Initial commit

README.md

+# Welcome to the "Advanced Systems Virtualization (soir)" course!
+
+In this repository you can find:
+
+- The slides explaining the theoretical contents of the course
+- The course's practical labs
+- Miscellaneous resources/information related to the course's topic

content/Content.md

+---
+author: Florent Gluck - Florent.Gluck@hesge.ch
+
+title: Advanced Systems Virtualization
+
+date: \vspace{.5cm} \footnotesize \today
+
+pandoc-latex-fontsize:
+  - classes: [tiny]
+    size: tiny
+  - classes: [verysmall]
+    size: scriptsize
+  - classes: [small]
+    size: footnotesize
+  - classes: [huge, important]
+    size: huge
+---
+
+[//]: # ----------------------------------------------------------------
+## Course's resources
+
+- Course's portal on Cyberlearn
+  - [\textcolor{myblue}{https://cyberlearn.hes-so.ch/course/view.php?id=14955}](https://cyberlearn.hes-so.ch/course/view.php?id=14955)
+  - enrollment key: "asv24"
+\vspace{.2cm}
+- Course's material on git
+\vspace{.2cm}
+- Course's chat on Mattermost
+
+[//]: # ----------------------------------------------------------------
+## Goals
+
+::: incremental
+
+- Acquire a better understanding of how hypervisors work
+
+- Be able to implement a simple hypervisor featuring emulated and paravirtualized devices
+
+- Study, summarize and present a research article about virtualization
+
+:::
+
+[//]: # ----------------------------------------------------------------
+## Topics
+
+::: incremental
+
+- Platform virtualization reminder
+- KVM API
+- How to use KVM to implement an hypervisor from scratch
+- Device paravirtualization using hypercalls
+- Device emulation through state machines
+- Performance analysis between emulation and paravirtualization
+- Study and summary of a research article
+
+:::
+
+[//]: # ----------------------------------------------------------------
+## Work method
+
+::: incremental
+
+- **Be present** and **pay attention**: information will often be given "on the spot"
+  - missing classes means missing explanations and useful advice!
+
+- **Take notes** as slides are **incomplete**
+
+- Work on a **regular basis**: last minute work won't cut it \frownie{}
+
+- **Be proactive**: please **ask questions**, there are no dumb questions \smiley{}
+	- no questions = I assume everything is understood...
+
+- Don't **blindly** copy/paste code found elsewhere (hello stackoverflow and chatgpt!)
+	- the goal is that **you understand** what you're doing!
+
+:::
+
+[//]: # ----------------------------------------------------------------
+## Labs
+
+- Labs are not directly graded
+
+- Labs help you:
+  - to **truly understand** the course's concepts
+  - **improve** your programming skills
+  - **succeed** your live programming exams
+
+- \textcolor{myred}{\textbf{Failing} to complete the labs will almost certainly mean failing the class! \frownie{}}
+
+[//]: # ----------------------------------------------------------------
+## Grading
+
+- Evaluation:
+  - Practical exam (40-50%)
+  - Theory exam (30-40%)
+  - Article presentation (20%)
+
+[//]: # ----------------------------------------------------------------
+## Questions
+
+\centering
+![](images/questions.png){ width=80% }

content/Makefile

+SRCS=$(wildcard *.md)
+PDFS=$(SRCS:%.md=%.pdf)
+UID=$(shell id -u)
+GID=$(shell id -g)
+
+all: $(PDFS)
+
+%.pdf: %.md
+	docker run --user $(UID):$(GID) --rm --mount type=bind,src="$(PWD)",dst=/src thxbb12/md2pdf build_slides $<
+
+clean:
+	rm -f $(PDFS)

course/01-Platform_Virtualization_reminder.md

+---
+author: Florent Gluck - Florent.Gluck@hesge.ch
+
+title: Platform Virtualization - reminder
+
+date: \vspace{.5cm} \footnotesize \today
+
+pandoc-latex-fontsize:
+  - classes: [tiny]
+    size: tiny
+  - classes: [verysmall]
+    size: scriptsize
+  - classes: [small]
+    size: footnotesize
+  - classes: [huge, important]
+    size: huge
+---
+
+[//]: # ----------------------------------------------------------------
+## What is Platform virtualization?
+
+:::::: {.columns}
+::: {.column width="50%"}
+
+\small
+
+- Virtualization of a **whole hardware platform** $\rightarrow$ allows concurrent execution of multiple OS on the same physical machine (host system)
+
+- **Virtual machine (VM)**, also called guest domain = efficient, isolated duplicate of the real physical machine
+
+- A VM is supported by a virtualization layer = **virtual machine monitor (VMM)** or **hypervisor**
+
+:::
+::: {.column width="50%"}
+
+\vspace{0.5cm}
+
+\centering
+![](images/platform_virt.png){ width=100% }
+
+\small
+\vspace{.3cm}
+
+- The OS running in the VM is called the **Guest OS**
+
+:::
+::::::
+
+[//]: # ----------------------------------------------------------------
+## Platform virtualization
+
+- Sometimes called "hardware virtualization"
+- Type of virtualization that **virtualizes a whole machine**
+- Three main components must be virtualized:
+  - CPU
+  - memory (MMU - Memory Managing Unit)
+  - devices (also called Input/Output or I/O): hard drive, disk controllers, display, mouse, keyboard, etc.
+
+[//]: # ----------------------------------------------------------------
+# CPU virtualization
+
+[//]: # ----------------------------------------------------------------
+## CPU virtualization techniques
+
+The CPU can be virtualized using 4 different techniques:
+
+- Full virtualization using Trap-and-Emulate (historical)
+- Full virtualization using Binary Translation
+  ```{.verysmall}
+  qemu-system-x86_64 ...
+  ```
+- Hardware-assisted full virtualization
+  ```{.verysmall}
+  qemu-system-x86_64 -enable-kvm ...
+  ```
+- Paravirtualization
+
+[//]: # ----------------------------------------------------------------
+## CPU full virtualization: hardware-assisted
+
+:::::: {.columns}
+::: {.column width="45%"}
+
+\footnotesize
+
+- Also called "Accelerated Virtualization" and "Hardware Virtual Machine" (HVM)
+- Exists since the release of Intel VT-x & AMD-V Pacifica in 2005:
+  - \footnotesize solves issue with the 17 "problem" instructions
+  - adds new modes: \textcolor{myred}{root\textsuperscript{$\star$}}/\textcolor{mygreen}{non-root}
+  - VMM runs in \textcolor{myred}{root} mode
+  - Guest OS runs in \textcolor{mygreen}{non-root} mode
+
+:::
+::: {.column width="55%"}
+
+\vspace{0.5cm}
+
+\centering
+![](images/hardware_assisted_virt.png){ width=100% }
+
+:::
+::::::
+
+\vfill
+
+\textcolor{myred}{\textsuperscript{$\star$}}\scriptsize Completely unrelated to root user in Linux/UNIX!
+
+[//]: # ----------------------------------------------------------------
+## CPU hardware-assisted virtualization, root/non-root modes
+
+:::::: {.columns}
+::: {.column width="53%"}
+
+\small
+
+- Guest OS runs in \textcolor{mygreen}{non-root} mode:
+  - \footnotesize ring 3: user applications
+  - ring 0: OS
+- VMM runs in \textcolor{myred}{root} mode:
+  - \footnotesize ring 0: VMM
+
+\vspace{.2cm}
+
+- In \textcolor{mygreen}{non-root} mode, certain privileged operations cause traps (\textcolor{myorange}{VMexits}) $\rightarrow$ trigger switch to \textcolor{myred}{root} mode (VMM)
+
+:::
+::: {.column width="47%"}
+
+\centering
+![](images/vmentry_vmexit.png){ width=100% }
+
+:::
+::::::
+
+[//]: # ----------------------------------------------------------------
+## CPU hardware-assisted virtualization: pros and cons
+
+- \textcolor{mygreen}{Pros}
+  - guest OS kernel' source code does not need to be modified
+  - guest OS can run on real hardware
+  - much more **efficient** than Binary Translation thanks to dedicated hardware instructions
+
+\vspace{.2cm}
+
+- \textcolor{myred}{Cons}
+  - only available if CPU implements the dedicated hardware instructions
+
+[//]: # ----------------------------------------------------------------
+# Device virtualization
+
+[//]: # ----------------------------------------------------------------
+## Device virtualization techniques
+
+Devices can be virtualized using 4 techniques:
+
+- \textcolor{myblue}{Full virtualization using emulation}
+  ```{.verysmall}
+  qemu-system-x86_64 -drive file=disk.qcow,index=0,media=disk,format=qcow2 ...
+  ```
+- \textcolor{myblue}{Paravirtualization}
+  ```{.verysmall}
+  qemu-system-x86_64 -drive file=disk.qcow,index=0,media=disk,format=qcow2,if=virtio ...
+  ```
+- Hardware-assisted full virtualization (using VT-d hardware)
+- Passthrough
+
+[//]: # ----------------------------------------------------------------
+## Device virtualization: full virtualization using emulation
+
+:::::: {.columns}
+::: {.column width="68%"}
+
+\footnotesize
+
+- VM **presents a "real" device** to the guest OS
+- Guest OS must have drivers for the real device
+- VMM intercepts all device accesses
+- VMM **emulates** a real device that's likely **not physically present** on the host
+- **\textcolor{mygreen}{Pros}**
+	- \footnotesize VM decoupled from physical device
+	- VM migration
+	- device sharing
+  - guest OS can run on real hardware (provided it has the required drivers)
+- **\textcolor{myred}{Cons}**
+	- \footnotesize emulating a real device can be complex
+	- low performance due to lots of VM exits
+
+:::
+::: {.column width="32%"}
+
+\centering
+![](images/device_emul.png){ width=100% }
+
+:::
+::::::
+
+[//]: # ----------------------------------------------------------------
+## Device virtualization: paravirtualization
+
+:::::: {.columns}
+::: {.column width="68%"}
+
+\footnotesize
+
+- VM **presents a virtual device** to the guest OS
+- Guest OS must have driver for the virtual device
+- Driver **much simpler** than for a real device
+- Driver uses the virtual device's API to control it
+  - \scriptsize driver uses **hypercalls and shared memory** to communicate with VMM
+  - **simple and highly efficient**
+
+- **\textcolor{mygreen}{Pros}**
+	- \scriptsize VM decoupled from physical device
+	- VM migration
+	- device sharing
+	- no need to emulate a real device
+	- easy to implement & high performance
+- **\textcolor{myred}{Cons}**
+	- \scriptsize guest OS requires specific driver
+  - guest OS cannot run on real hardware
+
+:::
+::: {.column width="32%"}
+
+\centering
+![](images/device_paravirt.png){ width=100% }
+
+:::
+::::::
+
+
+[//]: # ----------------------------------------------------------------
+## Platform virtualization nowadays
+
+Nowadays, VMM that implement platform virtualization use a combination of virtualization types:
+
+- **Hardware-assisted** full virtualization for CPU and devices
+- **Paravirtualization** for devices
+  - typically for performance-critical devices, such as disk and network
+- **Full virtualization** (emulation) for devices
+  - typically used for better compatibility: when guest OS lacks paravirtualized drivers
+
+[//]: # ----------------------------------------------------------------
+# Hypervisor examples
+
+[//]: # ----------------------------------------------------------------
+## KVM + QEMU
+
+:::::: {.columns}
+::: {.column width="50%"}
+
+\small
+
+- KVM  means "Kernel Virtual Machine"
+- KVM is a Linux kernel module
+  - \footnotesize adds virtualization capabilities (API) to the Linux kernel
+- Linux kernel provides hardware management + runs regular Linux applications
+- VMs support through QEMU which uses the KVM API
+- First released in 2006
+
+:::
+::: {.column width="50%"}
+
+\centering
+![](images/kvm.png){ width=100% }
+
+:::
+::::::
+
+[//]: # ----------------------------------------------------------------
+## Resources
+
+\scriptsize
+
+- [\textcolor{myblue}{"Bringing Virtualization to the x86 Architecture with the Original VMware Workstation"}](https://infoscience.epfl.ch/record/183742); E. Bugnion, S. Devine, M. Rosenblum, J. Sugerman, E. Wang; ACM Transactions on Computer Systems, 2012\
+
+- [\textcolor{myblue}{"Virtual Machine Monitors"}](https://pages.cs.wisc.edu/~remzi/OSTEP/vmm-intro.pdf) from "Operating Systems: Three Easy Pieces"; Remzi H. et Andrea C. Arpaci-Dusseau; Arpaci-Dusseau Books\
+
+- "Hardware and Software Support for Virtualization"; E. Bugnion, J. Nieh, D. Tsafrir; Morgan & Claypool Publishers, 2017
+
+- "Virtual Machines: Versatile Platforms for Systems and Processes"; J. Smith, R. Nair; Morgan Kaufmann, 2005
+
+- [\textcolor{myblue}{Understanding Full Virtualization, Paravirtualization, and Hardware Assist}](https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/VMware_paravirtualization.pdf), VMWare White Paper, 2007

course/Makefile

+SRCS=$(wildcard *.md)
+PDFS=$(SRCS:%.md=%.pdf)
+UID=$(shell id -u)
+GID=$(shell id -g)
+
+all: $(PDFS)
+
+%.pdf: %.md
+	docker run --user $(UID):$(GID) --rm --mount type=bind,src="$(PWD)",dst=/src thxbb12/md2pdf build_slides $<
+
+clean:
+	rm -f $(PDFS)