WEBVTT

1
00:00:03.240 --> 00:00:18.930
William Cheng: Okay, so this is the second part of lecture 27 so last time we're, you know, sort of defining what virtual machine is, you know, sort of a high level and today we're going to see how to employ. I guess the rest of it. We're going to see how to implement a virtual machine.

2
00:00:20.280 --> 00:00:24.840
William Cheng: Alright, so, you know, we're not going to go through every detail how to implement it, because it's a very

3
00:00:25.590 --> 00:00:31.470
William Cheng: Big project, right. So, just some sort of give them an idea of how to actually to convince you that this can be done. Yeah.

4
00:00:32.340 --> 00:00:44.070
William Cheng: All right. The basic idea over here is sounds a little weird over here that basically that we use to implement a virtual machine is to run the entire virtual machine in the user mode of the real machine.

5
00:00:44.580 --> 00:00:51.270
William Cheng: Okay, so we're going to run an operating system in the user mode of real machine, whereas on the left hand side over here where the real machine. Okay.

6
00:00:51.510 --> 00:00:56.760
William Cheng: The real machine has user mode and the privilege mo the privilege mode. We're going to run the virtual machine monitor

7
00:00:57.300 --> 00:01:02.370
William Cheng: Okay, so this is the real machine right inside the user space over here we're going to run the virtual machine.

8
00:01:03.000 --> 00:01:07.890
William Cheng: Okay, so the entire virtual machine is running in the user space of the real machine.

9
00:01:08.430 --> 00:01:14.370
William Cheng: Okay, so, so again, what's inside the virtual machine over here, right, there's some data structure over here called the virtual machine data structure.

10
00:01:14.610 --> 00:01:22.800
William Cheng: On top of it. We're going to run the guest operating system. And then on top of that guess happens is that we're going to run the application. So clearly the application running the user mode, the real machine.

11
00:01:23.010 --> 00:01:26.880
William Cheng: But also the guest operating system is going to run in the user mode of the real machine.

12
00:01:28.110 --> 00:01:36.990
William Cheng: Okay, so the question is, you know, can this be done is going to be too slow because you know every time you do something extra privilege instruction. You got to tap into the real operating system.

13
00:01:37.350 --> 00:01:42.420
William Cheng: We mentioned before, if you have to keep going in and out of the the organism. It's going to be really slow.

14
00:01:42.900 --> 00:01:50.190
William Cheng: Okay, so is, you know, is there a way for virtual machine to run actually fast enough. I mean, of course, we know the answer is yes, because you were running virtual machines.

15
00:01:50.430 --> 00:01:55.200
William Cheng: Okay, so it actually works pretty well. Right. So we're going to see, you see, you know, how, how this can be done. Yeah. Alright.

16
00:01:56.220 --> 00:01:59.610
William Cheng: So going to, we're going to run the entire virtual machine, the user mode of the real machine.

17
00:02:00.000 --> 00:02:09.930
William Cheng: So VM. M Right, which is the virtual machine monitor. That's the operating system that run on top of the real hardware. So that's the real operating system might be mmm running the privilege mo of the real machine.

18
00:02:10.500 --> 00:02:16.530
William Cheng: Net. So, so what we're gonna do is we're going to claim that you know inside the VM M, which is the operating system with a real machine.

19
00:02:16.740 --> 00:02:22.200
William Cheng: It can keep track of whether every virtual machine is in the virtual privilege Mo, or in the virtual user mode.

20
00:02:22.590 --> 00:02:26.640
William Cheng: Okay, so now we need to introduce new terminology, right, because when we say, you know, privilege more

21
00:02:26.910 --> 00:02:34.140
William Cheng: Are we talking about the guest operating system or are we talking about the real operating system. Right. Okay. So, so the guests albinism over here, run in the

22
00:02:34.500 --> 00:02:36.930
William Cheng: You know, running inside a virtual machine. So therefore,

23
00:02:37.260 --> 00:02:47.730
William Cheng: You know, the guest operating system thing that is running in the privilege mo brilliant REALITY IS RUNNING RUNNING THE PRIVILEGE mo inside a virtual machine, right. So, therefore, we're going to call it the virtual privilege mill.

24
00:02:48.240 --> 00:02:55.830
William Cheng: Grade because the privilege Mo is fake, right, because in reality is wanting to use them. Oh, yeah. Similarly, the application over here. It runs into user mode.

25
00:02:56.130 --> 00:03:00.960
William Cheng: But in this case, it's a it's a user mode inside the virtual machine. So we're going to call it the virtual user mode, okay.

26
00:03:01.680 --> 00:03:08.640
William Cheng: Alright, so, so, so the, you know, says the operating system run in the, you know, in the virtual cloud vision of the

27
00:03:09.270 --> 00:03:14.520
William Cheng: Virtual Machine right that's the case happens to Sam and the application is going to run in though, you know, virtual user mode.

28
00:03:15.330 --> 00:03:20.400
William Cheng: Machine guys on the real machine on the actual machine, not a virtual machine we run the BMS

29
00:03:20.940 --> 00:03:26.610
William Cheng: Okay, so how can it be mm keep track of whether every machine is in the virtual privilege mo in the virtual user Marissa, so yeah.

30
00:03:26.790 --> 00:03:33.690
William Cheng: You know, in the real machine. While we're here in the user Ma, we're going to run multiple virtual machines, right, because that was the goal right to have multi you know

31
00:03:34.080 --> 00:03:39.900
William Cheng: multi user system. So over here, we're gonna have multiple virtual machines. Okay. The, the VM M. O. B, you need to keep track up

32
00:03:40.350 --> 00:03:45.870
William Cheng: You know, for every virtual machine. Are you in the virtual user mode or during the virtual privilege, because how do you do that.

33
00:03:46.830 --> 00:03:57.120
William Cheng: Then so so let's take a look at the examples. So over here, that's it. We're running a user space program right and the users as well. While we're going to make operating system call. So let's say that we call read into the operating system. Right.

34
00:03:57.570 --> 00:04:03.270
William Cheng: Okay, so when we call the Read, read, is implemented as a. So, so again, when you execute the code.

35
00:04:04.710 --> 00:04:14.400
William Cheng: In the system call your exit Unicode in the real CPU. So remember, read is a sin. It's a very simple function right it's it's a rapper, you know,

36
00:04:14.970 --> 00:04:21.630
William Cheng: around the track machine structure. So what we do is that we're gonna we're going to set up for the setup of the read and then we're going to execute the trap machine structure.

37
00:04:22.200 --> 00:04:24.180
William Cheng: Okay, so why don't we actually to try and change it.

38
00:04:24.570 --> 00:04:31.350
William Cheng: Well, the travel machine instruction is a privilege instruction right so therefore we will you execute that. And you're going to be in the, in the real operating system.

39
00:04:31.680 --> 00:04:36.510
William Cheng: Okay, so as soon as you execute re you're going to be in the real evidence to send the relevant system is VM M.

40
00:04:37.320 --> 00:04:44.730
William Cheng: Okay, so when you execute a privilege instruction on the real machine or the, the real machine is actually right right right right here, you're going to end up trapping into VMware

41
00:04:45.450 --> 00:04:49.230
William Cheng: OK, so now you're going to be a member to be able to say, well, you know, well, you know,

42
00:04:50.070 --> 00:04:56.640
William Cheng: You know, how did I get here, right, you get here because you execute a travesty instruction over here in the in the virtual

43
00:04:57.120 --> 00:05:09.990
William Cheng: In the, in the virtual user mode. So where does the application. Want to go, well, we know that we execute a track machine instruction. You're supposed to go into the operating system. So you want to get into the trap handler is not a guest operating system.

44
00:05:11.340 --> 00:05:19.170
William Cheng: Okay, so when you execute the resistant call you want to be. You want to be down here. Right. But now, where the wrong place where here, right. How do we go from here to here.

45
00:05:20.190 --> 00:05:21.030
William Cheng: What's up call.

46
00:05:22.500 --> 00:05:36.060
William Cheng: Right, if you're in the VM M You're, you know, you're going to renew our offices and this one is actually in the user space of the real opportunity is Mr. In that case, this is this up call. Okay. So all you have to do is to make an appt call into the guests happenings as them.

47
00:05:37.170 --> 00:05:42.600
William Cheng: Okay, so if you do this just right. It's as if you know you make the racism, call it and boom, you're in the guest operating system running

48
00:05:43.200 --> 00:05:53.190
William Cheng: Okay, so, so this transition has to go through VMware so VM m can keep track up now for this virtual machine is no longer in the virtual user mode now it's in the virtual a privilege mode.

49
00:05:54.180 --> 00:06:04.440
William Cheng: Okay, so, so, so this you can keep track that. But what about returning back to the application we mentioned before, the only way to return back the application for the entire x86 CPU. I'm not for IBM

50
00:06:04.830 --> 00:06:14.130
William Cheng: IBM instruction look like that before the Intel CPU. There's an instruction card I return, return for by interrupt is that instruction privilege or not privilege.

51
00:06:14.790 --> 00:06:20.430
William Cheng: Of course, that instructions privilege. Right. We try to do that in the application program while then optimism is going to cook critical that

52
00:06:20.550 --> 00:06:30.720
William Cheng: You're not allowed to do that in the in the application, right. So, therefore, this instruction is privileged. So if you execute that inside the guest appearances. And so that's it I guess this is a finished, whatever it's doing

53
00:06:30.900 --> 00:06:40.560
William Cheng: Right, find the buffer and it's going to return it. And now it's going to execute I return when you execute I returned, since it's in the user mode of the real machine. Again, you're going to end up traveling to be. Mm.

54
00:06:40.980 --> 00:06:47.220
William Cheng: Hmm. So how do I get here. Oh you execute I returned from the guest operating system, where do you need to return to

55
00:06:47.490 --> 00:06:53.730
William Cheng: Well, you need to return to where it will yo where it came from. Is it again. Would you do that you save the context when you come inside the VM and

56
00:06:53.940 --> 00:07:08.550
William Cheng: And now you return for the guess I'm just need to you need to restore the contacts. Again, we know, we know how to return back into the user space program if the real machine of yours x86 CPU. Now we're going to execute I return from the, you know, from the real operating system.

57
00:07:09.570 --> 00:07:18.360
William Cheng: Right, so, so again, instead of guessing this is me going to execute I return because you want to return to the user space program. But now, since it's a privilege instruction, you end up in the VMware

58
00:07:18.600 --> 00:07:31.050
William Cheng: Inside the VM. And we're going to execute the real I returning structure. And so you can go back to the user space. OK. So again, right before you do that, you can make a note inside VM to say, now you know. Now this particular virtual machine is going to be in the virtual user mode.

59
00:07:32.070 --> 00:07:38.430
William Cheng: Okay, so therefore this clay. You know he he. I mean, there's a lot of details right but the basic idea of what can be done.

60
00:07:39.120 --> 00:07:44.730
William Cheng: Right, because in order for you to go from the virtual user multiple virtual privilege. Well, you have to go through the VM and

61
00:07:44.880 --> 00:07:57.480
William Cheng: Similarly, if you want to go from the virtual privilege mode back into the virtual user Mo, you have to go to the VM. So VM m can keep track of this for every virtual machines. All right. Okay. So we're going to sort of look at this a little detail a little

62
00:07:58.500 --> 00:08:09.630
William Cheng: A little bit more. So I so again the pictures that look like this. Right. We saw the picture over here you know he's on top of VM. And we're going to run many virtual machines over here. Here is only one of the virtual machine over here.

63
00:08:10.140 --> 00:08:21.030
William Cheng: When you execute instruction, your application over here, they execute the instruction is executing inside a real CPU going, what does that mean is that the real CPU or because that's how that's what we call a virtual machine.

64
00:08:21.660 --> 00:08:34.050
William Cheng: Okay, if this instruction over here is emulator while, then it's really not a virtual machine. Okay, so for non privileged instruction. What does an employee reconstruction right as, subtract, multiply, point or manipulation. Those are not privileged

65
00:08:34.620 --> 00:08:47.250
William Cheng: Okay, so they will execute directly on the CPU. OK. So again, that's a requirement for our virtual machine. The extra is where I'm going to use a red line over here to show that the CO here it's executed directly on the real CPU now.

66
00:08:48.150 --> 00:08:53.670
William Cheng: Right, so, so the picture on the right hand side over here almost look like our current assignment.

67
00:08:54.510 --> 00:09:03.210
William Cheng: Okay, our current. Oh, Simon rattle we hit this oh hello program. Hello program run on top of winnings winnings run on top of Q em you is qu a virtual machine.

68
00:09:04.020 --> 00:09:16.290
William Cheng: What if you read the manual of New year, new demand page and it will say that it can run as a virtual machine, but that's not how we're using it. Okay, we're using a helium you as an X86 emulator. Okay, so what does that mean

69
00:09:17.340 --> 00:09:24.090
William Cheng: You're using as a access the emulator. Right. So for example if x86 have instructions to say, yeah, x gets five

70
00:09:25.380 --> 00:09:34.260
William Cheng: Okay, so this will be a real intelligent instruction. If you execute this one inside the real CPU, what's going to happen what yes the register is that the CPU is going to get the number five.

71
00:09:35.070 --> 00:09:42.270
William Cheng: Okay, if you execute inside x86 emulator. What happened is that there's a data structure inside qu E x

72
00:09:42.660 --> 00:09:57.120
William Cheng: Okay, there's a variable called coco, coco yes over here. Well, you said five into that we execute this instruction, you're going to interpret this instruction and says, put five into you know the the sort of the fake yes register. So this variable is going to get a variable devalue five

73
00:09:58.710 --> 00:10:09.510
William Cheng: Okay. So in this case, in order for you to emulate this instruction, you're going to execute multiple see statement in India you provide into a variable noise. Yes. Okay, so that's that's emulation.

74
00:10:10.530 --> 00:10:21.390
William Cheng: Alright, so our current or someone over here, even though it looks like this picture, but in reality it's not because Q em, you were running it as an X86 instruction set emulator that alright so our

75
00:10:22.230 --> 00:10:33.510
William Cheng: Q me. What is around how it runs out with Ubuntu 16.04. What is it about a 60 point over run. Oh, well, you know, in this picture over here. You said that you can actually run directly on the hardware.

76
00:10:34.050 --> 00:10:47.370
William Cheng: So if you install one to 60 part of what directly onto the hardware that this will be the right picture. Yeah. But since we're installing into Virtual Box right one to 6104 actually going to run inside the virtual machine which runs inside the

77
00:10:49.620 --> 00:10:56.010
William Cheng: Room running inside that was wrong on top of the host operating system and host offices and run on top of the the hardware.

78
00:10:56.670 --> 00:11:01.320
William Cheng: Okay, so in reality. Over here I since we're running Virtual Box over here. There are two more layers that are missing over here.

79
00:11:02.040 --> 00:11:08.910
William Cheng: Okay. But again, if we want to 16.4 is directly and starting their hardware this picture looks just like this one, except

80
00:11:09.450 --> 00:11:19.980
William Cheng: The qu me over here. It's an emulator and not you know not not not not not a virtual machine as we define it in our class. Okay. So again, these two things are not equal. Right.

81
00:11:24.480 --> 00:11:38.280
William Cheng: Okay, so, since all these instructions to execute on a CPU. What about privilege instruction right so if you have a privilege instruction. It's such as a system called right you know now for Intel will be in zero x to eat for IBM, there's probably an instruction called trap guy.

82
00:11:39.420 --> 00:11:45.030
William Cheng: Also your application over, you can get a page fault. Right. So in this case, where you going to pay Shaw, you're getting a page for on the real hardware.

83
00:11:45.900 --> 00:11:55.200
William Cheng: Okay, so and so, again, in this case, what do we want it to go right. Okay, so what we wanted to go is that we wanted to go to the guest operating system. But in reality, when you execute a trial machines regime.

84
00:11:55.350 --> 00:12:02.220
William Cheng: You're going to end up in the, in the real operating system. So in that case, you actually you transition into the virtual the virtual machine monitor over here.

85
00:12:02.880 --> 00:12:09.510
William Cheng: Okay, so, so we started out in the virtual machine monitor we execute that challenging shutter, but we want to go here. How do you

86
00:12:09.870 --> 00:12:15.090
William Cheng: How do you get there, right. You can you can you get there in one step. Maybe you have to do in to stab or something like that. How do you actually get there.

87
00:12:15.510 --> 00:12:25.380
William Cheng: Now, so when you execute this machine instruction, either because of the system call because of paintball, you're going to end up in VM. M And now in order for us to go inside the guest operating system.

88
00:12:25.650 --> 00:12:28.620
William Cheng: Typically this is done is that we're going to do it in two steps.

89
00:12:28.950 --> 00:12:36.600
William Cheng: Okay, why do we do it in two steps. Because, you know, one step is one level of indirection. Every time we have one level interaction is going to give us flexibilities

90
00:12:36.900 --> 00:12:46.680
William Cheng: Yeah, so the idea here is that, you know, the way we're going to get into the guest operating system, it will be nice that the way we get into the guest operating system is going to be virtual machine independent

91
00:12:47.310 --> 00:12:51.930
William Cheng: Okay, or you can also think about is that it's going to be guest operating system independent whether this guy's

92
00:12:52.170 --> 00:12:59.160
William Cheng: This system is Linux or Windows or different versions of Windows. We want to have a uniform way to go from VMware into the guest operating system.

93
00:12:59.610 --> 00:13:03.780
William Cheng: Okay. So, therefore, the way we're going to do this is using one level one. Level interaction.

94
00:13:04.590 --> 00:13:14.340
William Cheng: That. So what happened is over here is that the VM is going to look up the data structure and the code inside the virtual machine. He said, a virtual machine. Again, we mentioned before, right, what is the virtual machine.

95
00:13:14.700 --> 00:13:18.780
William Cheng: Virtual Machine is code and data structure that allowed this transition to happen.

96
00:13:19.080 --> 00:13:25.740
William Cheng: Okay, so you can sort of think about is that the way we're going to, we're going to make an appt call is that we are going to make it. We're going to make an indirect up call.

97
00:13:26.430 --> 00:13:31.320
William Cheng: Okay, we're going to look up the virtual vision over here. There's some data structure to tell you how to go back into this gets offices there.

98
00:13:31.500 --> 00:13:39.360
William Cheng: And that will be using the up call. We're going to make the up call indirectly by calling a function inside the virtual machine and then it will make an appt call to the guest operating system.

99
00:13:39.810 --> 00:13:43.590
William Cheng: Okay, so this way, our VM m can be virtual machine independent

100
00:13:43.800 --> 00:13:52.230
William Cheng: Right, because if we have a different guest operating system. We have a different virtual machine but again we go through the same procedure, find that function we're going to make an indirect car. I mean, again, polymorphous them.

101
00:13:54.750 --> 00:14:00.810
William Cheng: Is going to be the mechanism that they will use. So this way we can actually we can reach any kind of guest operating system.

102
00:14:01.620 --> 00:14:12.330
William Cheng: Okay, well, so that's what we need to do this in two steps right first will use the data structure and the code inside the virtual machine to make it and then we're going to make an indirect costs into the guest operating system. All right.

103
00:14:14.430 --> 00:14:21.900
William Cheng: Okay, so, so without the virtual machine, right. So we're not a bunch of mission over here, you know, the application basically things that it directly go into the guest operating system.

104
00:14:22.530 --> 00:14:32.340
William Cheng: OK, so now we can see that it comes, it comes in, you know, many, many steps over here and eventually it will reschedule because nobody says that, but the guest operating system doesn't know the difference.

105
00:14:33.060 --> 00:14:40.710
William Cheng: OK, so again this is, you know, this is what you're trying to achieve inside a virtual machine. Okay. All right. And also, you know, it's also a lot slower.

106
00:14:41.130 --> 00:14:45.840
William Cheng: Right, because before you just go there directly right so now you need to come inside the operating system.

107
00:14:46.770 --> 00:14:49.860
William Cheng: Which which is the user space to the kernel space transition

108
00:14:50.100 --> 00:14:59.010
William Cheng: And then there are these overhead that you have to do you know inside a virtual machine monitor and then eventually we're inside the virtual machine you're going to make an appt call make an indirect up call into the guest appearances

109
00:14:59.370 --> 00:15:08.340
William Cheng: And that will be a transition from the colonel into the user space. Okay, so before it's much faster. So now you know that at least is going to be 50% slower or even

110
00:15:08.910 --> 00:15:17.730
William Cheng: Or even slower than that. Okay, so, so, so, running a virtual machine is going to be costly right because you're going to end up doing a user. The colonel.

111
00:15:18.090 --> 00:15:22.950
William Cheng: Transition twice because the guest operating system is running into user space. Okay.

112
00:15:23.820 --> 00:15:28.080
William Cheng: All right. And also there's a comment over here. So we mentioned before a trap and the

113
00:15:28.350 --> 00:15:35.760
William Cheng: Hallway interrupt that basically works the same way. Right. So when you get a highway INTERRUPT YOU WANT TO DELIVER THE HORROR interrupt into the guest appearances them. So again,

114
00:15:35.910 --> 00:15:40.740
William Cheng: When you get a whole range or are you going to drop into the VM, man. And we're going to do something very, very similar, you know,

115
00:15:41.250 --> 00:15:48.540
William Cheng: To to to get into the guest operating system or as we're going to talk about that. Pretty soon. Right. But the basic idea over here is that, you know, a trap is a software interrupt.

116
00:15:48.990 --> 00:15:57.150
William Cheng: A Halloween, or I'm sorry, interrupt in da you execute pretty much the same code inside the guest operating system. Okay. So, therefore, we also need to make sure that the same thing happens.

117
00:15:58.800 --> 00:16:03.810
William Cheng: Alright. So in this case, you know, what is the virtual machine over here, right, the virtual machine over here is the code.

118
00:16:04.020 --> 00:16:13.620
William Cheng: And the data structure that allow this to happen. Right, so, so, so in that case, what kind of code, do you have right and what kind of data structure, while you're going to have a data structure and a code represented CPU.

119
00:16:14.040 --> 00:16:19.680
William Cheng: Okay, so. So inside of it. There's a virtual CPU. There's a virtual disk. There's a virgin display. There's a virtual keyboard.

120
00:16:19.890 --> 00:16:29.730
William Cheng: All these things that are virtual I'm talking about the code and the data structure that represent you know this particular device, whereas all the devices via our virtual yeah

121
00:16:30.480 --> 00:16:42.300
William Cheng: You kind of see that already, right. So when you run virtual box, you will see that inside a window on the on the corner over here you have you have a role icon. Some of that showing the dissemination the display some initial and all these devices.

122
00:16:42.540 --> 00:16:47.010
William Cheng: Those are sort of the graphical representation of, you know, all these virtual devices. Right.

123
00:16:47.460 --> 00:16:55.980
William Cheng: You know sometimes when you run your openness, yo, yo, Ubuntu 16.4, you will see that those icons will actually blame or something like that. So they make it look like that you actually using a real machine.

124
00:16:56.460 --> 00:17:05.940
William Cheng: Okay, but you'd be in reality over here. Again, there are there. The every one of these virtual devices can have a virtual icon on the screen. And I just see it when when something's being used.

125
00:17:06.990 --> 00:17:10.530
William Cheng: OK. So, again, that those are the things that represent the virtual machine. Yeah.

126
00:17:12.600 --> 00:17:22.320
William Cheng: Alright, so, so, so please know that most of the instruction in the trap handler. OK, so now you're doing Colonel three right. You see, you know, the instruction inside of trap panel over here.

127
00:17:22.920 --> 00:17:28.800
William Cheng: Most of instruction that you're doing like handle peaceful guys we do handle as well which instruction is actually privileged

128
00:17:30.720 --> 00:17:38.760
William Cheng: Okay, so think about we handle page. All right, you start walking down the Colonel, you know, data structure of list of VM area is any of those instruction privileged

129
00:17:39.210 --> 00:17:50.610
William Cheng: Well now, right, we need to deal with the PageRank has any of the instructions privileged. Well, no. Well, so pretty much all the instructions that are executed in the guess ordinances there. Most of the instruction or not privileged

130
00:17:51.420 --> 00:18:00.570
William Cheng: Okay, so this is why virtual machines actually pretty fast, because once you get into the guests ordinances them all the instructions that you execute over here directly execute on the hardware. They are not emulated

131
00:18:01.980 --> 00:18:11.190
William Cheng: Okay, cool. Yeah. Moore's Law slower because they're emulating every machine starting over here. But when you're using a virtual machine when you're running in the application space, unless you know unless you call the trap.

132
00:18:11.370 --> 00:18:18.870
William Cheng: Every instruction in the application and run directly on the hardware and every instruction in the guest operating system or most of it right directly on the hardware.

133
00:18:19.590 --> 00:18:21.810
William Cheng: Okay. That's why the performance is reasonable.

134
00:18:22.350 --> 00:18:32.160
William Cheng: Okay, but when you execute a privilege instruction is not a guest operating system on. And again, and again, same things gonna happen right you're going to drop into the VM m the VM M is gonna try to deliver

135
00:18:32.490 --> 00:18:40.770
William Cheng: That instruction to the guest operating system, but can every, you know, a privilege instruction instead of guess happiness is a candidate delivery into the guest operating system.

136
00:18:41.610 --> 00:18:46.950
William Cheng: I mean clearly now. Right. We just taught us one example. If the guest operating system execute return from interrupt.

137
00:18:48.240 --> 00:18:58.470
William Cheng: Okay. When you, when they execute a return for interrupt when it goes to the virtual machine. I will, you know, again, who you are traveling to the virtual machine does the virtual machine deliver the return on investment. So guess happens is that

138
00:18:58.950 --> 00:19:02.160
William Cheng: One. No, right, because the goal of yours who returned back into the user space.

139
00:19:03.120 --> 00:19:11.280
William Cheng: Okay. So not every instruction that you're executing that is happening since then that our privilege will cause the transition back into the guest operating system.

140
00:19:12.060 --> 00:19:23.520
William Cheng: Okay. Sometimes you want to go back to the user space. Sometimes you want to do something else. OK. So, again, is that it gets organizes them for regular instruction and they execute directly on the CPU, but for the privilege instruction, you got to be a little careful

141
00:19:24.570 --> 00:19:29.880
William Cheng: Okay, because some of them. They actually the racism has handler for a while. In that case, they will go back to the guest.

142
00:19:30.210 --> 00:19:36.120
William Cheng: Is there some of them that gets albinism does not have a handler for a while. In that case, somebody has to take care of it.

143
00:19:36.930 --> 00:19:46.350
William Cheng: Okay, so there are different kinds of instruction in the guess harmonies. Is there some of them has a handler inside guess ominous is there. And then the other things are some other type of instructions. Right.

144
00:19:47.130 --> 00:19:56.310
William Cheng: Right, so I'll be here we're sort of asked the question, right, what type of you know code must execute inside of privilege mode. Okay. So over here, it says, What if returned by interrupt is not privileged

145
00:19:57.210 --> 00:20:04.500
William Cheng: OK, so the guess obviously the over here. Excellent return for interrupt if this instruction. If you allowed to do that in the user space code.

146
00:20:04.920 --> 00:20:07.770
William Cheng: Well then, from this point on your virtual machine is going to be messed up.

147
00:20:08.610 --> 00:20:20.070
William Cheng: Okay, so remember what you know what does return for interrupt right you set up a bunch of register over here and then you put it into the CPU. If you're allowed to do that without traffic into VMware, why is that they're going to be big trouble.

148
00:20:20.850 --> 00:20:27.540
William Cheng: Okay, so, so again, let me clear this up a little bit. If you execute I return over here, there is no you know

149
00:20:28.530 --> 00:20:35.130
William Cheng: There's no headlines that against our businesses and so therefore the VM emphasize the VM. And this is what to do.

150
00:20:35.700 --> 00:20:46.440
William Cheng: Okay, so in the example that we talked about. When the guest operating system handle in return for interrupt the virtual machine monitor over here need to return from need to return to the users into the virtual user space.

151
00:20:48.330 --> 00:21:01.170
William Cheng: Alright, so, so, so, clearly you can really directly actually learning started CPU the virtual machine models take control and then we'll decide what to do. Okay. If this instruction can execute directly on the CPU and then your virtual machine your virtual machine is going to be broken.

152
00:21:02.760 --> 00:21:09.060
William Cheng: Okay, so, so this instruction has to be intercepted by the VM in in order for the VM M to do the right things.

153
00:21:09.720 --> 00:21:21.900
William Cheng: OK. So again, these are very important. So, so there there are different kinds of instruction is that it gets opportunism, especially when we talk about the privilege instruction okay I return is different from a regular privilege instruction. Yeah.

154
00:21:23.610 --> 00:21:25.500
William Cheng: All right, what about I own instructions over here.

155
00:21:26.070 --> 00:21:35.970
William Cheng: Okay, so, so, so typically the way we sort of think about how to do virtualization is that we're going to virtualize different devices. Well, different piece of hardware one piece of power, especially is called a CPU.

156
00:21:36.720 --> 00:21:46.920
William Cheng: Okay, so we're going to virtualize the CPU. Right. And the other thing will Holland devices. So we can also have a different way to virtualize all the devices. Right. So again, ever since, you know, chapter one, we sort of mentioned that there are three kinds of hardware.

157
00:21:47.160 --> 00:21:50.400
William Cheng: There's a CPU. There's memory and everything else on called devices.

158
00:21:51.000 --> 00:21:56.010
William Cheng: Okay, so we just sort of give you an introduction of how to virtualize the CPU. How do you virtualize

159
00:21:56.340 --> 00:21:58.440
William Cheng: You know, memory, and we're going to talk about that a little later.

160
00:21:58.680 --> 00:22:06.330
William Cheng: There and then we'll talk about how to virtualize devices over here, while the devices that will you call read and write, you're trying to read from a device. Right. OK. So again,

161
00:22:06.600 --> 00:22:13.800
William Cheng: You know, in the real hardware. We have a real hard drive over here, right. That's the desk. Okay, inside the virtual machine over here we have virtual disks.

162
00:22:14.370 --> 00:22:18.810
William Cheng: OK, so the virtual dissolve. Here is a fake this right, so, so, so how do you implement a fake this

163
00:22:19.440 --> 00:22:28.770
William Cheng: Yeah, so the idea here is that we're gonna we're going to take the real desert over here. I'm going to chop it up into many, many virtual disk over here and we're going to give every virtual machine a so

164
00:22:29.070 --> 00:22:39.630
William Cheng: Every virtual machine a separate virtual disk. Okay. But you see that you saw that already. Remember when you install Ubuntu 16 point or four, it asks you, you know, how big of a virtual disk. Do you want

165
00:22:41.160 --> 00:22:52.920
William Cheng: Okay, so you've done that already. Right. So as a weapon is that when you install the virtual machine, you say, oh, I want to 10 gigabyte you know 10 1010 people by virtual disk. So what happened is that it's going to create a file inside the virtual

166
00:22:53.580 --> 00:23:00.480
William Cheng: It's going to create a file inside the real operating system right so here's the host operating system so so inside the real evidence is them.

167
00:23:00.630 --> 00:23:08.130
William Cheng: They will use the foster that to create a 10 gigabyte file and this tend to give my file is going to pretend to be the virtual disk and this one will be assigned to you.

168
00:23:09.060 --> 00:23:19.080
William Cheng: Okay, so later on when you try to access your desk, while in reality you're accessing the file. So therefore, in that case, again, the virtual machine monitor will access the file for you but pretend that it's actually a desk.

169
00:23:20.250 --> 00:23:30.090
William Cheng: Okay, but how does it, pretend that there is a desk right because eventually when you're operating system over here is going to try to access the desk. What do you have to do you have to use memory map IO instructions.

170
00:23:31.110 --> 00:23:42.900
William Cheng: That alright so. So first we'll divvy up the you know the the physical this into these virtual disk over here. Right. And then, you know, when you make the the racism call you trapping to VM M will not deliver that to the guest operating system.

171
00:23:43.110 --> 00:23:51.120
William Cheng: And then eventually, that there is obviously is going to use memory map IO to add to, to try to access to this, the memory map IO, are they privileged instructions.

172
00:23:51.600 --> 00:23:55.080
William Cheng: Well, the answer is yes. Right, because what they're doing is that they're going to the bus.

173
00:23:55.320 --> 00:24:04.440
William Cheng: Application program can access the buck and I cannot tell cannot cannot do something specifically on the bus. So therefore those instructions the privilege and as soon as you do that again you traveling to be a map.

174
00:24:05.280 --> 00:24:14.850
William Cheng: Okay, so now what do you do, right, so I'll be here it's if it's a memory map I own instruction, you try and do BMS is your handler instead of guest operating system for memory map I own judgment.

175
00:24:15.300 --> 00:24:22.620
William Cheng: Well, of course, there isn't right, because they're supposed to execute on a bus directly on the bus. Okay, so therefore inside VMware VMware has to deal with it.

176
00:24:24.000 --> 00:24:30.570
William Cheng: Alright, so, so, so the terminology that we use over here is that the VM and has to emulate these memory map Iowa instruction.

177
00:24:31.590 --> 00:24:43.440
William Cheng: Guys, okay, you actually give me my own instruction is it's privileged your tribe is IBM. So there's no there's no way for you to deliver this trying to guess evidence is there because because our new system we're trying to execute, you know, to, to execute

178
00:24:43.980 --> 00:24:51.510
William Cheng: Plus operation. Well, there's no handler for it. Okay. So, therefore, in that case, the VM M has the emulator. How does the VM emulator.

179
00:24:52.620 --> 00:24:57.960
William Cheng: Well, so in this case you're transferring data from the decision to memorize over here. What we'll do is it will go to the actual this

180
00:24:58.200 --> 00:25:05.220
William Cheng: copying data into the Virtual. Virtual days I get the version is over here is the file. So inside of our, we are going to pretend that it looks like a desk.

181
00:25:06.030 --> 00:25:08.160
William Cheng: That. So we're going to pretend that we start doing the

182
00:25:09.150 --> 00:25:16.860
William Cheng: Doing the PMA operation. We're going to translate this data into a buffer inside guess organism over here. So again, over here, we need to copy the data.

183
00:25:17.070 --> 00:25:20.670
William Cheng: The buffering start operating system you there's a way to access and inside VMware

184
00:25:20.880 --> 00:25:29.250
William Cheng: Just like our current or three that there's a, you know, sort of a VMware virtual just, you can use the copy of the data from the file into this buffer. And when the data transfer is complete. What do you have to do.

185
00:25:29.940 --> 00:25:38.700
William Cheng: Where the guest operating system once they execute that memory map I operation that what he would do is it will put the colonel threats asleep, and then a way for I'll interrupt.

186
00:25:39.120 --> 00:25:52.560
William Cheng: Right, it's gonna wait for completion or Ah, so therefore you got to make sure that when this operate is is done finished emulating by the VM what it needs to do is I need to perform up call into the interrupt service routine for the guest operating system.

187
00:25:53.610 --> 00:26:02.880
William Cheng: Okay, that's how you emulate this particular memory map I instruction to tell the dis to do to to to transfer data, right, because in the end what the weather is finished transferring data.

188
00:26:03.120 --> 00:26:11.100
William Cheng: If you installed. If you're running this on a real hardware, it will generate a hardware interrupt and they and your get your operating system or start executing interrupt service routine.

189
00:26:11.940 --> 00:26:19.110
William Cheng: Okay, so therefore we're gonna we're gonna we're gonna maybe exactly the same thing happened over here. When we finish copying all this data from the file into the memory buffer over here.

190
00:26:19.260 --> 00:26:23.940
William Cheng: We're going to make an appt call and we're going to execute the interrupt service routine inside the guest operating system.

191
00:26:24.960 --> 00:26:39.720
William Cheng: Alright, so again, this can be done right. It sounds really complicated. Okay, so, so I'm not going to shoot now maybe the sounds to make make make the sound. I used to easy. Okay. But in reality, every memory map I only instruction has to be emulated this way.

192
00:26:40.920 --> 00:26:47.520
William Cheng: Okay. So in the end, this is really, really tedious, you know, kind of things you have to do when you try to virtualize every IoT devices.

193
00:26:48.510 --> 00:26:55.080
William Cheng: Okay but but we can see that this can be done right if you hire a lot of programmers, you know, each one of them tried to emulate one instruction. Now eventually that

194
00:26:55.620 --> 00:26:56.700
William Cheng: This thing will be done right.

195
00:26:57.480 --> 00:27:09.600
William Cheng: Now, so therefore you know the the memory map IO will cause the traveling to be mmm the VM will have to emulate these instructions because there's no handler in the guest operating system for these memory map IO instructions.

196
00:27:10.020 --> 00:27:16.770
William Cheng: Okay. And also there's really no disk inside the virtual machine, you know, so therefore VMware has to emulate all these operations. Yeah.

197
00:27:18.720 --> 00:27:26.160
William Cheng: Alright, so that's sort of the basic idea how to emulate so sorry hug virtualized CPU and also how to virtualize IoT devices.

198
00:27:26.550 --> 00:27:34.590
William Cheng: So IBM eventually sort of figure out how to do that. Right. And once they start, you know, selling this they actually, you know, so, so this is invented in 1960s by IBM

199
00:27:34.830 --> 00:27:39.480
William Cheng: IBM start selling these virtual machine when somebody tried to go by IBM machine. They say, you know, you know,

200
00:27:39.750 --> 00:27:47.220
William Cheng: The sales people try to convince that instead of buying just an IBM machine. Why don't you buy, you know, why don't you buy our virtual machine.

201
00:27:47.760 --> 00:27:56.370
William Cheng: Okay, some people say, Well, why do you want a virtual machine is going to run slower. As it turns out, there are many, many advantages to using a virtual machine right here are some of the, you know, some of the idea over here.

202
00:27:56.760 --> 00:28:04.200
William Cheng: It's a good way to structure a multi user system. Okay, so once they start doing that they're also doing something, you know, for for for other kind of system.

203
00:28:04.740 --> 00:28:10.710
William Cheng: There are also additional advantages, right. So, so this one is was to solve the original problem right so that you can actually have a multi user

204
00:28:11.250 --> 00:28:20.880
William Cheng: You know, time sharing, sharing system. So in the IBM was successful in doing that. Then there are other we're event is over here. For example, you can actually help always debugging and testing.

205
00:28:21.450 --> 00:28:31.830
William Cheng: OK, so now so so in the good old days when people by IBM machine right what they would do is I there was, they will send you a hardware, they will send you IBM iOS over here and then you run application on top of it.

206
00:28:32.430 --> 00:28:44.190
William Cheng: Okay, but now when you by IBM machine. The IBM sales people will say, you need to buy a virtual machine. So in that case over here hot WARM, IS IT IS GOING TO BE virtual machine right here. Right. And then you have VM running below below here.

207
00:28:44.370 --> 00:28:46.350
William Cheng: And then you have the real hardware running below. Yeah.

208
00:28:46.740 --> 00:28:57.990
William Cheng: Okay, so what happened is up with IBM shipped the customer the machine, they will actually ship them to virtual machines, one is the one that the customers using the other one over here is for IBM to us and the second IBM

209
00:28:58.320 --> 00:29:01.620
William Cheng: The second virtual machine look exactly the same as the first virtual machine.

210
00:29:02.070 --> 00:29:11.790
William Cheng: Okay, so why do they want to do that. Well, because why because I the application, you know the the customer, typically what it will do is that they will try to ask for bug fixes or something like that. So when they asked what bug fix this. What do you have to do.

211
00:29:12.510 --> 00:29:17.730
William Cheng: Well, if this is a bug is not operating system. If you go there and servers, your machine, you have to, you have to shut down the machine.

212
00:29:18.780 --> 00:29:24.240
William Cheng: Okay, now IBM doesn't have to do that anymore because the second virtual machine over here is identical to the first one.

213
00:29:24.450 --> 00:29:32.130
William Cheng: They will send the IBM engineers to the customer side and then they will sit on the, you know, singing from the same machine, but they will debug the second machine.

214
00:29:32.970 --> 00:29:36.060
William Cheng: Okay, so therefore they will be running all this kind of stuff, trying to find out the but

215
00:29:36.210 --> 00:29:45.300
William Cheng: Eventually when they find a bug, what it will do that they will copy the code over here, you know, for, for, you know, for, for, for the guest operating system over here and then are the customer can actually have virtually zero downtime.

216
00:29:46.560 --> 00:29:53.670
William Cheng: Okay, so at that time. One of the major competitor is called N da so and I didn't have virtual machine so you know when IBM has these great technology.

217
00:29:53.850 --> 00:29:59.550
William Cheng: Everybody will prefer to do it this way because you have no downtime will very, very minimal minimal downtime. When you have an operating system, but

218
00:30:00.480 --> 00:30:07.620
William Cheng: OK. So again, you know, this is a major advantage right alright so other that is over here that you can adapt hardware changes in software.

219
00:30:08.550 --> 00:30:21.570
William Cheng: So, for example, the customers using this virtual machine that IBM to say, Yeah, you know, I'm really happy with the machine, but there's this thing that we do it all the time. Okay, it will be nice if you create one hardware instruction that will do all the stuff you might shot.

220
00:30:22.980 --> 00:30:30.000
William Cheng: Okay so so customer. Usually, they will ask for hardware changes because they would think that if you're doing hardware. It would be much more, you know,

221
00:30:31.350 --> 00:30:40.110
William Cheng: It would be much more efficient. Right. So in the good old days, if you are shipping real horror. What do you have to do. Well, you have to call up your engineer to say, hey, you know, can I have a new machine starts you in two months.

222
00:30:40.350 --> 00:30:49.230
William Cheng: And then you're an engineer will laugh at you. That's how about two years about three years okay because the good old days when they have the mainframe is very, very difficult to edit machine structure.

223
00:30:49.710 --> 00:30:54.810
William Cheng: Okay, but now we are shipping virtual machine, you can actually have it within a couple of weeks.

224
00:30:55.290 --> 00:31:02.220
William Cheng: Okay, so how can you do that, right, because what happened is over here, I can add a virtual machine I you know so. So some of the stuff that

225
00:31:02.670 --> 00:31:07.440
William Cheng: The customer really like what I can do, I can just introduce a new machine structure in the guest operating system.

226
00:31:08.220 --> 00:31:14.820
William Cheng: Okay, so when you execute the instruction instead of guest operating system. What's going to happen. What that instruction doesn't exist. Right. So it's going to be a sort of a

227
00:31:15.570 --> 00:31:25.860
William Cheng: Sort of a valid machine code. So in that case we executed invalid machine goal in a virtual machine, what's gonna happen while you got to tap into VM VM m can emulate that machine structure.

228
00:31:26.940 --> 00:31:34.050
William Cheng: Okay, as it's actually running on real hardware. So in this case you may actually have this instruction that doesn't exist when you come to Vietnam War. There's no you know there's

229
00:31:35.190 --> 00:31:46.470
William Cheng: There's not heavily. It's not as obvious as them. So you will emulate that instruction, all you know all the things that the customer wants to do you implement that inside VMware and then when you're done you returned back into the ordinances and say, done.

230
00:31:47.430 --> 00:31:51.390
William Cheng: Okay, so, so you can so so you can emulate a new machine instruction inside VMware

231
00:31:52.560 --> 00:32:00.750
William Cheng: Okay, so, so your customers say, oh, well, this is done. It's really great. And then pretty soon, this customer to other customers say hey, if you ask IBM. To do this, they will do it for you.

232
00:32:00.960 --> 00:32:13.350
William Cheng: And then when IBM see that this particular instruction become very, very popular, they will call up there engineer to say, now it's a good time to actually implement any real hardware, because now when you run into real. However, it will be 1000 times faster insight, you know,

233
00:32:13.860 --> 00:32:14.880
William Cheng: Compared to emulation.

234
00:32:15.870 --> 00:32:22.950
William Cheng: Okay, so once you see that particular installation is very, very popular, you will advertise to your other customer everybody's are using it and then eventually

235
00:32:23.160 --> 00:32:25.950
William Cheng: You can actually come up with a new machine that will have that instruction.

236
00:32:26.130 --> 00:32:31.650
William Cheng: And now you can actually tell your customer to say, you know, why don't you switch one of these board with a my my new board over here.

237
00:32:31.830 --> 00:32:40.620
William Cheng: And now you will be running in the during the real hardware. We run the real heard this machine structure. Now, it will not trapped into the VM anymore because he will execute on a real CPU.

238
00:32:42.030 --> 00:32:49.050
William Cheng: Or so, again, very little downtime for the customer, you know, you can actually adapt to all these hardware changes inside the virtual machine monitor

239
00:32:50.190 --> 00:32:56.460
William Cheng: Okay, so, IBM, we're actually selling the virtual machine like hotcakes because that's what everybody wants. Yeah. You can also run multiple offerings is

240
00:32:56.640 --> 00:33:01.200
William Cheng: On the same machine, right, one of them, Russ CMS. Right. The other one run on 360

241
00:33:01.410 --> 00:33:09.600
William Cheng: You can also have different you know versions of Office 360. So again, you know, it depends on what kind of application that you want to run, you might want to configure the operating system differently.

242
00:33:09.810 --> 00:33:21.180
William Cheng: The original VM can do that and but now you can mix and match all kinds of IBM different operating systems. Okay. As it turns out that, you know, this is one of the reason a virtual machine is very popular today.

243
00:33:22.320 --> 00:33:30.120
William Cheng: You know, because, because today, you know, inside the cloud, right, what do they have. Right. You know, everybody wants to run different web browser and they want to run it inside their own machine.

244
00:33:30.390 --> 00:33:37.770
William Cheng: So he's not a call, you will see that, you know, like some of the sort of the sort of the the big internet service provider, you can actually bring a machine there.

245
00:33:38.280 --> 00:33:47.490
William Cheng: This as I mean in the good old days, what you need to do is that when you need to run a web server, you will say, Well, I'm going to bring us bring up winning a spring a server machine bring to your internet service.

246
00:33:47.940 --> 00:33:52.680
William Cheng: Providers that. Could you run this, you know, web. Web web server, you know, inside your

247
00:33:53.220 --> 00:33:57.360
William Cheng: Inside your data center or in that case will be fine. And then pretty soon you're

248
00:33:57.690 --> 00:34:07.770
William Cheng: You know, web server become popular and then you need a bigger web server. So what you will do is that you will build a new machine and maybe you know for these machines that are configured in a special way. And then you go to your ISP that they could use

249
00:34:08.040 --> 00:34:13.230
William Cheng: Your can, can I swap out my own machine with these new for machine that's going to be running much better.

250
00:34:13.920 --> 00:34:23.160
William Cheng: Okay, so that was the way that was done previously, but today is very, very different. Right. Because inside the cloud. They have virtual machines. Some of them are running Windows seven that are running

251
00:34:23.340 --> 00:34:29.370
William Cheng: Linux, they all run inside the same hardware right so what maybe one piece of software can run 16 different virtual machine.

252
00:34:29.550 --> 00:34:35.070
William Cheng: So in that case, all you have to do is that you need to call up your internet service providers, they could you turn on one of the CPU for me.

253
00:34:35.280 --> 00:34:42.450
William Cheng: Running the virtual machine running this version of the Windows operating system running that version of the Linux operating system. Give me a shell account. I was Secure Shell

254
00:34:42.870 --> 00:34:48.930
William Cheng: That account. I will configure everything and then it will be done. Okay. So, in that case, I'm only using one slice out of that big machine.

255
00:34:49.650 --> 00:34:59.670
William Cheng: Okay. So in this case, you know, inside the you know that service with either inside the data center, they have less machine to manage because it running all these virtual machines again and also later on when I will my business. Gross.

256
00:35:00.120 --> 00:35:10.290
William Cheng: Okay, I need more than one machine. So what I would do is I would just call out my internet service providers, say, Hey, you know, could you turn on three more CPU for me. And then, you know, sort of configured ordinances and little differently. And then pretty soon.

257
00:35:11.100 --> 00:35:15.090
William Cheng: You'll be running a much, much more powerful, you know, server.

258
00:35:15.810 --> 00:35:23.370
William Cheng: Okay. You can also run you know whatever version of the operating system DIFFERENT VENDOR of the criticism, all these things become very, very, you know, simple to use inside of cloud.

259
00:35:23.730 --> 00:35:28.350
William Cheng: OK. So again, that's the reason you know today, you know, virtual machine is very, very popular.

260
00:35:29.070 --> 00:35:35.070
William Cheng: Now, alright. So, again, the no BS as server consolidation or a move all these machine into one giant machine.

261
00:35:35.490 --> 00:35:41.550
William Cheng: There are many, many virtual machines and also their service isolation, when I need to run in one of the you know the

262
00:35:41.910 --> 00:35:49.290
William Cheng: One inside one of the virtual machines over here that I share with other 15 other companies, I want to make sure that you know so so

263
00:35:50.160 --> 00:35:55.050
William Cheng: You have one machine over here that has 1616 virtual machines. I'm buying only one of them.

264
00:35:55.710 --> 00:36:02.520
William Cheng: Okay, so in that case, since I'm paying one 16th of the entire cost of the machine. I want to make sure I get one 16th of everything.

265
00:36:02.790 --> 00:36:17.760
William Cheng: I want to get one 16th of the CPU. I want to get one 16th of the memory. I want to get one 16th of the days. I won't get one 16th of everything. Okay, so in that case my service provider needs to guarantee to me that I'm getting exactly one 16th up you know there's there's entire machine.

266
00:36:18.780 --> 00:36:23.220
William Cheng: Okay, so in that case, you know, become very, very important for the service provider that provides call service.

267
00:36:23.640 --> 00:36:32.370
William Cheng: Be able to prove to me that they actually achieving this kind of isolation. Okay. Because otherwise, when one of the you know the the the other virtual machine, you know, if they're really, really popular.

268
00:36:32.760 --> 00:36:37.140
William Cheng: They're going to use up all the memory resources, they're gonna use up all the CPU. Well, then in that case, I'll be really upset.

269
00:36:37.980 --> 00:36:47.310
William Cheng: Okay, so later on they need to come up with technology to, you know, I mean, the technology to move all the service together is using virtual machine. They also need to develop technology for service.

270
00:36:47.820 --> 00:36:52.320
William Cheng: Isolation, so this way. Everybody will get their fair share of the resources inside cloud.

271
00:36:52.830 --> 00:37:03.180
William Cheng: Okay, so later on. We're also going to talk about. We talked about scheduling. We're going to talk about a special kind of scheduler that can guarantee that you paid. Exactly. And then later you get exactly what you're paying for. Yeah.

272
00:37:05.010 --> 00:37:13.560
William Cheng: All right. Ah, OK. So, so let's let's sort of dig a little bit more into I was talking about, you know, I returned a special or something like that.

273
00:37:13.920 --> 00:37:21.270
William Cheng: So when we tried to implement virtualization right again. Their CPU virtualization. There's IO virtualization. So first, let's talk about CP virtualization net

274
00:37:21.810 --> 00:37:30.270
William Cheng: Alright, so, so, so again, there are two different kinds of virtualization. One is one is pure virtualization. Right. So I sort of give you an idea how pure virtualization work.

275
00:37:30.930 --> 00:37:33.900
William Cheng: Okay, so you can virtualize the CPU. You can virtualize iOS devices.

276
00:37:34.410 --> 00:37:44.460
William Cheng: You know, even though the sounds too simple. In reality is very, very tedious and it's also very, very costly, right, because for every, you know, memory map I owe you have to emulate that you need to hire a lot of people to emulate that.

277
00:37:44.820 --> 00:37:56.430
William Cheng: But eventually, you know, we see some of the companies that actually were able to do that right so clearly window that's doable. Then the other approach is I mentioned before, it's called para virtualization. Okay. So, in that case, what happened is

278
00:37:57.930 --> 00:38:00.840
William Cheng: Is that we're allowed to modify the operating system called

279
00:38:01.380 --> 00:38:06.810
William Cheng: Okay, so in that case, when you know if we have a machine instructions are going to give us trouble. For example, if we jump on interrupt.

280
00:38:06.990 --> 00:38:15.090
William Cheng: Is going to give us trouble we can replace it by another instruction. But now we're going to end up with the operating system that cannot run on the real hardware and can only run inside a virtual machine.

281
00:38:16.200 --> 00:38:18.300
William Cheng: Okay, so again, that will be another way to go. We're gonna

282
00:38:20.490 --> 00:38:30.810
William Cheng: We're going to customize our guest operating system so they they only run inside a virtual machine right so you can also imagine that will be doable because once you allowed to modify the guess administer them, then you can actually modify anything you want.

283
00:38:31.830 --> 00:38:38.280
William Cheng: Okay, so any part of the guess how ministers and I'll give you trouble you take out the code and you replace with some code that you can actually like you can actually deal with

284
00:38:39.300 --> 00:38:44.940
William Cheng: OK. So again, some company will go through with it with the with the will also with with with that particular approach.

285
00:38:46.320 --> 00:38:52.770
William Cheng: Alright, so, so, so, so let's take a look at first, you know, pure virtualization. Okay, so when you virtualize the CPU.

286
00:38:53.370 --> 00:39:00.060
William Cheng: You know, what do you have to do, right. So, so one thing that you have to do is that you need to multiply x, the real CPU among the virtual machines. Right.

287
00:39:00.150 --> 00:39:11.130
William Cheng: You know who saw the picture over here, we have all these virtual machine over here. Many virtual machine over here, right, we have VM M running at the bottom over here. So the VM M is basically, you know, using one CPU and give it to a different VM.

288
00:39:11.400 --> 00:39:21.540
William Cheng: But we saw that already in a regular operating system, right, because that's what the regular optimism do if you only have one CPU, we multiply the CPU amount multiple processes. So what's the difference

289
00:39:22.080 --> 00:39:27.090
William Cheng: Well, there's really no difference. Right. So over here we can actually view these virtual machine as if they are a process.

290
00:39:27.600 --> 00:39:34.410
William Cheng: Okay, so therefore, in this case juggling multiple virtual machine and juggling multiple processes, there's really not much difference. Right. So this is actually really easy.

291
00:39:35.160 --> 00:39:39.180
William Cheng: Yeah, alright. The second part of years, a little more difficult, right, maybe

292
00:39:39.420 --> 00:39:50.910
William Cheng: It's to make every virtual machine behave like a real machine. So, so again, you know, ever, especially with those privileges instruction inside the guest operating system. We need to be able to tell the difference. What you know which kind of, you know,

293
00:39:51.540 --> 00:40:00.060
William Cheng: You know which kind of privilege and structure, the operating system has handlers for and which one of them obviously isn't does not have a handle of what

294
00:40:00.510 --> 00:40:09.930
William Cheng: If the if the prevailing structure and the offices and does not have handler for it. You know, it doesn't really execute correctly inside the virtual machine that

295
00:40:10.740 --> 00:40:18.600
William Cheng: So, so basically what we need to do is I will actually, we need to, you know, for for particular CPU, we need to analyze and look at every instructions over here and to make sure that

296
00:40:19.020 --> 00:40:31.470
William Cheng: You know, every instruction y'all can either, you know, can, can either be executed directly on the CPU or isn't. It's been called Casa trapped into guess organism or it can be emulated inside the virtual machine correctly.

297
00:40:32.340 --> 00:40:34.920
William Cheng: Okay, if all these things can be done, then we're never in business.

298
00:40:35.760 --> 00:40:43.500
William Cheng: Okay, but what if one of the machine instructions over here that's supposed to cause a transition into the virtual machine monitor. As it turns out, it turns out to be not privileged

299
00:40:44.430 --> 00:40:50.880
William Cheng: Okay, so in that case if you execute that instruction instead of guest appearances them while they, in that case, your virtual machine will actually executing correctly.

300
00:40:51.270 --> 00:40:56.490
William Cheng: Okay, so. So the example that we mentioned before is that if you're if the return for interactive. It's not privilege.

301
00:40:57.240 --> 00:41:04.440
William Cheng: Then we're going to then then it's going to cause trouble. Okay. But again, you sort of think about, you know, five in a row that has to be privileged

302
00:41:05.370 --> 00:41:10.860
William Cheng: Okay, because otherwise, you know, the application program will use it, it's going to mess up you know mess up your operating system so that has really bad.

303
00:41:11.400 --> 00:41:22.350
William Cheng: Okay, so, so, so typically instruction like that they are all privilege. So what kind of instruction that we're talking about that are really supposed to privilege and they're really not in India. They did. They are not privilege.

304
00:41:23.280 --> 00:41:29.910
William Cheng: Okay, it's actually very difficult to come up with an example like that. Okay. But again, you know, as a designer for virtual machine, you need to worry about that.

305
00:41:30.270 --> 00:41:37.650
William Cheng: Okay. So as it turns out, you know, these researcher trying to research in a virtual machine they found out that there are actually three different kinds of instructions.

306
00:41:38.160 --> 00:41:46.530
William Cheng: Okay, there's a regular instruction. You're like ass have tried you know a moot point or something like that. And then there's something called privilege and charging like we mentioned before. So what does the permanent injunction right or

307
00:41:46.800 --> 00:41:54.210
William Cheng: Provision instruction is that is that instruction. If you execute them in the user mode, you will trap into the opportunities there if you execute inside of privilege Mohammed

308
00:41:54.810 --> 00:42:04.260
William Cheng: Nothing happens you execute directly on the directly inside CPU, right, so those are called privilege destruction. There's a new kind of instructions over here cost sensitive instructions.

309
00:42:06.000 --> 00:42:12.600
William Cheng: Alright, alright, so I'm going to sort of talk about it. That's the definition of since then we started as a privilege disruption, we define them already. So again, the status, a

310
00:42:12.810 --> 00:42:17.850
William Cheng: Sensitive in such a if you look at the textbook. They actually gave you a really convoluted definition and

311
00:42:18.090 --> 00:42:24.420
William Cheng: The definition is actually pretty difficult to understand and also is very difficult to actually tell whether a particular instruction insensitive or not.

312
00:42:24.720 --> 00:42:31.200
William Cheng: Okay, so I'm going to not use that definition. I'm going to sort of give you a more operational definition. So it's a little easier to understand that.

313
00:42:31.770 --> 00:42:41.010
William Cheng: Alright, so again, you're not responsible with this definition. Yeah. So it says that I'm instruction right these are the instruction, must, must execute in the privilege mouth.

314
00:42:42.030 --> 00:42:46.440
William Cheng: Okay, so for example the instruction that change the mapping of virtual to real memory.

315
00:42:46.980 --> 00:42:57.750
William Cheng: Okay, so we saw you know i'm going to use Intel as an example because we don't know what IBM instruction look like right so into has an instruction says see our three gets a particular value. Right, so get get access maga right

316
00:42:57.990 --> 00:43:04.170
William Cheng: We saw this example before car three gets X right this x over here is going to be a physical address that.

317
00:43:04.710 --> 00:43:10.440
William Cheng: So this instruction. When you execute is our guest operating system right like we need you saw that co write your rep for car three

318
00:43:10.590 --> 00:43:17.520
William Cheng: You will see that we're going to put some value into the CRC register. So, this one will you execute that. Right. It's a privilege injunction. I'm going to try to eat.

319
00:43:18.060 --> 00:43:22.050
William Cheng: To the VMware and VMware will be able to emulate this particular instruction.

320
00:43:22.680 --> 00:43:34.770
William Cheng: Okay, so. So this guy's, what would the VM. M Do right okay so inside the virtual machine over here. There's a virtual CPU inside the virtual CPU. There's a virtual CRC register the virtual car through register is the one that get the value of x.

321
00:43:36.210 --> 00:43:43.590
William Cheng: Okay, so that's how we emulate it right. Emily that inside the virtual machine over here. There's no handler inside the guest operating system for car three gets x

322
00:43:43.980 --> 00:43:47.310
William Cheng: Right. Why isn't there any handler what because that's supposed to happen is that a real hardware.

323
00:43:48.000 --> 00:43:57.240
William Cheng: Okay, so when you do something like that you expect that in the real hardware and the real hardware will be Intel CPU, you can actually set X over here to the car theory registry inside real hardware.

324
00:43:57.780 --> 00:44:08.400
William Cheng: Okay, are you allowed to do that while you're not allowed to do that, right, because x over here is only meaningful inside your virtual machine, the X over here. As it turns out, it's a fake physical address

325
00:44:08.970 --> 00:44:16.680
William Cheng: Why is it a fake physical address because the guest operating system thing that it's a real physical address. But as it turns out it's inside a virtual machine. Everything is fake.

326
00:44:17.100 --> 00:44:26.580
William Cheng: Even access fake. Okay. So, therefore, if you put x into the real CR three register in the real CPU, then your entire system in our system is gonna go crazy.

327
00:44:27.510 --> 00:44:36.840
William Cheng: Okay. Because over here x might be invalid y and then this case, your, your entire you know your entire system is gonna crash. Okay, not just your virtual machine is going to crash your entire system is gonna crash.

328
00:44:37.620 --> 00:44:43.290
William Cheng: Okay, so therefore we must prevent setting car three to the value of x, what should we say this, there are three value to

329
00:44:43.740 --> 00:44:51.240
William Cheng: When this guy CR three value over here the you know the car three register over here should get the value of something different than X. I'm going to use the value of X Prize

330
00:44:52.230 --> 00:45:06.690
William Cheng: Yeah, what does x prime. Okay, so x prime is something that VM and figure out so so the VM M is gonna say x into the the virtual CIO register and it's going to compete what x prime is and then the real CRC register it will serve different value clients.

331
00:45:07.230 --> 00:45:10.620
William Cheng: Okay and this expression when you put inside a car through register, everything will work.

332
00:45:11.910 --> 00:45:24.090
William Cheng: Okay, if you put in the real X, do you put in the the the the sort of the fake physical address section there, everything's gonna fall apart. So in this case, you know that the VM, it will be able to intercept that and be able to do the right thing for the entire system.

333
00:45:25.980 --> 00:45:36.750
William Cheng: Alright, so, so why is this particular instruction, you know, special right because if this if this instructions see our three guests x if this instruction over here. What if this instruction is not privileged

334
00:45:37.950 --> 00:45:48.120
William Cheng: Okay, if this instruction is not privileged to instead of guess audiences. And when I say see our three guests as the real car three register inside of CPU over here will get the value of x and everything's gonna fall apart.

335
00:45:49.860 --> 00:46:00.000
William Cheng: Okay, so therefore this car three gets a value of x that one is actually a sensitive instruction because it's missing structure is not privilege. Well, then your virtual machine is going to fall apart.

336
00:46:02.160 --> 00:46:05.970
William Cheng: Okay, so, so, so their instruction like that. Right, so I return over here I return over here.

337
00:46:06.240 --> 00:46:16.170
William Cheng: Is I return a sensitive instruction what the answer is yes, because if this instructor is not privileged if you actually do that instead of guess audiences have you actually directly in the CPU whether everything is going to fall apart.

338
00:46:17.220 --> 00:46:26.820
William Cheng: Okay, so, so, so what you have to do is that you have to go through the instruction set of the other particular CPU and try to sort of figure out which one is sensitive, of which one is not sensitive

339
00:46:27.270 --> 00:46:32.910
William Cheng: The one that says there, the better also be privileged because if they're not, then your virtual machine will be broken.

340
00:46:34.290 --> 00:46:34.590
William Cheng: Now,

341
00:46:36.120 --> 00:46:48.240
William Cheng: Alright, so therefore he says, you know, so this this give us another definition of sensitive instruction. It's an instruction that if it's not privilege, it will cause the guest operating system inside the virtual machine to execute incorrectly.

342
00:46:49.440 --> 00:46:53.370
William Cheng: Okay, so therefore, so, so, so this is basically operational definition. Right, so I'll breeze.

343
00:46:53.910 --> 00:47:05.580
William Cheng: To say that what you have to do is that you have to go through the you know the the virtual machine go through every instruction, you know, inside that particular CPU and then pick out which one it says that and make sure that that sensitive instruction is going to be

344
00:47:06.600 --> 00:47:11.490
William Cheng: It's going to be privileged because if it's not then that CPU is not virtualized double

345
00:47:13.410 --> 00:47:24.600
William Cheng: Okay, so what happened is that, you know, in the 70s when Intel starting building their CPU, you know, some researchers to say, hey, you know, IBM was really successful with your virtual machine can we do the same thing for Intel

346
00:47:25.230 --> 00:47:33.390
William Cheng: Okay, so they try and try and try they try to for many, many years. And then if I could not do it. Okay. They don't know why they cannot actually build a virtual machine for Intel

347
00:47:34.260 --> 00:47:42.210
William Cheng: Okay, so therefore, eventually, you know, some of us researcher come up with this idea of, you know, the, you know, sort of dividing the instruction set into sensitive instruction probably instruction.

348
00:47:42.540 --> 00:47:52.170
William Cheng: And then also the regulating structure for every sensitive instruction and they tried to verify this property and then they figure out that for interval for the foot for IBM 316 machine.

349
00:47:52.740 --> 00:48:06.930
William Cheng: The every, you know, every sensitive research is privileged. So therefore, IBM can actually build a virtual machine for Intel some sensitive beings junction or not privileged. So therefore, there's no point building a virtual machine for your, for, for, for, for, for the Intel CPU.

350
00:48:08.010 --> 00:48:08.280
William Cheng: Yeah.

351
00:48:09.720 --> 00:48:12.000
William Cheng: Alright, so as I get the researcher there UCLA.

352
00:48:12.600 --> 00:48:16.800
William Cheng: You know, I guess researcher a pro pack and Goldberg in 1974 they publish a paper.

353
00:48:17.040 --> 00:48:24.270
William Cheng: They mathematically prove that the sufficient condition to be able to construct a virtual machine just like IBM is simply the following

354
00:48:24.510 --> 00:48:35.760
William Cheng: The computer set of sensitive instruction is a subset of the privilege instruction, right, which means that every sensitive instruction has to be a privileged instruction and some privilege instruction or not doesn't have to be sensitive

355
00:48:36.870 --> 00:48:45.600
William Cheng: Okay, so every sensitive instruction is that privilege. So what you will do is it will go to the instruction set, go to every instruction. Find out which one is sensitive and you verify that their privilege.

356
00:48:45.870 --> 00:48:53.520
William Cheng: If the serum hosts. You can build a virtual machine for that CPU. If the system doesn't know, forget it. You will never be able to build a virtual machine for that CPU.

357
00:48:54.360 --> 00:49:07.080
William Cheng: Now, so this about theory holds for IBM 360 the about fear and does not fall for the x86 CPU. So for the next 20 years. Nobody tried to build a virtual machine, you know, for their for their for the Intel CPU.

358
00:49:08.190 --> 00:49:15.630
William Cheng: Never today. We know that you can actually go to virtual machine for for for Intel CPU. Right. Okay, so, so, so who actually overcome this particular problem.

359
00:49:15.930 --> 00:49:25.500
William Cheng: Why not the company's VMware VMware is the actually they are the one that actually figure out how you know how to get around this problem. So how do they actually do that right so we're gonna sort of talk about them. The on the

360
00:49:26.100 --> 00:49:29.790
William Cheng: Next lecture, the basic idea here is that, as it turns out the storm is correct.

361
00:49:31.020 --> 00:49:37.500
William Cheng: Okay, that, you know, if you have instructions that are not that if you have sensitive instruction that are not privileged

362
00:49:37.980 --> 00:49:45.540
William Cheng: You cannot build a virtual machine for us. Okay. But you can cheat. Okay. So as it turns out, VMware is the first company that you figured out how to actually cheat.

363
00:49:45.930 --> 00:49:50.970
William Cheng: Cheat this particular theorem, be able to build a virtual machine, right. So in the end, they are awarded a lot of money for that.

364
00:49:51.270 --> 00:49:56.040
William Cheng: And again, this is well deserved. You know, because you know today virtual machines are actually very, very popular.

365
00:49:56.910 --> 00:50:04.020
William Cheng: Alright, so the sort of briefly take a look at this picture over here. So, so this is what I'd be on 360 right I didn't 360 we didn't build a virtual machine for us.

366
00:50:04.560 --> 00:50:11.010
William Cheng: So they can divide in structure into these three different types of non sensitive instruction right and multiply appointed manipulation.

367
00:50:11.430 --> 00:50:20.700
William Cheng: The air instruction that will cause a trap into the virtual machine monitor and then they are the sensitive instruction. Okay, so remember for IBM all their sensitive instruction are privileged

368
00:50:21.030 --> 00:50:29.700
William Cheng: Okay, so if we look at the real machine over here by the real machine has to most the real user mode and the real privilege mode over here there for the non sensitive instruction.

369
00:50:29.910 --> 00:50:39.810
William Cheng: they execute directly on the CPU without any problem, right. So for the announcers doing such a in the, in the real user mode execute directly on the CPU in the privilege small. They also execute directly on CPU.

370
00:50:40.200 --> 00:50:52.260
William Cheng: Okay, what about the air instructions over here, right, if you have an error instruction in the user mode you trapped into the kernel. If you have airing structure inside the Colonel. Why, but you also trapped inside the Colonel, because they are handler for them inside the Colonel.

371
00:50:53.550 --> 00:51:03.630
William Cheng: Okay, so, so, so, so remember for Linux and the winnings operating says that if you get a colonel a page fault. Well, in that case it will end up with the kernel panic and that doesn't really work.

372
00:51:03.870 --> 00:51:13.260
William Cheng: As it turns out, for for operating system like the Windows operating system and for the for the IBM organism. It's actually perfectly fine to get a page for inside the Colonel.

373
00:51:14.310 --> 00:51:23.820
William Cheng: Okay. So I think when we talk about windows were mentioned I write windows, they have a different design philosophy. They want to give all the memory to the application program. So even though you know even inside the Colonel.

374
00:51:24.000 --> 00:51:35.040
William Cheng: You can get a peaceful and you can get rid of kernel memory and give it to the application. Okay, so for operating system IBM operating system and the Windows operating system is perfectly okay when you execute and

375
00:51:37.050 --> 00:51:44.190
William Cheng: What we actually an instruction inside of Colonel if it turns out it costs default, it will actually tap into the operating system itself. And there's a handler for

376
00:51:45.000 --> 00:51:50.340
William Cheng: Okay. So in this case, both of them will try to the colonel and the window handler and the return back to wherever you work before

377
00:51:50.910 --> 00:51:53.010
William Cheng: Yeah, but what about for the sensitivity structure.

378
00:51:53.220 --> 00:52:05.310
William Cheng: Right, so the sense that I've been searching for IBM. So again, these are privileged instruction. So in this case, they were trapped inside the colonel colonel will handle that. Right. The kernel has handler for these instructions. If it comes from the user mode.

379
00:52:05.730 --> 00:52:11.490
William Cheng: Okay, but if these instructions execute inside the privilege mall what since there are privileged to execute directly on the CPU.

380
00:52:12.780 --> 00:52:21.660
William Cheng: Okay, so you can actually see that they are the three different categories of instruction right they do the same thing over here, you know, for the nuances of instruction for the Aaron instruction.

381
00:52:21.960 --> 00:52:26.850
William Cheng: But for the sentence structure. There are different action in the user mode versus in the privilege mode.

382
00:52:28.020 --> 00:52:36.030
William Cheng: Okay, so you're sort of trying to point out that there's actually something very, very different about the sensitive instruction that were never discovered before until you know sort of

383
00:52:37.770 --> 00:52:41.520
William Cheng: Until I guess pack and the Goldberg wrote a paper and then, you know,

384
00:52:43.020 --> 00:52:44.820
William Cheng: Wrote the proof about that that particular property.

385
00:52:46.260 --> 00:52:53.910
William Cheng: All right, what about you saw the virtual machine or via right inside virtual machine. Everything is inside the user mode for the real machine, right. So again, remember for regular instructions over here.

386
00:52:54.450 --> 00:53:03.990
William Cheng: You know, they all execute directly on the real CPU. So they execute fine for any kind of error instruction over here. They were both trapped into the into the VMware and in this case the VM M.

387
00:53:04.320 --> 00:53:09.630
William Cheng: Will actually their truck handling instead of guest appearances and so they would deliver to the guest operating system.

388
00:53:09.930 --> 00:53:21.480
William Cheng: Okay, so in this case either, you know, in the virtual user Mo, or in the virtual privilege mo. If you execute these AI page phone and stuff like that will end up transferring control into the guest user and the guest operating system will do that.

389
00:53:22.020 --> 00:53:29.190
William Cheng: Then what about for sensitive instruction. Right. So again, if you execute them in the virtual user Mo, you will trap into the virtual machine monitor

390
00:53:29.340 --> 00:53:37.770
William Cheng: And they are handler inside of guess ordinances. And so in this case the virtual machine monitor would deliver these traps to the guest appearances there so they can handle it. Instead of gets up and he says,

391
00:53:38.250 --> 00:53:43.140
William Cheng: Yeah. But if you actually do the sensitive instruction in the guests up in your in the virtual privilege more

392
00:53:43.320 --> 00:53:52.050
William Cheng: For the guests are witnesses them why. In that case, there's no handler for them instead of guest appearances them the virtual machine monitor has to implement has to emulate or that instruction.

393
00:53:53.010 --> 00:53:59.310
William Cheng: Okay, so you can actually see again, there are three different has an instruction for the nonsense that makes structure and they are dealt with them are exactly the same manner.

394
00:53:59.460 --> 00:54:07.170
William Cheng: For the Aaron instruction. They're dealt with exactly the same manner, but for the sensitive instruction. Again, they are treated differently, you know, inside your virtual machine.

395
00:54:08.460 --> 00:54:20.550
William Cheng: Alright, so again, hopefully this demonstrate that there are actually three different kinds of instruction videos, not just two kinds, different kinds of instruction. Okay. Alright, so this is a good breaking point. So next up we're going to see Intel that