Scheduling
QEMU
- Where does it fit in OS architecture?
- Simply a procdess, so: [Image 1 goes here]
- If a shell is running in QEMU, it is not seen from the regular terminal
- Quite analogous to the J(ava) V(irtual) M(achine)
Virtual Machine Monitor
- What do you emulate?
- QEMU emulates everything (like PowerPC binaries for Intel x86 chip) [Image 2 goes here]
- If data coming in is the Linux kernel, it expects to be run in supervisor mode, so QEMU has to emulate supervisor mode (otherwise cannot process privileged instructions)
- If a program in user mode executes a privileged instruction, a software interrupt gets generated, and the kernel is called to look up the trap table
- Example: division by zero
- We would like to emulate any hardware we want; so, why not just dump code directly on the CPU without QEMU in-between?
- Cannot do this, because regular Linux kernel will catch the interrupts
- One possible way to get around this is to take out privileged instructions from binaries (essentially rewrite them)
- Cannot do this, because regular Linux kernel will catch the interrupts
Hypervisor
- The kernel's kernel [Image 3 goes here]
Ring Model
- Unix only has two rings: kernel = 0, user = 3 [Image 4 hoes here]
- If hypervisor runs in -1, we can run multiple operating systems on top of the hypervisor [Image 5 goes here]
- The hypervisor is part of the mechanism that prevents pirated games from playing on the Play Station 3
- Hypervisor does not really affect performance, because it is tacked onto the I/O part of system calls
- Translating memory access from applications in user spaces means switching to kernel (supervisor), and then again from supervisor to hypervisor
- If running multiple operating systems, hypervisor designates one operating system to be the host or root access
- "Server consolidation" - using machines to the best of their abilities to conserve power
"Blue Pill"
- When an attacker comes in, they have to run as a user process
- To hide, try to modify kernel code to camouflage processes
- Put security code in hypervisor - only good if attacker does not get there first
- Apparently, Windows kernel can actually tell if it has been virtuatlized, because there is one process that cannot be changed - the clock, so determine virtualization by checking the timing of I/O and interrupts
- "Halting problem"
MMU
- How do we translate addresses? For some process, looking at address 2000 actually means looking at 8420
- Every instruction accessing memory has to perform this translation
- There exist tables that keep these - in page intervals (a pages is approximately a 4KB block)
- MMU needs a cache (very fast) to keep these tables
- MMU also requires a special kind of memory called associative memory (not like computers' main memory)
- Content-based access, not address-based
- TLB - translational lookaside buffer is the table with tags (directly on MMU), <64K
- If the TLB misses, the kernel gets called
- Locality of reference: for data and for code, can be spatial and temporal