Virtual machines are used in an increasingly varied set of application scenarios that favor different trade-offs. The virtual machine (VM) is an attractive solution, since it enables the use of the same operating systems across the scenarios, while permitting substitution of different hypervisors appropriate for the trade-offs. One of these scenarios is server consolidation, where a number of machines are replaced by VMs running on a single physical machine, increasing resource utilization. Another attractive scenario is the use of a VM to add features to an OS that contradict the design of the OS, such as enabling secure computing platforms with strictly controlled information flow. These two scenarios have dramatically different performance versus security trade offs, easily addressed by using different hypervisors.

A virtual machine readily adapts to the different scenarios, because it maps the low-level API to which the operating systems are written to the APIs of the particular hypervisors. The traditional virtualization approach performs this API mapping at runtime, via faithful emulation of the platform API. The demand for improved performance, which results from the renewed interest in virtual machines, has increased the popularity of an alternative approach, para-virtualization. Para-virtualization applies manual modifications to the guest operating system, porting the OS to the (higher-level) API of the hypervisor. The OS is no longer compatible with the platform API, which among others implies that it is no longer able to execute on other hypervisors.

The desired properties of virtualization, high performance, unchanged platform API, and minimal engineering cost, are not achieved with either pure or para-virtualization. We thus introduce pre-virtualization as a means to achieve these desired properties with a single technology.

Pre-virtualization uses compile-time tools to annotate the guest kernel, and to pad virtualization-sensitive instructions with no-ops. This produces a binary that still obeys the low-level platform API, but which is efficiently emulated at runtime. Using the annotations, the VM rewrites the virtualization-sensitive instructions at load-time, by substituting emulation code that coordinates with an unprivileged virtual machine monitor located within the protection domain of the guest OS. The result is a system that achieves high performance and at low engineering cost, and runs on raw hardware and a variety of hypervisors via compliance to the platform API. Using the annotations, it is possible to migrate the guest OS between incompatible hypervisors at runtime by again rewriting the instructions. The automated process helps avoid trustworthiness issues introduced by the manual modifications of para-virtualization. Pre-virtualization also promotes guest diversity, by enabling quick virtualization of the guest OS.

We have achieved good progress in pre-virtualization, applying it to x86 Linux 2.6 as the guest OS, using several hypervisors: the L4Ka::Pistachio microkernel, Xen 2.0, and Linux itself. We have also applied pre-virtualization to Linux 2.6 on Itanium. The performance rivals para-virtualization in the benchmarks that we've so far conducted.

© Copyright 2005 by ACM, Inc.