Hypervisor

Source: Wikipedia, the free encyclopedia.

A hypervisor, also known as a virtual machine monitor (VMM) or virtualizer, is a type of computer

user space, such as different Linux distributions
with the same kernel.

The term hypervisor is a variant of supervisor, a traditional term for the kernel of an operating system: the hypervisor is the supervisor of the supervisors,[2] with hyper- used as a stronger variant of super-.[a] The term dates to circa 1970;[3] IBM coined it for the 360/65[4] and later used it for the DIAG handler of CP-67. In the earlier CP/CMS (1967) system, the term Control Program was used instead.

Classification

Type-1 and type-2 hypervisors

In his 1973 thesis, "Architectural Principles for Virtual Computer Systems," Robert P. Goldberg classified two types of hypervisor:[1]

Type-1, native or bare-metal hypervisors
These hypervisors run directly on the host's hardware to control the hardware and to manage guest operating systems. For this reason, they are sometimes called
operating systems
.
Type-2 or hosted hypervisors
These hypervisors run on a conventional operating system (OS) just as other computer programs do. A virtual machine monitor runs as a
process on the host, such as VirtualBox
. Type-2 hypervisors abstract guest operating systems from the host operating system, effectively creating an isolated system that can be interacted with by the host.

The distinction between these two types is not always clear. For instance,

kernel modules[6] that effectively convert the host operating system to a type-1 hypervisor.[7]

Mainframe origins

The first hypervisors providing

dynamic address translation, a feature that enabled virtualization. Prior to this time, computer hardware had only been virtualized to the extent to allow multiple user applications to run concurrently, such as in CTSS and IBM M44/44X. With CP-40, the hardware's supervisor state was virtualized as well, allowing multiple operating systems to run concurrently in separate virtual machine
contexts.

Programmers soon implemented CP-40 (as

TSS/360, did not employ full virtualization.) Both CP-40 and CP-67 began production use in 1967. CP/CMS
was available to IBM customers from 1968 to early 1970s, in source code form without support.

beta or experimental versions of operating systems‍—‌or even of new hardware[8]
‍—‌to be deployed and debugged, without jeopardizing the stable main production system, and without requiring costly additional development systems.

IBM announced its

open source projects. However, in a series of disputed and bitter battles[citation needed], time-sharing lost out to batch processing through IBM political infighting, and VM remained IBM's "other" mainframe operating system for decades, losing to MVS. It enjoyed a resurgence of popularity and support from 2000 as the z/VM product, for example as the platform for Linux on IBM Z
.

As mentioned above, the VM control program includes a hypervisor-call handler that intercepts DIAG ("Diagnose", opcode x'83') instructions used within a virtual machine. This provides fast-path non-virtualized execution of file-system access and other operations (DIAG is a model-dependent privileged instruction, not used in normal programming, and thus is not virtualized. It is therefore available for use as a signal to the "host" operating system). When first implemented in

System/360 Supervisor Call instruction
(SVC), but that did not require altering or extending the system's virtualization of SVC.

In 1985 IBM introduced the

logical partitions
(LPAR).

Operating system support

Several factors led to a resurgence around 2005 in the use of

virtualization technology among Unix, Linux, and other Unix-like operating systems:[9]

Major Unix vendors, including

pSeries servers, HP Superdome series machines, and Sun/Oracle
T-series CoolThreads servers.

Although

Logical Domains hypervisor, as of late 2006, Linux (Ubuntu and Gentoo), and FreeBSD have been ported to run on top of the hypervisor (and can all run simultaneously on the same processor, as fully virtualized independent guest OSes). Wind River "Carrier Grade Linux" also runs on Sun's Hypervisor.[10] Full virtualization on SPARC processors proved straightforward: since its inception in the mid-1980s Sun deliberately kept the SPARC architecture clean of artifacts that would have impeded virtualization. (Compare with virtualization on x86 processors below.)[11]

HPE provides

nPar technology, the former offering shared resource partitioning and the latter offering complete I/O and processing isolation. The flexibility of virtual server environment (VSE) has given way to its use more frequently in newer deployments.[citation needed
]

IBM provides virtualization partition technology known as

AIX, Linux, IBM i), the Power processors (POWER4
onwards) have designed virtualization capabilities where a hardware address-offset is evaluated with the OS address-offset to arrive at the physical memory address. Input/Output (I/O) adapters can be exclusively "owned" by LPARs or shared by LPARs through an appliance partition known as the Virtual I/O Server (VIOS). The Power Hypervisor provides for high levels of reliability, availability and serviceability (RAS) by facilitating hot add/replace of many parts (model dependent: processors, memory, I/O adapters, blowers, power units, disks, system controllers, etc.)

Similar trends have occurred with x86/x86-64 server platforms, where

open-source projects such as Xen
have led virtualization efforts. These include hypervisors built on Linux and Solaris kernels as well as custom kernels. Since these technologies span from large systems down to desktops, they are described in the next section.

x86 systems

Main article: x86 virtualization

AMD-V
(code-named Pacifica).

An alternative approach requires modifying the guest operating system to make a

Mach and L4
, are flexible enough to allow paravirtualization of guest operating systems.

Embedded systems

ARM and PowerPC as widely deployed architectures on medium- to high-end embedded systems.[13]

As manufacturers of embedded systems usually have the source code to their operating systems, they have less need for full virtualization in this space. Instead, the performance advantages of

ARM Cortex-A15 MPCore
and ARMv8 EL2.

Other differences between virtualization in server/desktop and embedded environments include requirements for efficient sharing of resources across virtual machines, high-bandwidth, low-latency inter-VM communication, a global view of scheduling and power management, and fine-grained control of information flows.[14]

Security implications

Main article: Hyperjacking

The use of hypervisor technology by malware and rootkits installing themselves as a hypervisor below the operating system, known as hyperjacking, can make them more difficult to detect because the malware could intercept any operations of the operating system (such as someone entering a password) without the anti-malware software necessarily detecting it (since the malware runs below the entire operating system). Implementation of the concept has allegedly occurred in the SubVirt laboratory rootkit (developed jointly by Microsoft and University of Michigan researchers[15]) as well as in the Blue Pill malware package. However, such assertions have been disputed by others who claim that it would be possible to detect the presence of a hypervisor-based rootkit.[16]

In 2009, researchers from Microsoft and North Carolina State University demonstrated a hypervisor-layer anti-rootkit called Hooksafe that can provide generic protection against kernel-mode rootkits.[17]

Notes

  1. ^ super- is from Latin, meaning "above", while hyper- is from the cognate term in Ancient Greek (ὑπέρ-), also meaning above or over.

See also

References

  1. ^ a b Goldberg, Robert P. (1973). Architectural Principles for Virtual Computer Systems (PDF) (Technical report). Harvard University. ESD-TR-73-105.
  2. ^ Bernard Golden (2011). Virtualization For Dummies. p. 54.
  3. ^ "How did the term "hypervisor" come into use?".
  4. doi:10.1109/AFIPS.1971.58
    . Retrieved June 12, 2022.
  5. ^ Meier, Shannon (2008). "IBM Systems Virtualization: Servers, Storage, and Software" (PDF). pp. 2, 15, 20. Retrieved December 22, 2015.
  6. ^ Dexter, Michael. "Hands-on bhyve". CallForTesting.org. Retrieved September 24, 2013.
  7. hdl:20.500.12876/26405
    . Retrieved October 16, 2022.
  8. System/370
  9. ^ Loftus, Jack (December 19, 2005). "Xen virtualization quickly becoming open source 'killer app'". TechTarget. Retrieved October 26, 2015.
  10. ^ "Wind River To Support Sun's Breakthrough UltraSPARC T1 Multithreaded Next-Generation Processor". Wind River Newsroom (Press release). Alameda, California. November 1, 2006. Archived from the original on November 10, 2006. Retrieved October 26, 2015.
  11. ^ Fritsch, Lothar; Husseiki, Rani; Alkassar, Ammar. Complementary and Alternative Technologies to Trusted Computing (TC-Erg./-A.), Part 1, A study on behalf of the German Federal Office for Information Security (BSI) (PDF) (Report). Archived from the original (PDF) on June 7, 2020. Retrieved February 28, 2011.
  12. ^ "Introduction to Bochs". bochs.sourceforge.io. Retrieved April 17, 2023.
  13. ^ Strobl, Marius (2013). Virtualization for Reliable Embedded Systems. Munich: GRIN Publishing GmbH. pp. 5–6.
    ISBN 978-3-656-49071-5
    . Retrieved March 7, 2015.
  14. ^ Gernot Heiser (April 2008). "The role of virtualization in embedded systems". Proc. 1st Workshop on Isolation and Integration in Embedded Systems (IIES'08). pp. 11–16. Archived from the original on March 21, 2012. Retrieved April 8, 2009.
  15. ^ "SubVirt: Implementing malware with virtual machines" (PDF). University of Michigan, Microsoft. April 3, 2006. Retrieved September 15, 2008.
  16. ^ "Debunking Blue Pill myth". Virtualization.info. August 11, 2006. Archived from the original on February 14, 2010. Retrieved December 10, 2010.
  17. S2CID 3006492
    . Retrieved November 11, 2009.

External links

Wikimedia Commons has media related to Hypervisor.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Hypervisor&oldid=1218948761"