I recently have acquired a Apple G5 computer (PPC 970) and am interested in learning more about the PowerPC architecture (most of my systems programming knowledge comes from x86 and my own hobby kernel).
After using the computer a while and getting used to PowerPC assembly (RISC), I noticed that low level CPU virtualization is not possible on PowerPC 970 based Macs. The CPU in documentation (PowerPC 64) seems to support hypervisor mode, but it has been noted that it is not possible due to Open Firmware.
Do all operating systems which are loaded from Open Firmware on PowerPC 970 series Macs load in hypervisor mode, making "nested" virtualization impossible? If this is true, why does Open Firmware load all Operating systems in hypervisor mode? Is this in order to provide a secure layer for communication between the the Operating System and Open Firmware (using firmware for everything except ACPI and memory discovery during boot, which requires a transition into "real-mode", is unsafe in x86?).
Also if the Operating system were using hyper-calls to facilitate a secure transition to firmware based routines, wouldn't this impose a large penalty just as syscalls do?
I'm not privy to Apple's hardware designs, but I've heard that the HV mode (ie., HV=1 in the Machine State Register) was disabled, through hardware, on the CPUs used in the G5 machines.
If this is the case, then it's not up to the system firmware to enable/disable HV mode - it's simply not available.
At the time that these machines were available, other Power hardware designs had a small amount of firmware running in HV=1 mode, and only exposed HV=0 to the kernel. However, the G5 wasn't one of these.
Related
What is the distinction between emulation and Full Virtualization, also called Hardware-assisted virtualizion (HVM)?
From this source, it is not clear what the relationship is.
Full Virtualization or Hardware-assisted virtualizion (HVM) uses
virtualization extensions from the host CPU to virtualize guests. HVM
requires Intel VT or AMD-V hardware extensions. The Xen Project
software uses Qemu to emulate PC hardware, including BIOS, IDE disk
controller, VGA graphic adapter, USB controller, network adapter etc.
Virtualization hardware extensions are used to boost performance of
the emulation. Fully virtualized guests do not require any kernel
support. This means that Windows operating systems can be used as a
Xen Project HVM guest. Fully virtualized guests are usually slower
than paravirtualized guests, because of the required emulation.
Source: Xen Project Wiki
In the following book these terms are considered synonymous.
At one extreme you have full virtualization, or emulation, in which
the virtual machine is a software simulation of hardware, real or
fictional — as long as there’s a driver, it doesn’t matter much.
Products in this category include VMware and QEMU.
Source: The book of Xen
Following are the excerpts from an article describing the actual difference between emulation and HWM. However, the only distinction I can see is, that virtualization enables to create more than one computing environment.
If emulation takes such a toll, why bother? Because we might want to
do one of the following:
Run an OS on a hardware platform for which it was not designed.
Run an application on a device other than the one it was developed for (e.g., run a Windows program on a Mac).
Read data that was written onto storage media by a device we no longer have or that no longer works.
Source: Russell Kay
Virtual machines offer the following advantages:
They're compatible with all Intel x86 computers.
They're isolated from one another, just as if they were physically separate.
Each is a complete, encapsulated computing environment.
They're essentially independent of the underlying hardware.
They're created using existing hardware.
Source: Russell Kay
There is another article, which only supports my hypothesis.
Emulation, in short, involves making one system imitate another. For
example, if a piece of software runs on system A and not on system B,
we make system B “emulate” the working of system A. The software then
runs on an emulation of system A.
In this same example, virtualization would involve taking system A and
splitting it into two servers, B and C.
So lets consider B=C and we have emulation, dont we?
Please note that virtualization is achieved by emulating the hardware components network adapters, USB, hard disk, CD drives etc in software. Thus emulation actually helps achieving virtualization.
Full virtualization is the technique of virtualization in which the guest OS runs unmodified, that is, the guest is not aware of whether it is running in a virtual machine environment or on a physical machine. Initially binary translation of the guest code was done in order to achieve full virtualization, but it wasn't good from performance perspective.
Para virtualization is a technique which requires modifications in the guest Operating System in order to gain better performance.
Hardware assisted virtualization is full virtualization technique as the guest Operating System runs unmodified. It is called hardware assisted because this type of virtualization utilizes virutalization specific extensions in host hardware like Intel-vtx, AMD-V etc. This technique not only offers full virtualization (guest OS does not require modification) but also has performance benefits and major vendors like Intel and AMD are providing extensions in hardware to support virtualization.
Hello Humble Stackoverflow users,
According to this XEN article, PVH mode keeps all components paravirtualized except Pagetables - "but instead of requiring PV MMU (often called paravirtualized page tables), it uses the HVM hardware extensions to virtualize the pagetables".
Accoring to link i've provided above and wiki, you can learn that Pagetables are heavily connected with CPU workflow. However, following article sais that HVM hardware Extensions are providing CPU virtualization - "Technically speaking, HVM refers to a set of extensions that make it much simpler to virtualize one component: the processor."
At the end all this left me in confused state.
Does XEN PVH mode requires Intel VT-x or AMD-V HW virtualization or not?
Regards,
Leshcat
pvh only works with intel vt for now and there is no support for 32bit guests yet, as you can see in the readme
http://xenbits.xen.org/docs/unstable/misc/pvh-readme.txt
Following remain to be done for PVH: AMD port.
https://blog.xenproject.org/2015/01/15/less-is-more-in-the-new-xen-project-4-5-release/
PVH initial domain support for Intel has been added and now supports running as dom0 and FreeBSD with Linux platforms
If a kernel does not support distinction between user mode and kernel mode, can any of the hardware be protected still?
Or would Memory, CPU, and devices be completely vulnerable to illegal access?
Yes there is still a way to keep them protected, however it would involve the use of a hypervisor.
The idea is that you would have a small kernel set up permissions of hardware access, how much RAM, which hardware, which cores, etc, and then that small kernel would bootstrap your hypothetical kernel which would run in kernel mode inside the hypervisor.
To use a hypervisor in such a way, the architecture you are using must support virtualization. x86 supports virtualization through Intel's VT-x and AMD's AMD-V. Not all CPUs, however, have these extensions and typically they are disabled by default.
If you cannot use a hypervisor, then there is no way to protect hardware or CPU access because all code is privileged and therefore is free to modify any system components.
I am really new to virtualization , i have read in some places that hardware virtualization is also referred as hardware assisted virtualization , is it true or false.
From my understanding hardware virtualization means Hardware itself has some embedded software which is helpful in managing systems resources between OS , is it right.
And if possible tell me what are the different types of Virtualization?
Different types of virtualization
In the traditional x86 architecture, operating system kernels expect direct CPU access running in Ring 0, which is the most privileged level.
Software Virtualization
With software virtualization, guest operating systems cannot run in Ring 0 because the VMM sits there. The guest operating systems must therefore run in Ring 1, but there's a catch: Some x86 instructions work only in Ring 0, so the operating systems must be recompiled to avoid them. This process is called paravirtualization, and it is impractical — especially if the source code for the OS is not available. To get around this, VMMs traps these instructions and emulates them, which unfortunately results in an enormous performance hit: Virtual machines can be significantly slower than real physical ones.
Hardware Assisted Virtualization
Thus, Intel and AMD have introduced their new virtualization technologies, a handful of new instructions and — crucially — a new privilege level. The hypervisor can now run at "Ring -1"; so the guest operating systems can run in Ring 0. There's no need for paravirtualization, the VMM does less work, and the performance hit is reduced
Wiki puts it very nicely
Virtualization
The term "virtualization" was coined in the 1960s to refer to a virtual machine (sometimes called "pseudo machine"), a term which itself dates from the experimental IBM M44/44X system. The creation and management of virtual machines has been called "platform virtualization", or "server virtualization", more recently.
Platform virtualization is performed on a given hardware platform by host software (a control program), which creates a simulated computer environment, a virtual machine (VM), for its guest software. The guest software is not limited to user applications; many hosts allow the execution of complete operating systems. The guest software executes as if it were running directly on the physical hardware, with several notable caveats. Access to physical system resources (such as the network access, display, keyboard, and disk storage) is generally managed at a more restrictive level than the host processor and system-memory. Guests are often restricted from accessing specific peripheral devices, or may be limited to a subset of the device's native capabilities, depending on the hardware access policy implemented by the virtualization host.
Hardware-assisted virtualization
In hardware-assisted virtualization, the hardware provides architectural support that facilitates building a virtual machine monitor and allows guest OSes to be run in isolation. Hardware-assisted virtualization was first introduced on the IBM System/370 in 1972, for use with VM/370, the first virtual machine operating system. In 2005 and 2006, Intel and AMD provided additional hardware to support virtualization. Sun Microsystems (now Oracle Corporation) added similar features in their UltraSPARC T-Series processors in 2005. Examples of virtualization platforms adapted to such hardware include Linux KVM, VMware Workstation, VMware Fusion, Microsoft Hyper-V, Microsoft Virtual PC, Xen, Parallels Desktop for Mac, Oracle VM Server for SPARC, VirtualBox and Parallels Workstation.
Also refer to the following links for more explanations:
http://searchvmware.techtarget.com/definition/hardware-virtualization
http://www.anandtech.com/show/2480
Modern hardware-assisted desktop virtualization products (like VMWare Workstation or VirtualBox) normally provide the guest OS with a virtual graphics adapter that has a limited functionality.
Is it possible to switch the adapters, i.e provide guest OS with direct access to the real graphics adapter, and assign a virtual graphics adapter to the host OS? Is there any software that has this functionality? If not, is it possible to develop such system? Let's assume we only have a single guest OS.
It should be possible soon with using VGA passthrough as implemented by Xen 4 (unstable branch for now):
Quoting the Xen FAQ:
"Xen 4.0.0 is the first version to support VGA graphics adapter passthrough to Xen HVM (fully virtualized) guests. This means you can give HVM guest full and direct control of the graphics adapter, making it possible to have high performance full 3D and video acceleration in a virtual machine"
"Xen VGA passthrough requires IOMMU (Intel VT-d) support from the motherboard chipset, from the motherboard BIOS and from Xen."
Note that only a few motherboard support IOMMU for now. See the FAQ for more info.
I/O hardware Virtualization especially for graphics card is made using technology called IOMMU.
AMD has published a specification for IOMMU technology in the HyperTransport architecture. Intel has published a specification for IOMMU technology as Virtualization Technology for Directed I/O, abbreviated VT-d.
With virtualization, guest operating systems can use hardware that is not specifically made for virtualization. An example for IOMMU is Graphics Address Remapping Table (GART) used by AGP and PCI Express graphics cards. Higher performance hardware such as graphics cards use DMA to access memory directly; in a virtual environment all the memory addresses are remapped by the virtual machine software, which causes DMA devices to fail. The IOMMU handles this remapping, allowing for the native device drivers to be used in a guest operating system.
Most of the Virtualization softwares supports hardware acceleration for OpenGL and some of them provides experimental Direct3D acceleration such as VMWare. Products from VMware, Citrix and VirtualBox etc. provides hardware accelaration
What processor?
This is the idea behind I/O virtualization (Intel's implementation is called VT-d). You need CPU support to allow the guest direct access to the video hardware while blocking it from stomping on other resources, such as the disk system.