few changes were done to the mount system calls most of them were the creation of new mount flags to enhance performance. For example, since Linux 2.5.19, the MS_DIRSYNC flag permits the directory changes on a file system synchronous. Another Linux improvement was to provide per-process mount namespaces. This was added on the 2.4.19 kernel. If a process was created using clone() with the CLONE_NEWNS flag, the process will have a new namespace initialized to be a copy of the namespace of the process that was cloned. The ‘‘umount’’ system call unmounted the file system from the storage device. The only noteworthy change to ‘‘umount’’ was the creation of ‘‘umount2’’ in Linux 2.1.116. It is the same as ‘‘umount’’ except it allows different flags to control the operation.<br />
<br />
<br />
The ‘‘open’’, ‘‘read’’ and ‘‘write’’ calls can also be used to access devices. As discussed in the previous section, arguments flags are used to better control the device. You would use them as if the devices were files using the appropriate flags.<br />
<br />
<br />
With the System V Unix revision 4(SVR4) came the system call ‘‘mmap’’. This system call is used to map or unmap files or devices into memory. Once a device is mapped, the system call returns a pointer to the mapped area allowing processes to access that device. This system call is still used in a Unix environment but since Linux 2.4, Linux replaced it by the mmap2 system call. It is basically the same as mmap except for a final argument specifying the offset into a file in 4096-byte units. This enables the mapping of large files.<br />
<br />
<br />
In version 7 of Unix, ‘‘ioctl’’ system call is used for device-specific operations that can’t be done using the standard system calls. This helps to deal with a multitude of devices. Each device drivers would provide a set of ioctl request code to allow various operations on their device. Each various request code are hardware dependent so there is no standard available for this system call.<br />
<br />
== Information Maintenance Calls==<br />
Information maintenance calls are system calls that return the computers personal information back to the user or change it completely. These type of calls can be split up into three groups get/set time or date, get/set system data and get/set process,file, or device attributes. To fully understand the difference between Linux and UNIX in regrades to system call one must explore the three sub type of information maintenance calls and see how they have changed over time.<br />
<br />
The First sub type is Get/set of time and/or date, in Linux this can be done by a few different system call, there is: 'gettimeofday' to get the time, 'settimeofday' to set it, 'date', 'ftime' returns the time and date. In the earliest versions UNIX the system call that was used to interacted with the date and time was 'stime' which could only set it based on seconds and get the time. 'stime' is still being used by Linux but because it works unlike 'settimeofday' which was created to change timezones (tz_dsttime) as well as the time but each occurrence of this field in the kernel source(apart for declaration) is a bug.<br />
<br />
The second sub type is get/set system data. UNIX does this by....<br />
<br />
== Process Control Calls==<br />
<br />
== Communications Calls==<br />
<br />
== Miscellaneous System Calls ==<br />
<br />
= References =<br />
Here is the original manual --[[User:Lmundt|Lmundt]] 18:29, 7 October 2010 (UTC)<br />
http://cm.bell-labs.com/cm/cs/who/dmr/1stEdman.html<br />
<br />
Linux Programmer's Manual, Linux man-pages project.<br />
http://www.kernel.org/doc/man-pages/</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=COMP_3000_Essay_1_2010_Question_2&diff=3709COMP 3000 Essay 1 2010 Question 22010-10-14T13:17:00Z<p>Csulliva: /* Information Maintenance Calls */</p>
<hr />
<div>=Question=<br />
How do the available system calls in modern versions of the Linux Kernel (2.6.30+) compare with the system calls available in the earliest versions of UNIX? How has the system call interface been expanded, and why? Focus on major changes or extensions in functionality.<br />
<br />
=Answer=<br />
<br />
A system call is a mean by which programs in the user space can access kernel services. Systems calls vary from operating system to operating system, although the underlying concepts tends to be the same. In general, a process is not supposed to be able to access the kernel directly. It can't access kernel memory and it can't call kernel functions. When the CPU prevents a process from accessing the kernel, this prevention is commonly known as, the protected mode. On the other hand, system calls are an exception to this rule. For example, older x86 processors used an interrupt mechanism to go from user-space to kernel-space, but newer processor (PentiumII+) provided instructions that optimize this transition (using sysenter and sysexit instructions). All system calls are small programs built using the C programming language.<br />
<br />
The Unix and Linux systems calls are roughly grouped into 6 major categories: file management, device management, information maintenance, process control, communications and miscellaneous calls. The miscellaneous calls are all the ones that don’t really fit in the other categories, like system calls dealing with errors. Today, the Unix and Linux operating system contains hundreds of system calls but in general, they all came from the 35 system calls that came with one of the original UNIX OS in the early 70s. In the next paragraphs, we’re going to describe the various system calls in each of the categories mentioned above, their evolution through history (major changes in functionality) and a comparison with the earliest versions of UNIX.<br />
<br />
<br />
== File Management Calls==<br />
<br />
The system calls in this group deal with every type of operation that is required to run a file system in the operating system. Create file, delete file, opening a file and closing a file are just a few examples of them and most of them hardly changed throughout the years. <br />
<br />
<br />
''chmod'', ''chown'' and ''chdir'' has been available since the earliest UNIX and it is still used in today’s Linux kernels. The ''chmod'' and ''chown'' calls allows the users to change the file attributes and implements security to the file system. The system call ''chdir'' allows the process to change the current working directory. In the 4th distribution of UNIX from Berkeley (4BSD), new system calls were added to be able to give more control on the file system to the applications. The call ''chroot'' allows the process to change the current root directory with one specified in a path argument. ''fchmod'' and ''fchdir'' are the same as ''chmod'' and ''chdir'' except it takes file descriptors as arguments. As of Linux kernel 2.1.81, the ''chown'' system call follows symbolic link and introduce a new system call, ''lchown'', that does not follow symbolic links. As of Linux 2.6.16, ''fchownat'' and ''fchmodat'' was added. It operates the same way as ''chown'' and ''chmod'' but takes more arguments to deal with relative pathnames. <br />
<br />
<br />
Another four of the original UNIX system calls are ''open'', ''creat'', ''mkdir'' and ''close''. The ''open'' and ''creat'' calls allows processes to open and possibly create a file or device. Arguments flags are used to set either access modes, like O_RDONLY(read-only), to status flags, like O_APPEND(append mode). The only modifications made to the system calls were the addition of status flags where some of them are only linux-specific. The ''close'' call allows processes to close a file descriptor preventing it to be reused. No changes were made to it. ''mkdir'' allows the creation of a file directory. At that point, to delete a directory, users would need to make a series of ''link'' and ''unlink'' system calls. With Unix 4.2BSD, ''rmdir'' and solved the problem. The ''rename'' call was also added in 4.2BSD allowing processes to change the name or the location of a file.As of Linux 2.6.16, ''openat'', ''mkdirat'' and ''renameat'' was added. It for the same reasons as ''fchmodat'' and ''fchmownat''. <br />
<br />
<br />
There is also system calls used to find, access and modify files. They are ’‘read’’, ‘‘write’’, ‘‘seek’’ and ‘‘stat’’. These were all part of earliest UNIX built. The ‘‘read’’ and ‘‘write’’ system calls allows to read and write from a file (assigned to a file descriptor). The only change was in SVR4 where a write can be interrupted at anytime. The ‘‘seek’’ system calls is used to go to a specified position in a file. This calls used a 16 bit address. But this was replaced very quickly for ‘‘lseek’’ as early as SVR4. It allows the call to use 32 bit addresses. It is still used in modern Linux and Unix systems even if developers are trying to implement ‘‘lseek64’’, a system call that will use 64 bit addresses. The ‘‘stat’’ system calls allows processes to get the status of a file. With SVR4, 2 other version of that system call were created: ‘‘fstat’’ and ‘‘lstat’’. They both do the same thing except ‘‘lstat’’ give the status of symbolic links and ‘‘fstat’’ give the status of a file specified by a file descriptor. Different operating systems will output different values to represent the state of a file. Since kernel 2.5.48, the stat returned a nanoseconds field in the file’s timestamp. The ‘‘fstatat’’ system call was added to Linux kernel 2.6.16. This is again for the same reason as ‘‘openat’’. With the release of 4.4BSD, two new system calls called ‘‘statvfs’’ and ‘‘fstatvfs’’ were introduced to provide information about a mounted file system. They both do the same thing except fstatvfs takes file descriptors as an argument. These calls are only used in an UNIX environment. In Linux, it has ‘‘statfs’’ and ‘‘fstatfs’’ to support that same call.<br />
<br />
<br />
The last two original UNIX system calls in this category that are still used today are ''link'' and ''unlink''. ''link'' creates a hard link to an existing file and ''unlink'' deletes a file link’s name and possibly the file it refers to. If the name refers to a symbolic link, only the link is removed. No major changes were done to the ''unlink'' system calls but new system calls were create from ''link''. The ''symlink'' system call was added in 4.2BSD to allow the creation of symbolic links in the file system. Again in Linux 2.6.16, ''linkat'' and ''unlinkat'' were added for the same reasons as ''openat'', ''fchmadat'' and ''fchownat''.<br />
<br />
== Device Management Calls==<br />
<br />
The device management system calls are linked to hardware and they are mainly used to requests for devices, release devices, to logically attach a device or to detach it, get and modified device attributes and read and write to them. <br />
<br />
<br />
Two of the most important system calls for the UNIX and Linux operating system is ‘‘mount’’ and ‘‘umount’’. These were among the few system calls available in UNIX in the 70s. The two calls allowed the operating system to load file systems on storage devices. A few changes were done to the mount system calls most of them were the creation of new mount flags to enhance performance. For example, since Linux 2.5.19, the MS_DIRSYNC flag permits the directory changes on a file system synchronous. Another Linux improvement was to provide per-process mount namespaces. This was added on the 2.4.19 kernel. If a process was created using clone() with the CLONE_NEWNS flag, the process will have a new namespace initialized to be a copy of the namespace of the process that was cloned. The ‘‘umount’’ system call unmounted the file system from the storage device. The only noteworthy change to ‘‘umount’’ was the creation of ‘‘umount2’’ in Linux 2.1.116. It is the same as ‘‘umount’’ except it allows different flags to control the operation.<br />
<br />
<br />
The ‘‘open’’, ‘‘read’’ and ‘‘write’’ calls can also be used to access devices. As discussed in the previous section, arguments flags are used to better control the device. You would use them as if the devices were files using the appropriate flags.<br />
<br />
<br />
With the System V Unix revision 4(SVR4) came the system call ‘‘mmap’’. This system call is used to map or unmap files or devices into memory. Once a device is mapped, the system call returns a pointer to the mapped area allowing processes to access that device. This system call is still used in a Unix environment but since Linux 2.4, Linux replaced it by the mmap2 system call. It is basically the same as mmap except for a final argument specifying the offset into a file in 4096-byte units. This enables the mapping of large files.<br />
<br />
<br />
In version 7 of Unix, ‘‘ioctl’’ system call is used for device-specific operations that can’t be done using the standard system calls. This helps to deal with a multitude of devices. Each device drivers would provide a set of ioctl request code to allow various operations on their device. Each various request code are hardware dependent so there is no standard available for this system call.<br />
<br />
== Information Maintenance Calls==<br />
Information maintenance calls are system calls that return the computers personal information back to the user or change it completely. These type of calls can be split up into three groups get/set time or date, get/set system data and get/set process,file, or device attributes. To fully understand the difference between Linux and UNIX in regrades to system call one must explore the three sub type of information maintenance calls and see how they have changed over time.<br />
<br />
The First sub type is Get/set time or date, in Linux this is done by the system call 'gettimeofday' to get the date and the time and 'settimeofday' to set it. In the earliest versions UNIX the system call that was used to inhteracted with the date and time was 'stime' which only set it based on seconds. 'stime' is still being used by Linux but because there was no way to set up the timezone...... easy way in to change anything else like timezones and dates 'stime' was evolved into 'settimeofday' and they added a get time and day system call because there was none before.<br />
<br />
The second sub type is get/set system data. UNIX does this by....<br />
<br />
== Process Control Calls==<br />
<br />
== Communications Calls==<br />
<br />
== Miscellaneous System Calls ==<br />
<br />
= References =<br />
Here is the original manual --[[User:Lmundt|Lmundt]] 18:29, 7 October 2010 (UTC)<br />
http://cm.bell-labs.com/cm/cs/who/dmr/1stEdman.html<br />
<br />
Linux Programmer's Manual, Linux man-pages project.<br />
http://www.kernel.org/doc/man-pages/</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=COMP_3000_Essay_1_2010_Question_2&diff=3681COMP 3000 Essay 1 2010 Question 22010-10-14T07:06:19Z<p>Csulliva: /* Information Maintenance Calls */</p>
<hr />
<div>=Question=<br />
How do the available system calls in modern versions of the Linux Kernel (2.6.30+) compare with the system calls available in the earliest versions of UNIX? How has the system call interface been expanded, and why? Focus on major changes or extensions in functionality.<br />
<br />
=Answer=<br />
<br />
A system call is a mean by which programs in the user space can access kernel services. Systems calls vary from operating system to operating system, although the underlying concepts tends to be the same. In general, a process is not supposed to be able to access the kernel directly. It can't access kernel memory and it can't call kernel functions. When the CPU prevents a process from accessing the kernel, this prevention is commonly known as, the protected mode. On the other hand, system calls are an exception to this rule. For example, older x86 processors used an interrupt mechanism to go from user-space to kernel-space, but newer processor (PentiumII+) provided instructions that optimize this transition (using sysenter and sysexit instructions). All system calls are small programs built using the C programming language.<br />
<br />
The Unix and Linux systems calls are roughly grouped into 6 major categories: file management, device management, information maintenance, process control, communications and miscellaneous calls. The miscellaneous calls are all the ones that don’t really fit in the other categories, like system calls dealing with errors. Today, the Unix and Linux operating system contains hundreds of system calls but in general, they all came from the 35 system calls that came with one of the original UNIX OS in the early 70s. In the next paragraphs, we’re going to describe the various system calls in each of the categories mentioned above, their evolution through history (major changes in functionality) and a comparison with the earliest versions of UNIX.<br />
<br />
<br />
== File Management Calls==<br />
<br />
The system calls in this group deal with every type of operation that is required to run a file system in the operating system. Create file, delete file, opening a file and closing a file are just a few examples of them and most of them hardly changed throughout the years. <br />
<br />
<br />
''chmod'', ''chown'' and ''chdir'' has been available since the earliest UNIX and it is still used in today’s Linux kernels. The ''chmod'' and ''chown'' calls allows the users to change the file attributes and implements security to the file system. The system call ''chdir'' allows the process to change the current working directory. In the 4th distribution of UNIX from Berkeley (4BSD), new system calls were added to be able to give more control on the file system to the applications. The call ''chroot'' allows the process to change the current root directory with one specified in a path argument. ''fchmod'' and ''fchdir'' are the same as ''chmod'' and ''chdir'' except it takes file descriptors as arguments. As of Linux kernel 2.1.81, the ''chown'' system call follows symbolic link and introduce a new system call, ''lchown'', that does not follow symbolic links. As of Linux 2.6.16, ''fchownat'' and ''fchmodat'' was added. It operates the same way as ''chown'' and ''chmod'' but takes more arguments to deal with relative pathnames. <br />
<br />
<br />
Another four of the original UNIX system calls are ''open'', ''creat'', ''mkdir'' and ''close''. The ''open'' and ''creat'' calls allows processes to open and possibly create a file or device. Arguments flags are used to set either access modes, like O_RDONLY(read-only), to status flags, like O_APPEND(append mode). The only modifications made to the system calls were the addition of status flags where some of them are only linux-specific. The ''close'' call allows processes to close a file descriptor preventing it to be reused. No changes were made to it. ''mkdir'' allows the creation of a file directory. At that point, to delete a directory, users would need to make a series of ''link'' and ''unlink'' system calls. With Unix 4.2BSD, ''rmdir'' and solved the problem. The ''rename'' call was also added in 4.2BSD allowing processes to change the name or the location of a file.As of Linux 2.6.16, ''openat'', ''mkdirat'' and ''renameat'' was added. It for the same reasons as ''fchmodat'' and ''fchmownat''. <br />
<br />
<br />
There is also system calls used to find, access and modify files. They are ’‘read’’, ‘‘write’’, ‘‘seek’’ and ‘‘stat’’. These were all part of earliest UNIX built. The ‘‘read’’ and ‘‘write’’ system calls allows to read and write from a file (assigned to a file descriptor). The only change was in SVR4 where a write can be interrupted at anytime. The ‘‘seek’’ system calls is used to go to a specified position in a file. This calls used a 16 bit address. But this was replaced very quickly for ‘‘lseek’’ as early as SVR4. It allows the call to use 32 bit addresses. It is still used in modern Linux and Unix systems even if developers are trying to implement ‘‘lseek64’’, a system call that will use 64 bit addresses. The ‘‘stat’’ system calls allows processes to get the status of a file. With SVR4, 2 other version of that system call were created: ‘‘fstat’’ and ‘‘lstat’’. They both do the same thing except ‘‘lstat’’ give the status of symbolic links and ‘‘fstat’’ give the status of a file specified by a file descriptor. Different operating systems will output different values to represent the state of a file. Since kernel 2.5.48, the stat returned a nanoseconds field in the file’s timestamp. The ‘‘fstatat’’ system call was added to Linux kernel 2.6.16. This is again for the same reason as ‘‘openat’’. With the release of 4.4BSD, two new system calls called ‘‘statvfs’’ and ‘‘fstatvfs’’ were introduced to provide information about a mounted file system. They both do the same thing except fstatvfs takes file descriptors as an argument. These calls are only used in an UNIX environment. In Linux, it has ‘‘statfs’’ and ‘‘fstatfs’’ to support that same call.<br />
<br />
<br />
The last two original UNIX system calls in this category that are still used today are ''link'' and ''unlink''. ''link'' creates a hard link to an existing file and ''unlink'' deletes a file link’s name and possibly the file it refers to. If the name refers to a symbolic link, only the link is removed. No major changes were done to the ''unlink'' system calls but new system calls were create from ''link''. The ''symlink'' system call was added in 4.2BSD to allow the creation of symbolic links in the file system. Again in Linux 2.6.16, ''linkat'' and ''unlinkat'' were added for the same reasons as ''openat'', ''fchmadat'' and ''fchownat''.<br />
<br />
== Device Management Calls==<br />
<br />
The device management system calls are linked to hardware and they are mainly used to requests for devices, release devices, to logically attach a device or to detach it, get and modified device attributes and read and write to them. <br />
<br />
<br />
Two of the most important system calls for the UNIX and Linux operating system is ‘‘mount’’ and ‘‘umount’’. These were among the few system calls available in UNIX in the 70s. The two calls allowed the operating system to load file systems on storage devices. A few changes were done to the mount system calls most of them were the creation of new mount flags to enhance performance. For example, since Linux 2.5.19, the MS_DIRSYNC flag permits the directory changes on a file system synchronous. Another Linux improvement was to provide per-process mount namespaces. This was added on the 2.4.19 kernel. If a process was created using clone() with the CLONE_NEWNS flag, the process will have a new namespace initialized to be a copy of the namespace of the process that was cloned. The ‘‘umount’’ system call unmounted the file system from the storage device. The only noteworthy change to ‘‘umount’’ was the creation of ‘‘umount2’’ in Linux 2.1.116. It is the same as ‘‘umount’’ except it allows different flags to control the operation.<br />
<br />
<br />
The ‘‘open’’, ‘‘read’’ and ‘‘write’’ calls can also be used to access devices. As discussed in the previous section, arguments flags are used to better control the device. You would use them as if the devices were files using the appropriate flags.<br />
<br />
<br />
With the System V Unix revision 4(SVR4) came the system call ‘‘mmap’’. This system call is used to map or unmap files or devices into memory. Once a device is mapped, the system call returns a pointer to the mapped area allowing processes to access that device. This system call is still used in a Unix environment but since Linux 2.4, Linux replaced it by the mmap2 system call. It is basically the same as mmap except for a final argument specifying the offset into a file in 4096-byte units. This enables the mapping of large files.<br />
<br />
<br />
In version 7 of Unix, ‘‘ioctl’’ system call is used for device-specific operations that can’t be done using the standard system calls. This helps to deal with a multitude of devices. Each device drivers would provide a set of ioctl request code to allow various operations on their device. Each various request code are hardware dependent so there is no standard available for this system call.<br />
<br />
== Information Maintenance Calls==<br />
Information maintenance calls are system calls that return the computers personal information back to the user or change it completely. These type of calls can be split up into three groups get/set time or date, get/set system data and get/set process,file, or device attributes. To fully understand the difference between Linux and UNIX in regrades to system call one must explore the three sub type of information maintenance calls and see how they have changed over time.<br />
<br />
The First sub type is Get/set time or date, in Linux this is done by the system call 'gettimeofday' to get the date and the time and 'settimeofday' to set it. In the earliest versions UNIX the system call that was used to interacted with the date and time was 'stime' which only set it based on seconds. 'stime' is still being used by Linux but because there was no easy way in to change anything else like timezones and dates 'stime' was evolved into 'settimeofday' and they added a get time and day system call because there was none before.<br />
<br />
The second sub type is get/set system data. UNIX does this by....<br />
<br />
== Process Control Calls==<br />
<br />
== Communications Calls==<br />
<br />
== Miscellaneous System Calls ==<br />
<br />
= References =<br />
Here is the original manual --[[User:Lmundt|Lmundt]] 18:29, 7 October 2010 (UTC)<br />
http://cm.bell-labs.com/cm/cs/who/dmr/1stEdman.html<br />
<br />
Linux Programmer's Manual, Linux man-pages project.<br />
http://www.kernel.org/doc/man-pages/</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=COMP_3000_Essay_1_2010_Question_2&diff=3674COMP 3000 Essay 1 2010 Question 22010-10-14T06:36:15Z<p>Csulliva: /* Information Maintenance Calls */</p>
<hr />
<div>=Question=<br />
How do the available system calls in modern versions of the Linux Kernel (2.6.30+) compare with the system calls available in the earliest versions of UNIX? How has the system call interface been expanded, and why? Focus on major changes or extensions in functionality.<br />
<br />
=Answer=<br />
<br />
A system call is a mean by which programs in the user space can access kernel services. Systems calls vary from operating system to operating system, although the underlying concepts tends to be the same. In general, a process is not supposed to be able to access the kernel directly. It can't access kernel memory and it can't call kernel functions. When the CPU prevents a process from accessing the kernel, this prevention is commonly known as, the protected mode. On the other hand, system calls are an exception to this rule. For example, older x86 processors used an interrupt mechanism to go from user-space to kernel-space, but newer processor (PentiumII+) provided instructions that optimize this transition (using sysenter and sysexit instructions). All system calls are small programs built using the C programming language.<br />
<br />
The Unix and Linux systems calls are roughly grouped into 6 major categories: file management, device management, information maintenance, process control, communications and miscellaneous calls. The miscellaneous calls are all the ones that don’t really fit in the other categories, like system calls dealing with errors. Today, the Unix and Linux operating system contains hundreds of system calls but in general, they all came from the 35 system calls that came with one of the original UNIX OS in the early 70s. In the next paragraphs, we’re going to describe the various system calls in each of the categories mentioned above, their evolution through history (major changes in functionality) and a comparison with the earliest versions of UNIX.<br />
<br />
<br />
== File Management Calls==<br />
<br />
The system calls in this group deal with every type of operation that is required to run a file system in the operating system. Create file, delete file, opening a file and closing a file are just a few examples of them and most of them hardly changed throughout the years. <br />
<br />
<br />
''chmod'', ''chown'' and ''chdir'' has been available since the earliest UNIX and it is still used in today’s Linux kernels. The ''chmod'' and ''chown'' calls allows the users to change the file attributes and implements security to the file system. The system call ''chdir'' allows the process to change the current working directory. In the 4th distribution of UNIX from Berkeley (4BSD), new system calls were added to be able to give more control on the file system to the applications. The call ''chroot'' allows the process to change the current root directory with one specified in a path argument. ''fchmod'' and ''fchdir'' are the same as ''chmod'' and ''chdir'' except it takes file descriptors as arguments. As of Linux kernel 2.1.81, the ''chown'' system call follows symbolic link and introduce a new system call, ''lchown'', that does not follow symbolic links. As of Linux 2.6.16, ''fchownat'' and ''fchmodat'' was added. It operates the same way as ''chown'' and ''chmod'' but takes more arguments to deal with relative pathnames. <br />
<br />
<br />
Another four of the original UNIX system calls are ''open'', ''creat'', ''mkdir'' and ''close''. The ''open'' and ''creat'' calls allows processes to open and possibly create a file or device. Arguments flags are used to set either access modes, like O_RDONLY(read-only), to status flags, like O_APPEND(append mode). The only modifications made to the system calls were the addition of status flags where some of them are only linux-specific. The ''close'' call allows processes to close a file descriptor preventing it to be reused. No changes were made to it. ''mkdir'' allows the creation of a file directory. At that point, to delete a directory, users would need to make a series of ''link'' and ''unlink'' system calls. With Unix 4.2BSD, ''rmdir'' and solved the problem. The ''rename'' call was also added in 4.2BSD allowing processes to change the name or the location of a file.As of Linux 2.6.16, ''openat'', ''mkdirat'' and ''renameat'' was added. It for the same reasons as ''fchmodat'' and ''fchmownat''. <br />
<br />
<br />
There is also system calls used to find, access and modify files. They are ’‘read’’, ‘‘write’’, ‘‘seek’’ and ‘‘stat’’. These were all part of earliest UNIX built. The ‘‘read’’ and ‘‘write’’ system calls allows to read and write from a file (assigned to a file descriptor). The only change was in SVR4 where a write can be interrupted at anytime. The ‘‘seek’’ system calls is used to go to a specified position in a file. This calls used a 16 bit address. But this was replaced very quickly for ‘‘lseek’’ as early as SVR4. It allows the call to use 32 bit addresses. It is still used in modern Linux and Unix systems even if developers are trying to implement ‘‘lseek64’’, a system call that will use 64 bit addresses. The ‘‘stat’’ system calls allows processes to get the status of a file. With SVR4, 2 other version of that system call were created: ‘‘fstat’’ and ‘‘lstat’’. They both do the same thing except ‘‘lstat’’ give the status of symbolic links and ‘‘fstat’’ give the status of a file specified by a file descriptor. Different operating systems will output different values to represent the state of a file. Since kernel 2.5.48, the stat returned a nanoseconds field in the file’s timestamp. The ‘‘fstatat’’ system call was added to Linux kernel 2.6.16. This is again for the same reason as ‘‘openat’’. With the release of 4.4BSD, two new system calls called ‘‘statvfs’’ and ‘‘fstatvfs’’ were introduced to provide information about a mounted file system. They both do the same thing except fstatvfs takes file descriptors as an argument. These calls are only used in an UNIX environment. In Linux, it has ‘‘statfs’’ and ‘‘fstatfs’’ to support that same call.<br />
<br />
<br />
The last two original UNIX system calls in this category that are still used today are ''link'' and ''unlink''. ''link'' creates a hard link to an existing file and ''unlink'' deletes a file link’s name and possibly the file it refers to. If the name refers to a symbolic link, only the link is removed. No major changes were done to the ''unlink'' system calls but new system calls were create from ''link''. The ''symlink'' system call was added in 4.2BSD to allow the creation of symbolic links in the file system. Again in Linux 2.6.16, ''linkat'' and ''unlinkat'' were added for the same reasons as ''openat'', ''fchmadat'' and ''fchownat''.<br />
<br />
== Device Management Calls==<br />
<br />
The device management system calls are linked to hardware and they are mainly used to requests for devices, release devices, to logically attach a device or to detach it, get and modified device attributes and read and write to them. <br />
<br />
<br />
Two of the most important system calls for the UNIX and Linux operating system is ‘‘mount’’ and ‘‘umount’’. These were among the few system calls available in UNIX in the 70s. The two calls allowed the operating system to load file systems on storage devices. A few changes were done to the mount system calls most of them were the creation of new mount flags to enhance performance. For example, since Linux 2.5.19, the MS_DIRSYNC flag permits the directory changes on a file system synchronous. Another Linux improvement was to provide per-process mount namespaces. This was added on the 2.4.19 kernel. If a process was created using clone() with the CLONE_NEWNS flag, the process will have a new namespace initialized to be a copy of the namespace of the process that was cloned. The ‘‘umount’’ system call unmounted the file system from the storage device. The only noteworthy change to ‘‘umount’’ was the creation of ‘‘umount2’’ in Linux 2.1.116. It is the same as ‘‘umount’’ except it allows different flags to control the operation.<br />
<br />
<br />
The ‘‘open’’, ‘‘read’’ and ‘‘write’’ calls can also be used to access devices. As discussed in the previous section, arguments flags are used to better control the device. You would use them as if the devices were files using the appropriate flags.<br />
<br />
<br />
With the System V Unix revision 4(SVR4) came the system call ‘‘mmap’’. This system call is used to map or unmap files or devices into memory. Once a device is mapped, the system call returns a pointer to the mapped area allowing processes to access that device. This system call is still used in a Unix environment but since Linux 2.4, Linux replaced it by the mmap2 system call. It is basically the same as mmap except for a final argument specifying the offset into a file in 4096-byte units. This enables the mapping of large files.<br />
<br />
<br />
In version 7 of Unix, ‘‘ioctl’’ system call is used for device-specific operations that can’t be done using the standard system calls. This helps to deal with a multitude of devices. Each device drivers would provide a set of ioctl request code to allow various operations on their device. Each various request code are hardware dependent so there is no standard available for this system call.<br />
<br />
== Information Maintenance Calls==<br />
Information maintenance calls are system calls that return the computers personal information back to the user or change it completely. These type of calls can be split up into three groups get/set time or date, get/set system data and get/set process,file, or device attributes. To fully understand the difference between Linux and UNIX in regrades to system call one must explore the three sub type of information maintenance calls and see how they have changed over time.<br />
<br />
The First sub type is Get/set time or date, in Linux this is done by the system call 'gettimeofday' to get the date and the time and 'settimeofday' to set it. In UNIX the system call is done by 'stime'<br />
<br />
== Process Control Calls==<br />
<br />
== Communications Calls==<br />
<br />
== Miscellaneous System Calls ==<br />
<br />
= References =<br />
Here is the original manual --[[User:Lmundt|Lmundt]] 18:29, 7 October 2010 (UTC)<br />
http://cm.bell-labs.com/cm/cs/who/dmr/1stEdman.html<br />
<br />
Linux Programmer's Manual, Linux man-pages project.<br />
http://www.kernel.org/doc/man-pages/</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=COMP_3000_Essay_1_2010_Question_2&diff=3667COMP 3000 Essay 1 2010 Question 22010-10-14T06:04:24Z<p>Csulliva: /* Information Maintenance Calls */</p>
<hr />
<div>=Question=<br />
How do the available system calls in modern versions of the Linux Kernel (2.6.30+) compare with the system calls available in the earliest versions of UNIX? How has the system call interface been expanded, and why? Focus on major changes or extensions in functionality.<br />
<br />
=Answer=<br />
<br />
A system call is a mean by which programs in the user space can access kernel services. Systems calls vary from operating system to operating system, although the underlying concepts tends to be the same. In general, a process is not supposed to be able to access the kernel directly. It can't access kernel memory and it can't call kernel functions. When the CPU prevents a process from accessing the kernel, this prevention is commonly known as, the protected mode. On the other hand, system calls are an exception to this rule. For example, older x86 processors used an interrupt mechanism to go from user-space to kernel-space, but newer processor (PentiumII+) provided instructions that optimize this transition (using sysenter and sysexit instructions). All system calls are small programs built using the C programming language.<br />
<br />
The Unix and Linux systems calls are roughly grouped into 6 major categories: file management, device management, information maintenance, process control, communications and miscellaneous calls. The miscellaneous calls are all the ones that don’t really fit in the other categories, like system calls dealing with errors. Today, the Unix and Linux operating system contains hundreds of system calls but in general, they all came from the 35 system calls that came with one of the original UNIX OS in the early 70s. In the next paragraphs, we’re going to describe the various system calls in each of the categories mentioned above, their evolution through history (major changes in functionality) and a comparison with the earliest versions of UNIX.<br />
<br />
<br />
== File Management Calls==<br />
<br />
The system calls in this group deal with every type of operation that is required to run a file system in the operating system. Create file, delete file, opening a file and closing a file are just a few examples of them and most of them hardly changed throughout the years. <br />
<br />
<br />
''chmod'', ''chown'' and ''chdir'' has been available since the earliest UNIX and it is still used in today’s Linux kernels. The ''chmod'' and ''chown'' calls allows the users to change the file attributes and implements security to the file system. The system call ''chdir'' allows the process to change the current working directory. In the 4th distribution of UNIX from Berkeley (4BSD), new system calls were added to be able to give more control on the file system to the applications. The call ''chroot'' allows the process to change the current root directory with one specified in a path argument. ''fchmod'' and ''fchdir'' are the same as ''chmod'' and ''chdir'' except it takes file descriptors as arguments. As of Linux kernel 2.1.81, the ''chown'' system call follows symbolic link and introduce a new system call, ''lchown'', that does not follow symbolic links. As of Linux 2.6.16, ''fchownat'' and ''fchmodat'' was added. It operates the same way as ''chown'' and ''chmod'' but takes more arguments to deal with relative pathnames. <br />
<br />
<br />
Another four of the original UNIX system calls are ''open'', ''creat'', ''mkdir'' and ''close''. The ''open'' and ''creat'' calls allows processes to open and possibly create a file or device. Arguments flags are used to set either access modes, like O_RDONLY(read-only), to status flags, like O_APPEND(append mode). The only modifications made to the system calls were the addition of status flags where some of them are only linux-specific. The ''close'' call allows processes to close a file descriptor preventing it to be reused. No changes were made to it. ''mkdir'' allows the creation of a file directory. At that point, to delete a directory, users would need to make a series of ''link'' and ''unlink'' system calls. With Unix 4.2BSD, ''rmdir'' and solved the problem. The ''rename'' call was also added in 4.2BSD allowing processes to change the name or the location of a file.As of Linux 2.6.16, ''openat'', ''mkdirat'' and ''renameat'' was added. It for the same reasons as ''fchmodat'' and ''fchmownat''. <br />
<br />
<br />
There is also system calls used to find, access and modify files. They are ’‘read’’, ‘‘write’’, ‘‘seek’’ and ‘‘stat’’. These were all part of earliest UNIX built. The ‘‘read’’ and ‘‘write’’ system calls allows to read and write from a file (assigned to a file descriptor). The only change was in SVR4 where a write can be interrupted at anytime. The ‘‘seek’’ system calls is used to go to a specified position in a file. This calls used a 16 bit address. But this was replaced very quickly for ‘‘lseek’’ as early as SVR4. It allows the call to use 32 bit addresses. It is still used in modern Linux and Unix systems even if developers are trying to implement ‘‘lseek64’’, a system call that will use 64 bit addresses. The ‘‘stat’’ system calls allows processes to get the status of a file. With SVR4, 2 other version of that system call were created: ‘‘fstat’’ and ‘‘lstat’’. They both do the same thing except ‘‘lstat’’ give the status of symbolic links and ‘‘fstat’’ give the status of a file specified by a file descriptor. Different operating systems will output different values to represent the state of a file. Since kernel 2.5.48, the stat returned a nanoseconds field in the file’s timestamp. The ‘‘fstatat’’ system call was added to Linux kernel 2.6.16. This is again for the same reason as ‘‘openat’’. With the release of 4.4BSD, two new system calls called ‘‘statvfs’’ and ‘‘fstatvfs’’ were introduced to provide information about a mounted file system. They both do the same thing except fstatvfs takes file descriptors as an argument. These calls are only used in an UNIX environment. In Linux, it has ‘‘statfs’’ and ‘‘fstatfs’’ to support that same call.<br />
<br />
<br />
The last two original UNIX system calls in this category that are still used today are ''link'' and ''unlink''. ''link'' creates a hard link to an existing file and ''unlink'' deletes a file link’s name and possibly the file it refers to. If the name refers to a symbolic link, only the link is removed. No major changes were done to the ''unlink'' system calls but new system calls were create from ''link''. The ''symlink'' system call was added in 4.2BSD to allow the creation of symbolic links in the file system. Again in Linux 2.6.16, ''linkat'' and ''unlinkat'' were added for the same reasons as ''openat'', ''fchmadat'' and ''fchownat''.<br />
<br />
== Device Management Calls==<br />
<br />
The device management system calls are linked to hardware and they are mainly used to requests for devices, release devices, to logically attach a device or to detach it, get and modified device attributes and read and write to them. <br />
<br />
<br />
Two of the most important system calls for the UNIX and Linux operating system is ‘‘mount’’ and ‘‘umount’’. These were among the few system calls available in UNIX in the 70s. The two calls allowed the operating system to load file systems on storage devices. A few changes were done to the mount system calls most of them were the creation of new mount flags to enhance performance. For example, since Linux 2.5.19, the MS_DIRSYNC flag permits the directory changes on a file system synchronous. Another Linux improvement was to provide per-process mount namespaces. This was added on the 2.4.19 kernel. If a process was created using clone() with the CLONE_NEWNS flag, the process will have a new namespace initialized to be a copy of the namespace of the process that was cloned. The ‘‘umount’’ system call unmounted the file system from the storage device. The only noteworthy change to ‘‘umount’’ was the creation of ‘‘umount2’’ in Linux 2.1.116. It is the same as ‘‘umount’’ except it allows different flags to control the operation.<br />
<br />
<br />
The ‘‘open’’, ‘‘read’’ and ‘‘write’’ calls can also be used to access devices. As discussed in the previous section, arguments flags are used to better control the device. You would use them as if the devices were files using the appropriate flags.<br />
<br />
<br />
With the System V Unix revision 4(SVR4) came the system call ‘‘mmap’’. This system call is used to map or unmap files or devices into memory. Once a device is mapped, the system call returns a pointer to the mapped area allowing processes to access that device. This system call is still used in a Unix environment but since Linux 2.4, Linux replaced it by the mmap2 system call. It is basically the same as mmap except for a final argument specifying the offset into a file in 4096-byte units. This enables the mapping of large files.<br />
<br />
<br />
In version 7 of Unix, ‘‘ioctl’’ system call is used for device-specific operations that can’t be done using the standard system calls. This helps to deal with a multitude of devices. Each device drivers would provide a set of ioctl request code to allow various operations on their device. Each various request code are hardware dependent so there is no standard available for this system call.<br />
<br />
== Information Maintenance Calls==<br />
Information maintenance calls are system calls that return the computers personal information back to the user or change it completely. These type of calls can be split up into three groups get/set time or date, get/set system data and get/set process,file, or device attributes. To fully understand the difference between Linux and UNIX in regrades to system call one must explore the three sub type of information maintenance calls and see how they have changed over time.<br />
<br />
The First sub type is Get/set time or date, in Linux this is done by the system call....<br />
<br />
== Process Control Calls==<br />
<br />
== Communications Calls==<br />
<br />
== Miscellaneous System Calls ==<br />
<br />
= References =<br />
Here is the original manual --[[User:Lmundt|Lmundt]] 18:29, 7 October 2010 (UTC)<br />
http://cm.bell-labs.com/cm/cs/who/dmr/1stEdman.html<br />
<br />
Linux Programmer's Manual, Linux man-pages project.<br />
http://www.kernel.org/doc/man-pages/</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:COMP_3000_Essay_1_2010_Question_2&diff=3662Talk:COMP 3000 Essay 1 2010 Question 22010-10-14T05:51:10Z<p>Csulliva: </p>
<hr />
<div>Not in this group and I'm not completely sure if this is relevant but I found that UNIX used the POSIX standard while Linux used LSB which is based on the POSIX standard. <br />
This article outlines some conflicts between them [https://www.opengroup.org/platform/single_unix_specification/uploads/40/13450/POSIX_and_Linux_Application_Compatibility_Final_-_v1.0.pdf]. I didn't find the actual comparisons very comprehensible but the ideas are there. --[[User:Slay|Slay]] 15:05, 7 October 2010 (UTC)<br />
<br />
<br />
Uh, where did Figure 1 and much of the current text come from? It looks like it was cut and pasted from random source. Please don't plagarize! --[[User:Soma|Anil]] (19:24, 8 October 2010 (UTC))<br />
<br />
Look into the reference article "Kernel command using Linux system calls". Plagiarism is not my goal. I'm using my own words to make a simple but complete description of a system call using the interrupt method. Check the references and If you think it is too close, please let me know. It is hard when an author makes such a good and clear description.--[[User:Sblais2|Sblais2]] 21:02, 8 October 2010 (UTC)<br />
<br />
I thought it would be nice to first describe what is a system calls and the two current methods of doing them. The first is the interrupt method. The second which is used in Linux 2.6.18+ is using the sysenter and sysexit instructions.--[[User:Sblais2|Sblais2]] 19:56, 8 October 2010 (UTC)<br />
<br />
You can't use that figure. And you can't copy the text either, even if you change the words slightly. But really, you're just wasting your time. This question is not talking about how system calls are invoked; if you wanted to discuss this, you should be discussing system call invocation mechanisms on the PDP-11 and VAX systems! Here I'm interested in what are the calls, i.e., kernel functions that can be invoked by a regular program.--[[User:Soma|Anil]]<br />
<br />
This link provides about 40 UNIX system calls along with example on where they would be used from the looks of it: [http://www.di.uevora.pt/~lmr/syscalls.html]. --[[User:Apharan2|Apharan2]]<br />
<br />
Thank you for clarifying things. I will go that route. --[[User:Sblais2|Sblais2]] 13:08, 12 October 2010 (UTC)<br />
<br />
I don't see everyone contributing to this group. Please do let the others in your group know, divide your work into sections and discuss here. If you have questions - ask.--[[User:praman|Preeti]]<br />
<br />
<br />
This link shows all the system calls from Linux 2.6.33 [http://www.kernel.org/doc/man-pages/online/pages/man2/syscalls.2.html]<br />
--[[User:Sblais2|Sblais2]] 23:36, 12 October 2010 (UTC)<br />
<br />
As no one in our group made suggestion on the format of our essay, I've put one in place. In your research, each system calls should fit in one of the category. If someone picks one up. Please let me know ASAP. I will be working on that all day. Read the intro's last paragraph if your not sure what you should write on. My english writing skills are not perfect so if one of you guys see ways to improved the text, please do. --[[User:Sblais2|Sblais2]] 14:29, 13 October 2010 (UTC)<br />
<br />
Well I feel like I'm the only one in that team but...Anyway I've completed the first 2 sections. Please try working on the next 4. If you want to modify something, please post a small gist of it in here so we can all validate. Thanks. --[[User:Sblais2|Sblais2]] 20:10, 13 October 2010 (UTC)<br />
<br />
I am wondering if we have actually split up the work accordingly i am going to a temped to answer Information Maintenance if anyone has dibs please let me know - Csulliva<br />
I am finding this site that I find very helpfull to understand system called for linux an UNIX <br />
http://ss64.com/bash/<br />
-Csulliva<br />
<br />
<br />
I'll do process control calls. and help out on the last part that is not written up yet.I'll read the other parts as well just to get an understanding. [[User:Apharan2|Apharan2]]<br />
<br />
Csullliva, be careful not to confuse system calls and shell commands. Some of them have actually the same name, like ''mkdir''. But shell commands is on the user-level. Some of them will actually do system calls to complete the operation.<br />
It's good to finally hear from you guys.--[[User:Sblais2|Sblais2]] 01:39, 14 October 2010 (UTC)<br />
<br />
I'll work on the communication calls and the miscellaneous system calls. Not sure if you guys wanted to add more to this, but I can help out with writing a conclusion as well. I'm somewhat good at writing, so if i see any little things that I could touch up on, i'll help out with that.-R.arteaga<br />
<br />
after my confusion with bash and system calls i had some trouble find a system calls for linux that would effect time here a web site I found that helped me out with description regarding the calls http://www.digilife.be/quickreferences/QRC/LINUX%20System%20Call%20Quick%20Reference.pdf<br />
hopefully i am on the write track now....some one stop me if i am not -Csulliva</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=COMP_3000_Essay_1_2010_Question_2&diff=3393COMP 3000 Essay 1 2010 Question 22010-10-13T22:39:13Z<p>Csulliva: /* Information Maintenance Calls */</p>
<hr />
<div>=Question=<br />
How do the available system calls in modern versions of the Linux Kernel (2.6.30+) compare with the system calls available in the earliest versions of UNIX? How has the system call interface been expanded, and why? Focus on major changes or extensions in functionality.<br />
<br />
=Answer=<br />
<br />
A system call is a mean by which programs in the user space can access kernel services. Systems calls vary from operating system to operating system, although the underlying concepts tends to be the same. In general, a process is not supposed to be able to access the kernel directly. It can'y access kernel memory and it can't call kernel functions. The CPU prevents this (called "protected mode"). System calls are an exception to this rule. For example, older x86 processors used an interrupt mechanism to go from user-space to kernel-space, but newer processor (PentiumII+) provided instructions that optimize this transition (using sysenter and sysexit instructions). All system calls are small programs built using the C programming language.<br />
<br />
The Unix and Linux systems calls are roughly grouped into 6 categories: file management, device management, information maintenance, process control, communications and miscellaneous calls. The miscellaneous calls are all the ones that don’t really fit in the other categories, like system calls dealing with errors. Today, the Unix and Linux operating system contains hundreds of system calls but in general, they all came from the 35 system calls that came with one of the original UNIX OS in the early 70s. In the next paragraphs, we’re going to described the various system calls in each of the categories mentioned above, their evolution through history (major changes in functionality) and a comparison with the earliest versions of UNIX.<br />
<br />
<br />
== File Management Calls==<br />
<br />
The systems calls in this group deals with every type of operations that is required to run a file system in the operating system. Create file, delete file, opening a file and closing a file are just a few examples of them and most of them hardly changed throughout the years. <br />
<br />
<br />
''chmod'', ''chown'' and ''chdir'' has been available since the earliest UNIX and it is still used in today’s Linux kernels. The ''chmod'' and ''chown'' calls allows the users to change the file attributes and implements security to the file system. The system call ''chdir'' allows the process to change the current working directory. In the 4th distribution of UNIX from Berkeley (4BSD), new system calls where added to be able to give more control on the file system to the applications. The call ''chroot'' allows the process to change the current root directory with one specified in a path argument. ''fchmod'' and ''fchdir'' are the same as ''chmod'' and ''chdir'' except it takes file descriptors as arguments. As of Linux kernel 2.1.81, the ''chown'' system call follows symbolic link and introduce a new system call, ''lchown'', that does not follow symbolic links. As of Linux 2.6.16, ''fchownat'' and ''fchmodat'' was added. It operates the same way as ''chown'' and ''chmod'' but takes more arguments to deal with relative pathnames. <br />
<br />
<br />
Another four of the original UNIX system calls are ''open'', ''creat'', ''mkdir'' and ''close''. The ''open'' and ''creat'' calls allows processes to open and possibly create a file or device. Arguments flags are used to set either access modes, like O_RDONLY(read-only), to status flags, like O_APPEND(append mode). The only modifications made to the system calls were the addition of status flags where some of them are only linux-specific. The ''close'' call allows processes to close a file descriptor preventing it to be reused. No changes were made to it. ''mkdir'' allows the creation of a file directory. At that point, to delete a directory, users would need to make a series of ''link'' and ''unlink'' system calls. With Unix 4.2BSD, ''rmdir'' and solved the problem. The ''rename'' call was also added in 4.2BSD allowing processes to change the name or the location of a file.As of Linux 2.6.16, ''openat'', ''mkdirat'' and ''renameat'' was added. It for the same reasons as ''fchmodat'' and ''fchmownat''. <br />
<br />
<br />
There is also system calls used to find, access and modify files. They are ’‘read’’, ‘‘write’’, ‘‘seek’’ and ‘‘stat’’. These were all part of earliest UNIX built. The ‘‘read’’ and ‘‘write’’ system calls allows to read and write from a file (assigned to a file descriptor). The only change was in SVR4 where a write can be interrupted at anytime. The ‘‘seek’’ system calls is used to go to a specified position in a file. This calls used a 16 bit address. But this was replaced very quickly for ‘‘lseek’’ as early as SVR4. It allows the call to use 32 bit addresses. It is still used in modern Linux and Unix systems even if developers are trying to implement ‘‘lseek64’’, a system call that will use 64 bit addresses. The ‘‘stat’’ system calls allows processes to get the status of a file. With SVR4, 2 other version of that system call were created: ‘‘fstat’’ and ‘‘lstat’’. They both do the same thing except ‘‘lstat’’ give the status of symbolic links and ‘‘fstat’’ give the status of a file specified by a file descriptor. Different operating systems will output different values to represent the state of a file. Since kernel 2.5.48, the stat returned a nanoseconds field in the file’s timestamp. The ‘‘fstatat’’ system call was added to Linux kernel 2.6.16. This is again for the same reason as ‘‘openat’’. With the release of 4.4BSD, two new system calls called ‘‘statvfs’’ and ‘‘fstatvfs’’ were introduced to provide information about a mounted file system. They both do the same thing except fstatvfs takes file descriptors as an argument. These calls are only used in an UNIX environment. In Linux, it has ‘‘statfs’’ and ‘‘fstatfs’’ to support that same call.<br />
<br />
<br />
The last two original UNIX system calls in this category that are still used today are ''link'' and ''unlink''. ''link'' creates a hard link to an existing file and ''unlink'' deletes a file link’s name and possibly the file it refers to. If the name refers to a symbolic link, only the link is removed. No major changes were done to the ''unlink'' system calls but new system calls were create from ''link''. The ''symlink'' system call was added in 4.2BSD to allow the creation of symbolic links in the file system. Again in Linux 2.6.16, ''linkat'' and ''unlinkat'' were added for the same reasons as ''openat'', ''fchmadat'' and ''fchownat''.<br />
<br />
== Device Management Calls==<br />
<br />
The device management system calls are linked to hardware and they are mainly used to requests for devices, release devices, to logically attach a device or to detach it, get and modified device attributes and read and write to them. <br />
<br />
<br />
Two of the most important system calls for the UNIX and Linux operating system is ‘‘mount’’ and ‘‘umount’’. These were among the few system calls available in UNIX in the 70s. The two calls allowed the operating system to load file systems on storage devices. A few changes were done to the mount system calls most of them were the creation of new mount flags to enhance performance. For example, since Linux 2.5.19, the MS_DIRSYNC flag permits the directory changes on a file system synchronous. Another Linux improvement was to provide per-process mount namespaces. This was added on the 2.4.19 kernel. If a process was created using clone() with the CLONE_NEWNS flag, the process will have a new namespace initialized to be a copy of the namespace of the process that was cloned. The ‘‘umount’’ system call unmounted the file system from the storage device. The only noteworthy change to ‘‘umount’’ was the creation of ‘‘umount2’’ in Linux 2.1.116. It is the same as ‘‘umount’’ except it allows different flags to control the operation.<br />
<br />
<br />
The ‘‘open’’, ‘‘read’’ and ‘‘write’’ calls can also be used to access devices. As discussed in the previous section, arguments flags are used to better control the device. You would use them as if the devices were files using the appropriate flags.<br />
<br />
<br />
With the System V Unix revision 4(SVR4) came the system call ‘‘mmap’’. This system call is used to map or unmap files or devices into memory. Once a device is mapped, the system call returns a pointer to the mapped area allowing processes to access that device. This system call is still used in a Unix environment but since Linux 2.4, Linux replaced it by the mmap2 system call. It is basically the same as mmap except for a final argument specifying the offset into a file in 4096-byte units. This enables the mapping of large files.<br />
<br />
<br />
In version 7 of Unix, ‘‘ioctl’’ system call is used for device-specific operations that can’t be done using the standard system calls. This helps to deal with a multitude of devices. Each device drivers would provide a set of ioctl request code to allow various operations on their device. Each various request code are hardware dependent so there is no standard available for this system call.<br />
<br />
== Information Maintenance Calls==<br />
Information Maintenace calls are system calles that return the computers personal information back to the user or change it completely. These type of calls can be split up into three groups get/set time or date, get/set system data and get/set process,file, or device attributes.<br />
<br />
== Process Control Calls==<br />
<br />
== Communications Calls==<br />
<br />
== Miscellaneous System Calls ==<br />
<br />
= References =<br />
Here is the original manual --[[User:Lmundt|Lmundt]] 18:29, 7 October 2010 (UTC)<br />
http://cm.bell-labs.com/cm/cs/who/dmr/1stEdman.html<br />
<br />
Linux Programmer's Manual, Linux man-pages project.<br />
http://www.kernel.org/doc/man-pages/</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=COMP_3000_Essay_1_2010_Question_2&diff=3391COMP 3000 Essay 1 2010 Question 22010-10-13T22:37:58Z<p>Csulliva: /* Information Maintenance Calls */</p>
<hr />
<div>=Question=<br />
How do the available system calls in modern versions of the Linux Kernel (2.6.30+) compare with the system calls available in the earliest versions of UNIX? How has the system call interface been expanded, and why? Focus on major changes or extensions in functionality.<br />
<br />
=Answer=<br />
<br />
A system call is a mean by which programs in the user space can access kernel services. Systems calls vary from operating system to operating system, although the underlying concepts tends to be the same. In general, a process is not supposed to be able to access the kernel directly. It can'y access kernel memory and it can't call kernel functions. The CPU prevents this (called "protected mode"). System calls are an exception to this rule. For example, older x86 processors used an interrupt mechanism to go from user-space to kernel-space, but newer processor (PentiumII+) provided instructions that optimize this transition (using sysenter and sysexit instructions). All system calls are small programs built using the C programming language.<br />
<br />
The Unix and Linux systems calls are roughly grouped into 6 categories: file management, device management, information maintenance, process control, communications and miscellaneous calls. The miscellaneous calls are all the ones that don’t really fit in the other categories, like system calls dealing with errors. Today, the Unix and Linux operating system contains hundreds of system calls but in general, they all came from the 35 system calls that came with one of the original UNIX OS in the early 70s. In the next paragraphs, we’re going to described the various system calls in each of the categories mentioned above, their evolution through history (major changes in functionality) and a comparison with the earliest versions of UNIX.<br />
<br />
<br />
== File Management Calls==<br />
<br />
The systems calls in this group deals with every type of operations that is required to run a file system in the operating system. Create file, delete file, opening a file and closing a file are just a few examples of them and most of them hardly changed throughout the years. <br />
<br />
<br />
''chmod'', ''chown'' and ''chdir'' has been available since the earliest UNIX and it is still used in today’s Linux kernels. The ''chmod'' and ''chown'' calls allows the users to change the file attributes and implements security to the file system. The system call ''chdir'' allows the process to change the current working directory. In the 4th distribution of UNIX from Berkeley (4BSD), new system calls where added to be able to give more control on the file system to the applications. The call ''chroot'' allows the process to change the current root directory with one specified in a path argument. ''fchmod'' and ''fchdir'' are the same as ''chmod'' and ''chdir'' except it takes file descriptors as arguments. As of Linux kernel 2.1.81, the ''chown'' system call follows symbolic link and introduce a new system call, ''lchown'', that does not follow symbolic links. As of Linux 2.6.16, ''fchownat'' and ''fchmodat'' was added. It operates the same way as ''chown'' and ''chmod'' but takes more arguments to deal with relative pathnames. <br />
<br />
<br />
Another four of the original UNIX system calls are ''open'', ''creat'', ''mkdir'' and ''close''. The ''open'' and ''creat'' calls allows processes to open and possibly create a file or device. Arguments flags are used to set either access modes, like O_RDONLY(read-only), to status flags, like O_APPEND(append mode). The only modifications made to the system calls were the addition of status flags where some of them are only linux-specific. The ''close'' call allows processes to close a file descriptor preventing it to be reused. No changes were made to it. ''mkdir'' allows the creation of a file directory. At that point, to delete a directory, users would need to make a series of ''link'' and ''unlink'' system calls. With Unix 4.2BSD, ''rmdir'' and solved the problem. The ''rename'' call was also added in 4.2BSD allowing processes to change the name or the location of a file.As of Linux 2.6.16, ''openat'', ''mkdirat'' and ''renameat'' was added. It for the same reasons as ''fchmodat'' and ''fchmownat''. <br />
<br />
<br />
There is also system calls used to find, access and modify files. They are ’‘read’’, ‘‘write’’, ‘‘seek’’ and ‘‘stat’’. These were all part of earliest UNIX built. The ‘‘read’’ and ‘‘write’’ system calls allows to read and write from a file (assigned to a file descriptor). The only change was in SVR4 where a write can be interrupted at anytime. The ‘‘seek’’ system calls is used to go to a specified position in a file. This calls used a 16 bit address. But this was replaced very quickly for ‘‘lseek’’ as early as SVR4. It allows the call to use 32 bit addresses. It is still used in modern Linux and Unix systems even if developers are trying to implement ‘‘lseek64’’, a system call that will use 64 bit addresses. The ‘‘stat’’ system calls allows processes to get the status of a file. With SVR4, 2 other version of that system call were created: ‘‘fstat’’ and ‘‘lstat’’. They both do the same thing except ‘‘lstat’’ give the status of symbolic links and ‘‘fstat’’ give the status of a file specified by a file descriptor. Different operating systems will output different values to represent the state of a file. Since kernel 2.5.48, the stat returned a nanoseconds field in the file’s timestamp. The ‘‘fstatat’’ system call was added to Linux kernel 2.6.16. This is again for the same reason as ‘‘openat’’. With the release of 4.4BSD, two new system calls called ‘‘statvfs’’ and ‘‘fstatvfs’’ were introduced to provide information about a mounted file system. They both do the same thing except fstatvfs takes file descriptors as an argument. These calls are only used in an UNIX environment. In Linux, it has ‘‘statfs’’ and ‘‘fstatfs’’ to support that same call.<br />
<br />
<br />
The last two original UNIX system calls in this category that are still used today are ''link'' and ''unlink''. ''link'' creates a hard link to an existing file and ''unlink'' deletes a file link’s name and possibly the file it refers to. If the name refers to a symbolic link, only the link is removed. No major changes were done to the ''unlink'' system calls but new system calls were create from ''link''. The ''symlink'' system call was added in 4.2BSD to allow the creation of symbolic links in the file system. Again in Linux 2.6.16, ''linkat'' and ''unlinkat'' were added for the same reasons as ''openat'', ''fchmadat'' and ''fchownat''.<br />
<br />
== Device Management Calls==<br />
<br />
The device management system calls are linked to hardware and they are mainly used to requests for devices, release devices, to logically attach a device or to detach it, get and modified device attributes and read and write to them. <br />
<br />
<br />
Two of the most important system calls for the UNIX and Linux operating system is ‘‘mount’’ and ‘‘umount’’. These were among the few system calls available in UNIX in the 70s. The two calls allowed the operating system to load file systems on storage devices. A few changes were done to the mount system calls most of them were the creation of new mount flags to enhance performance. For example, since Linux 2.5.19, the MS_DIRSYNC flag permits the directory changes on a file system synchronous. Another Linux improvement was to provide per-process mount namespaces. This was added on the 2.4.19 kernel. If a process was created using clone() with the CLONE_NEWNS flag, the process will have a new namespace initialized to be a copy of the namespace of the process that was cloned. The ‘‘umount’’ system call unmounted the file system from the storage device. The only noteworthy change to ‘‘umount’’ was the creation of ‘‘umount2’’ in Linux 2.1.116. It is the same as ‘‘umount’’ except it allows different flags to control the operation.<br />
<br />
<br />
The ‘‘open’’, ‘‘read’’ and ‘‘write’’ calls can also be used to access devices. As discussed in the previous section, arguments flags are used to better control the device. You would use them as if the devices were files using the appropriate flags.<br />
<br />
<br />
With the System V Unix revision 4(SVR4) came the system call ‘‘mmap’’. This system call is used to map or unmap files or devices into memory. Once a device is mapped, the system call returns a pointer to the mapped area allowing processes to access that device. This system call is still used in a Unix environment but since Linux 2.4, Linux replaced it by the mmap2 system call. It is basically the same as mmap except for a final argument specifying the offset into a file in 4096-byte units. This enables the mapping of large files.<br />
<br />
<br />
In version 7 of Unix, ‘‘ioctl’’ system call is used for device-specific operations that can’t be done using the standard system calls. This helps to deal with a multitude of devices. Each device drivers would provide a set of ioctl request code to allow various operations on their device. Each various request code are hardware dependent so there is no standard available for this system call.<br />
<br />
== Information Maintenance Calls==<br />
Information Maintenace calls are system calles that return the computers personal information back to the user or change it completely. This type of calls can be split up into three groups get/set time or date, get/set system data and get/set process,file, or device attributes.<br />
<br />
== Process Control Calls==<br />
<br />
== Communications Calls==<br />
<br />
== Miscellaneous System Calls ==<br />
<br />
= References =<br />
Here is the original manual --[[User:Lmundt|Lmundt]] 18:29, 7 October 2010 (UTC)<br />
http://cm.bell-labs.com/cm/cs/who/dmr/1stEdman.html<br />
<br />
Linux Programmer's Manual, Linux man-pages project.<br />
http://www.kernel.org/doc/man-pages/</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:COMP_3000_Essay_1_2010_Question_2&diff=3388Talk:COMP 3000 Essay 1 2010 Question 22010-10-13T22:33:54Z<p>Csulliva: </p>
<hr />
<div>Not in this group and I'm not completely sure if this is relevant but I found that UNIX used the POSIX standard while Linux used LSB which is based on the POSIX standard. <br />
This article outlines some conflicts between them [https://www.opengroup.org/platform/single_unix_specification/uploads/40/13450/POSIX_and_Linux_Application_Compatibility_Final_-_v1.0.pdf]. I didn't find the actual comparisons very comprehensible but the ideas are there. --[[User:Slay|Slay]] 15:05, 7 October 2010 (UTC)<br />
<br />
<br />
Uh, where did Figure 1 and much of the current text come from? It looks like it was cut and pasted from random source. Please don't plagarize! --[[User:Soma|Anil]] (19:24, 8 October 2010 (UTC))<br />
<br />
Look into the reference article "Kernel command using Linux system calls". Plagiarism is not my goal. I'm using my own words to make a simple but complete description of a system call using the interrupt method. Check the references and If you think it is too close, please let me know. It is hard when an author makes such a good and clear description.--[[User:Sblais2|Sblais2]] 21:02, 8 October 2010 (UTC)<br />
<br />
I thought it would be nice to first describe what is a system calls and the two current methods of doing them. The first is the interrupt method. The second which is used in Linux 2.6.18+ is using the sysenter and sysexit instructions.--[[User:Sblais2|Sblais2]] 19:56, 8 October 2010 (UTC)<br />
<br />
You can't use that figure. And you can't copy the text either, even if you change the words slightly. But really, you're just wasting your time. This question is not talking about how system calls are invoked; if you wanted to discuss this, you should be discussing system call invocation mechanisms on the PDP-11 and VAX systems! Here I'm interested in what are the calls, i.e., kernel functions that can be invoked by a regular program.--[[User:Soma|Anil]]<br />
<br />
This link provides about 40 UNIX system calls along with example on where they would be used from the looks of it: [http://www.di.uevora.pt/~lmr/syscalls.html]. --[[User:Apharan2|Apharan2]]<br />
<br />
Thank you for clarifying things. I will go that route. --[[User:Sblais2|Sblais2]] 13:08, 12 October 2010 (UTC)<br />
<br />
I don't see everyone contributing to this group. Please do let the others in your group know, divide your work into sections and discuss here. If you have questions - ask.--[[User:praman|Preeti]]<br />
<br />
This link shows all the system calls from Linux 2.6.33 [http://www.kernel.org/doc/man-pages/online/pages/man2/syscalls.2.html]<br />
--[[User:Sblais2|Sblais2]] 23:36, 12 October 2010 (UTC)<br />
<br />
As no one in our group made suggestion on the format of our essay, I've put one in place. In your research, each system calls should fit in one of the category. If someone picks one up. Please let me know ASAP. I will be working on that all day. Read the intro's last paragraph if your not sure what you should write on. My english writing skills are not perfect so if one of you guys see ways to improved the text, please do. --[[User:Sblais2|Sblais2]] 14:29, 13 October 2010 (UTC)<br />
<br />
Well I feel like I'm the only one in that team but...Anyway I've completed the first 2 sections. Please try working on the next 4. If you want to modify something, please post a small gist of it in here so we can all validate. Thanks. --[[User:Sblais2|Sblais2]] 20:10, 13 October 2010 (UTC)<br />
<br />
I am wondering if we have actually split up the work accordingly i am going to a temped to answer Information Maintenance if anyone has dibs please let me know - Csulliva<br />
I am finding this site that I find very helpfull to understand system called for linux an UNIX <br />
http://ss64.com/bash/<br />
-Csulliva</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:COMP_3000_Essay_1_2010_Question_2&diff=3344Talk:COMP 3000 Essay 1 2010 Question 22010-10-13T20:59:49Z<p>Csulliva: </p>
<hr />
<div>Not in this group and I'm not completely sure if this is relevant but I found that UNIX used the POSIX standard while Linux used LSB which is based on the POSIX standard. <br />
This article outlines some conflicts between them [https://www.opengroup.org/platform/single_unix_specification/uploads/40/13450/POSIX_and_Linux_Application_Compatibility_Final_-_v1.0.pdf]. I didn't find the actual comparisons very comprehensible but the ideas are there. --[[User:Slay|Slay]] 15:05, 7 October 2010 (UTC)<br />
<br />
<br />
Uh, where did Figure 1 and much of the current text come from? It looks like it was cut and pasted from random source. Please don't plagarize! --[[User:Soma|Anil]] (19:24, 8 October 2010 (UTC))<br />
<br />
Look into the reference article "Kernel command using Linux system calls". Plagiarism is not my goal. I'm using my own words to make a simple but complete description of a system call using the interrupt method. Check the references and If you think it is too close, please let me know. It is hard when an author makes such a good and clear description.--[[User:Sblais2|Sblais2]] 21:02, 8 October 2010 (UTC)<br />
<br />
I thought it would be nice to first describe what is a system calls and the two current methods of doing them. The first is the interrupt method. The second which is used in Linux 2.6.18+ is using the sysenter and sysexit instructions.--[[User:Sblais2|Sblais2]] 19:56, 8 October 2010 (UTC)<br />
<br />
You can't use that figure. And you can't copy the text either, even if you change the words slightly. But really, you're just wasting your time. This question is not talking about how system calls are invoked; if you wanted to discuss this, you should be discussing system call invocation mechanisms on the PDP-11 and VAX systems! Here I'm interested in what are the calls, i.e., kernel functions that can be invoked by a regular program.--[[User:Soma|Anil]]<br />
<br />
This link provides about 40 UNIX system calls along with example on where they would be used from the looks of it: [http://www.di.uevora.pt/~lmr/syscalls.html]. --[[User:Apharan2|Apharan2]]<br />
<br />
Thank you for clarifying things. I will go that route. --[[User:Sblais2|Sblais2]] 13:08, 12 October 2010 (UTC)<br />
<br />
I don't see everyone contributing to this group. Please do let the others in your group know, divide your work into sections and discuss here. If you have questions - ask.--[[User:praman|Preeti]]<br />
<br />
This link shows all the system calls from Linux 2.6.33 [http://www.kernel.org/doc/man-pages/online/pages/man2/syscalls.2.html]<br />
--[[User:Sblais2|Sblais2]] 23:36, 12 October 2010 (UTC)<br />
<br />
As no one in our group made suggestion on the format of our essay, I've put one in place. In your research, each system calls should fit in one of the category. If someone picks one up. Please let me know ASAP. I will be working on that all day. Read the intro's last paragraph if your not sure what you should write on. My english writing skills are not perfect so if one of you guys see ways to improved the text, please do. --[[User:Sblais2|Sblais2]] 14:29, 13 October 2010 (UTC)<br />
<br />
Well I feel like I'm the only one in that team but...Anyway I've completed the first 2 sections. Please try working on the next 4. If you want to modify something, please post a small gist of it in here so we can all validate. Thanks. --[[User:Sblais2|Sblais2]] 20:10, 13 October 2010 (UTC)<br />
<br />
I am wondering if we have actually split up the work accordingly i am going to a temped to answer Information Maintenance if anyone has dibs please let me know - Csulliva</div>Csullivahttps://homeostasis.scs.carleton.ca/wiki/index.php?title=COMP_3000_Essay_1_2010_Question_2&diff=3342COMP 3000 Essay 1 2010 Question 22010-10-13T20:57:37Z<p>Csulliva: /* Information Maintenance Calls */</p>
<hr />
<div>=Question=<br />
How do the available system calls in modern versions of the Linux Kernel (2.6.30+) compare with the system calls available in the earliest versions of UNIX? How has the system call interface been expanded, and why? Focus on major changes or extensions in functionality.<br />
<br />
=Answer=<br />
<br />
A system call is a mean by which programs in the user space can access kernel services. Systems calls vary from operating system to operating system, although the underlying concepts tends to be the same. In general, a process is not supposed to be able to access the kernel directly. It can'y access kernel memory and it can't call kernel functions. The CPU prevents this (called "protected mode"). System calls are an exception to this rule. For example, older x86 processors used an interrupt mechanism to go from user-space to kernel-space, but newer processor (PentiumII+) provided instructions that optimize this transition (using sysenter and sysexit instructions). All system calls are small programs built using the C programming language.<br />
<br />
The Unix and Linux systems calls are roughly grouped into 6 categories: file management, device management, information maintenance, process control, communications and miscellaneous calls. The miscellaneous calls are all the ones that don’t really fit in the other categories, like system calls dealing with errors. Today, the Unix and Linux operating system contains hundreds of system calls but in general, they all came from the 35 system calls that came with one of the original UNIX OS in the early 70s. In the next paragraphs, we’re going to described the various system calls in each of the categories mentioned above, their evolution through history (major changes in functionality) and a comparison with the earliest versions of UNIX.<br />
<br />
<br />
== File Management Calls==<br />
<br />
The systems calls in this group deals with every type of operations that is required to run a file system in the operating system. Create file, delete file, opening a file and closing a file are just a few examples of them and most of them hardly changed throughout the years. <br />
<br />
<br />
''chmod'', ''chown'' and ''chdir'' has been available since the earliest UNIX and it is still used in today’s Linux kernels. The ''chmod'' and ''chown'' calls allows the users to change the file attributes and implements security to the file system. The system call ''chdir'' allows the process to change the current working directory. In the 4th distribution of UNIX from Berkeley (4BSD), new system calls where added to be able to give more control on the file system to the applications. The call ''chroot'' allows the process to change the current root directory with one specified in a path argument. ''fchmod'' and ''fchdir'' are the same as ''chmod'' and ''chdir'' except it takes file descriptors as arguments. As of Linux kernel 2.1.81, the ''chown'' system call follows symbolic link and introduce a new system call, ''lchown'', that does not follow symbolic links. As of Linux 2.6.16, ''fchownat'' and ''fchmodat'' was added. It operates the same way as ''chown'' and ''chmod'' but takes more arguments to deal with relative pathnames. <br />
<br />
<br />
Another four of the original UNIX system calls are ''open'', ''creat'', ''mkdir'' and ''close''. The ''open'' and ''creat'' calls allows processes to open and possibly create a file or device. Arguments flags are used to set either access modes, like O_RDONLY(read-only), to status flags, like O_APPEND(append mode). The only modifications made to the system calls were the addition of status flags where some of them are only linux-specific. The ''close'' call allows processes to close a file descriptor preventing it to be reused. No changes were made to it. ''mkdir'' allows the creation of a file directory. At that point, to delete a directory, users would need to make a series of ''link'' and ''unlink'' system calls. With Unix 4.2BSD, ''rmdir'' and solved the problem. The ''rename'' call was also added in 4.2BSD allowing processes to change the name or the location of a file.As of Linux 2.6.16, ''openat'', ''mkdirat'' and ''renameat'' was added. It for the same reasons as ''fchmodat'' and ''fchmownat''. <br />
<br />
<br />
There is also system calls used to find, access and modify files. They are ’‘read’’, ‘‘write’’, ‘‘seek’’ and ‘‘stat’’. These were all part of earliest UNIX built. The ‘‘read’’ and ‘‘write’’ system calls allows to read and write from a file (assigned to a file descriptor). The only change was in SVR4 where a write can be interrupted at anytime. The ‘‘seek’’ system calls is used to go to a specified position in a file. This calls used a 16 bit address. But this was replaced very quickly for ‘‘lseek’’ as early as SVR4. It allows the call to use 32 bit addresses. It is still used in modern Linux and Unix systems even if developers are trying to implement ‘‘lseek64’’, a system call that will use 64 bit addresses. The ‘‘stat’’ system calls allows processes to get the status of a file. With SVR4, 2 other version of that system call were created: ‘‘fstat’’ and ‘‘lstat’’. They both do the same thing except ‘‘lstat’’ give the status of symbolic links and ‘‘fstat’’ give the status of a file specified by a file descriptor. Different operating systems will output different values to represent the state of a file. Since kernel 2.5.48, the stat returned a nanoseconds field in the file’s timestamp. The ‘‘fstatat’’ system call was added to Linux kernel 2.6.16. This is again for the same reason as ‘‘openat’’. With the release of 4.4BSD, two new system calls called ‘‘statvfs’’ and ‘‘fstatvfs’’ were introduced to provide information about a mounted file system. They both do the same thing except fstatvfs takes file descriptors as an argument. These calls are only used in an UNIX environment. In Linux, it has ‘‘statfs’’ and ‘‘fstatfs’’ to support that same call.<br />
<br />
<br />
The last two original UNIX system calls in this category that are still used today are ''link'' and ''unlink''. ''link'' creates a hard link to an existing file and ''unlink'' deletes a file link’s name and possibly the file it refers to. If the name refers to a symbolic link, only the link is removed. No major changes were done to the ''unlink'' system calls but new system calls were create from ''link''. The ''symlink'' system call was added in 4.2BSD to allow the creation of symbolic links in the file system. Again in Linux 2.6.16, ''linkat'' and ''unlinkat'' were added for the same reasons as ''openat'', ''fchmadat'' and ''fchownat''.<br />
<br />
== Device Management Calls==<br />
<br />
The device management system calls are linked to hardware and they are mainly used to requests for devices, release devices, to logically attach a device or to detach it, get and modified device attributes and read and write to them. <br />
<br />
<br />
Two of the most important system calls for the UNIX and Linux operating system is ‘‘mount’’ and ‘‘umount’’. These were among the few system calls available in UNIX in the 70s. The two calls allowed the operating system to load file systems on storage devices. A few changes were done to the mount system calls most of them were the creation of new mount flags to enhance performance. For example, since Linux 2.5.19, the MS_DIRSYNC flag permits the directory changes on a file system synchronous. Another Linux improvement was to provide per-process mount namespaces. This was added on the 2.4.19 kernel. If a process was created using clone() with the CLONE_NEWNS flag, the process will have a new namespace initialized to be a copy of the namespace of the process that was cloned. The ‘‘umount’’ system call unmounted the file system from the storage device. The only noteworthy change to ‘‘umount’’ was the creation of ‘‘umount2’’ in Linux 2.1.116. It is the same as ‘‘umount’’ except it allows different flags to control the operation.<br />
<br />
<br />
The ‘‘open’’, ‘‘read’’ and ‘‘write’’ calls can also be used to access devices. As discussed in the previous section, arguments flags are used to better control the device. You would use them as if the devices were files using the appropriate flags.<br />
<br />
<br />
With the System V Unix revision 4(SVR4) came the system call ‘‘mmap’’. This system call is used to map or unmap files or devices into memory. Once a device is mapped, the system call returns a pointer to the mapped area allowing processes to access that device. This system call is still used in a Unix environment but since Linux 2.4, Linux replaced it by the mmap2 system call. It is basically the same as mmap except for a final argument specifying the offset into a file in 4096-byte units. This enables the mapping of large files.<br />
<br />
<br />
In version 7 of Unix, ‘‘ioctl’’ system call is used for device-specific operations that can’t be done using the standard system calls. This helps to deal with a multitude of devices. Each device drivers would provide a set of ioctl request code to allow various operations on their device. Each various request code are hardware dependent so there is no standard available for this system call.<br />
<br />
== Information Maintenance Calls==<br />
* get/set time or date<br />
* get/set system data<br />
* get/set process, file, or device attributes<br />
<br />
== Process Control Calls==<br />
<br />
== Communications Calls==<br />
<br />
== Miscellaneous System Calls ==<br />
<br />
= References =<br />
Here is the original manual --[[User:Lmundt|Lmundt]] 18:29, 7 October 2010 (UTC)<br />
http://cm.bell-labs.com/cm/cs/who/dmr/1stEdman.html<br />
<br />
Linux Programmer's Manual, Linux man-pages project.<br />
http://www.kernel.org/doc/man-pages/</div>Csulliva