Linux HowTo: KVM - Kernel Based Virtualization Primer

KVM on Linux - Some Useful Concepts & Notes
===

-history-  2003    -64 Bit processors for x86 introduced.
    -this eliminated the physical address space limitation of these chips.
    -this led to more powerful x86 servers that could hold lot more memory.

-concepts-
    -virtualization works on the concept of ring-levels.
    -there are 4 privileged ring levels - 0 to 3.
    -ring 0    -most privileged level with full access to h/w, usually the os kernel.
    -ring 1&2 have historically not been used in modern commercial os.
    -ring 3    -the top layer, ie the application.
    -in virtual envs, an hypervisor runs at the most privileged level 0.
    -trick of vm - fool the os to run on a higher ring level but retain funcionality
-early hypervisors like Bochs emulated x86 cpu fully in s/w - this meant poor performance.
-newer hypervisors, pioneered by vmware, called binary transalation.
    -in binary translation,hypervisor intercepts os calls and translates them in memory.
    -the guest os is unaware that it is running on a hypervisor.
    -this approach is more complex but performs better.
-paravirtualization-
    -this was pioneered by opensource Xen project.
    -it is different from both cpu-emulation and binary translation.
    -in this the guest os is modified and all privileged calls are replaced with direct calls to the hypervisor.
    -the guest os knows that it is running on a hypervisor.
    -this removes the need to emulate h/w devices like disk controllers or n/w cards.
    -this requires changes in the host os kernel.
    -this was incorporated in linux kernel 2.6.23.
    -in this host os runs in ring 0, guest os runs in ring 1, user apps run in ring 3.
-hardware assisted virtualization-
-2005    -Intel & AMD both developed extensions of x86 arch that could be used by hypervisor vendors to simplify cpu virtualization (multi core?)

-kvm    -builds on the latest generation of open source virtualization.
    -a loadable kernel module that converts the linux kernel into bare metal hypervisor
    -kvm is implemented as a regular linux process managed by host linux kernel.
    -each virtual cpu appears as a regular linux proc.
    -device emulation is handled by qemu that provides emulated bios, pci bus, usb, nic etc.
    -since kvm is a linux proc, it leverages linux security like selinux & sVirt.
    -sVirt project builds on selinux, esp for vm.
    -note that the hypervisor security in vm can lead to cracks. kvm prevents it.
    -a vm is only as secure as its hypervisor.

    -any h/w device supported by linux can be used by kvm.
    -linux enjoys the largest h/w base, lots of drivers, storage etc.
    -kvm supports live migrations of vm with zero downtime for apps.
    -kvm supports a variety of guest os - linux, win, bsd, solaris, dos etc.