Fahimta na yanzu:
1) KVM
KVM (Kernel Virtual Machine) mai haɓakawa ne (VMM - Manajan Injin Virtual) wanda ke gudana azaman tsari akan Linux OS. Ana buƙatar hypervisor don gudanar da wasu software a cikin yanayin da ba shi da shi (virtual) kuma a lokaci guda ɓoye daga wannan software ainihin kayan aikin jiki wanda wannan software ke aiki da shi. Mai hypervisor yana aiki azaman “spacer” tsakanin kayan aikin jiki (mai masaukin baki) da kuma OS mai kama-da-wane (baƙo).
Tunda KVM daidaitaccen tsari ne na kernel na Linux, yana karɓar duk abubuwan da ake buƙata daga kernel ( sarrafa ƙwaƙwalwar ajiya, mai tsara tsarawa, da sauransu). Kuma bisa ga haka, a ƙarshe, duk waɗannan fa'idodin suna zuwa ga baƙi (tunda baƙi suna aiki akan hypervisor wanda ke gudana akan / a cikin Linux OS kernel).
KVM yana da sauri sosai, amma da kanta bai isa ya tafiyar da OS mai kama-da-wane ba, saboda ... Wannan yana buƙatar koyi da I/O. Don I/O (CPU, disks, network, video, PCI, USB, serial ports, da dai sauransu) KVM yana amfani da QEMU.
2) QEMU
QEMU (Quick Emulator) shine mai kwaikwayon na'urori daban-daban waɗanda ke ba ku damar gudanar da tsarin aiki da aka tsara don gine-gine ɗaya akan wani (misali, ARM -> x86). Baya ga na'ura mai sarrafawa, QEMU tana kwaikwayon na'urori daban-daban: katunan cibiyar sadarwa, HDD, katunan bidiyo, PCI, USB, da sauransu.
Yana aiki kamar haka:
Umurnai/lambar binary (misali, ARM) ana canza su zuwa tsaka-tsaki mai zaman kanta na dandamali ta amfani da mai canza TCG (Tiny Code Generator) sannan kuma wannan lambar binary mai zaman kanta ta jujjuya zuwa umarni/ladi (misali, x86).
ARM -> matsakaici_code -> x86
Mahimmanci, zaku iya tafiyar da injunan kama-da-wane akan QEMU akan kowane mai masaukin baki, har ma da tsofaffin samfuran sarrafawa waɗanda basa goyan bayan Intel VT-x (Fasahar Virtualization Technology) / AMD SVM (AMD Secure Virtual Machine). Duk da haka, a wannan yanayin, zai yi aiki a hankali, saboda gaskiyar cewa lambar binary code yana buƙatar sake haɗawa a kan tashi sau biyu, ta amfani da TCG (TCG is a Just-in-Time compiler).
Wadancan. QEMU kanta mega sanyi ne, amma yana aiki a hankali.
3) Zoben kariya
Lambar shirin binary akan na'urori masu sarrafawa yana aiki saboda dalili, amma yana samuwa a matakai daban-daban ( zobe / zoben kariya) tare da matakan samun damar bayanai daban-daban, daga mafi yawan gata (Ring 0), zuwa mafi ƙayyadaddun ƙayyadaddun tsari, da kuma "tare da ƙwanƙwasa goro. ” (Zobe na 3).
Tsarin aiki (OS kernel) yana aiki akan Ring 0 (yanayin kernel) kuma yana iya yin duk abin da yake so da kowane bayanai da na'urori. Aikace-aikacen mai amfani suna aiki a matakin Ring 3 (yanayin mai amfani) kuma ba a ba su damar yin duk abin da suke so, amma a maimakon haka dole ne su nemi damar kowane lokaci don aiwatar da wani aiki na musamman (don haka, aikace-aikacen masu amfani kawai suna da damar yin amfani da bayanan nasu kawai kuma ba za su iya “samu ba. cikin” akwatin sandbox na wani). Zobe 1 da 2 an yi niyya don amfani da direbobi.
Kafin ƙirƙira na Intel VT-x / AMD SVM, hypervisors gudu a kan Ring 0, da kuma baƙi gudu a kan Ring 1. Tun da Ring 1 ba shi da isasshen hakkoki ga al'ada aiki na OS, tare da kowane gata kira daga baƙo tsarin, da. hypervisor dole ne ya canza wannan kiran akan tashi da aiwatar da shi akan Ring 0 (kamar yadda QEMU ke yi). Wadancan. binary bako NOT An kashe shi kai tsaye a kan na'ura mai sarrafawa, kuma kowane lokaci ya shiga gyare-gyare da yawa na matsakaici akan tashi.
Babban abin da ya wuce yana da mahimmanci kuma wannan babbar matsala ce, sannan masana'antun sarrafawa, ba tare da juna ba, sun fitar da wani tsari mai tsayi (Intel VT-x / AMD SVM) wanda ya ba da izinin aiwatar da lambar OS ta baƙi. KAI TSAYE a kan mai sarrafa mai watsa shiri (ketare kowane matakan tsaka-tsaki masu tsada, kamar yadda aka yi a baya).
Tare da zuwan Intel VT-x / AMD SVM, an ƙirƙiri wani sabon matakin Ring na musamman -1 (raguwa ɗaya). Kuma yanzu hypervisor yana gudana akan shi, kuma baƙi suna gudu akan Ring 0 kuma suna samun dama ga CPU.
Wadancan. ƙarshe:
- Mai watsa shiri yana gudana akan Ring 0
- Baƙi suna aiki akan Ring 0
- hypervisor yana gudana akan Ring -1
4) QEMU-KVM
KVM yana ba baƙi damar zuwa Ring 0 kuma yana amfani da QEMU don yin koyi da I/O (mai sarrafa, diski, cibiyar sadarwa, bidiyo, PCI, USB, tashar jiragen ruwa, da dai sauransu waɗanda baƙi "gani" kuma suyi aiki tare).
Saboda haka QEMU-KVM (ko KVM-QEMU):)
credits
PS An fara buga rubutun wannan labarin a cikin tashar Telegram a matsayin amsar tambaya daga ɗaya daga cikin mahalarta tashar.
Rubuta a cikin sharhin inda ban fahimci batun daidai ba ko kuma idan akwai wani abu don ƙarawa.
Na gode!
source: www.habr.com