Ukuqonda kwami kwamanje:
1) KVM
I-KVM (I-Kernel-based Virtual Machine) iyi-hypervisor (VMM - Isiphathi Somshini Obonakalayo) esebenza njengemojula ku-Linux OS. I-hypervisor iyadingeka ukuze usebenzise isofthiwe endaweni engekho (ebonakalayo) futhi ngesikhathi esifanayo ufihle kule softhiwe i-hardware yangempela esebenza kuyo le software. I-hypervisor isebenza “njenge-spacer” phakathi kwe-hardware ebonakalayo (umsingathi) kanye ne-virtual OS (isivakashi).
Njengoba i-KVM iyimojuli evamile ye-Linux kernel, ithola zonke izinto ezidingekayo ezivela ku-kernel (ukuphathwa kwememori, ukuhlela, njll.). Futhi ngokufanelekile, ekugcineni, zonke lezi zinzuzo ziya ezivakashini (njengoba izihambeli zisebenza ku-hypervisor esebenza/ku-Linux OS kernel).
I-KVM ishesha kakhulu, kodwa ngokwayo akwanele ukusebenzisa i-OS ebonakalayo, ngoba... Lokhu kudinga ukulingiswa kwe-I/O. Ku-I/O (CPU, amadiski, inethiwekhi, ividiyo, i-PCI, i-USB, izimbobo ze-serial, njll.) I-KVM isebenzisa i-QEMU.
2) QEMU
I-QEMU (Quick Emulator) iyisifanisi samadivayisi ahlukahlukene esikuvumela ukuthi usebenzise amasistimu okusebenza aklanyelwe isakhiwo esisodwa kwenye (isibonelo, i-ARM -> x86). Ngokungeziwe kumprosesa, i-QEMU ilingisa amadivaysi ahlukahlukene e-peripheral: amakhadi enethiwekhi, i-HDD, amakhadi evidiyo, i-PCI, i-USB, njll.
Isebenza kanje:
Iziyalezo/ikhodi kanambambili (ngokwesibonelo, i-ARM) iguqulelwa kukhodi emaphakathi ezimele yesikhulumi kusetshenziswa isiguquli se-TCG (Ikhodi Encanyana Yekhodi) bese le khodi kanambambili ezimele iguqulelwa kumiyalo/ikhodi eqondiwe (ngokwesibonelo, x86).
I-ARM –> intermediate_code –> x86
Empeleni, ungasebenzisa imishini ebonakalayo ku-QEMU kunoma yimuphi umsingathi, ngisho namamodeli amadala aphrosesa angasekeli i-Intel VT-x (Intel Virtualization Technology) / AMD SVM (AMD Secure Virtual Machine). Kodwa-ke, kulokhu, izosebenza kancane kakhulu, ngenxa yokuthi ikhodi kanambambili esebenzayo idinga ukuphinda ihlanganiswe kabili, kusetshenziswa i-TCG (TCG iyi-Just-in-Time compiler).
Labo. I-QEMU ngokwayo ipholile kakhulu, kodwa isebenza kancane kakhulu.
3) Izindandatho zokuvikela
Ikhodi kanambambili yohlelo kumaphrosesa isebenza ngesizathu esithile, kodwa itholakala emazingeni ahlukene (izindandatho / izindandatho zokuvikela) ezinamazinga ahlukene okufinyelela idatha, kusukela kwabanenhlanhla kakhulu (Indandatho engu-0), kuya kwelinganiselwe kakhulu, elawulwayo futhi “namantongomane aqinisiwe. ” (Indandatho yesi-3).
Uhlelo lokusebenza (i-OS kernel) lusebenza ku-Ring 0 (i-kernel mode) futhi lungenza noma yini eliyifunayo nganoma iyiphi idatha namadivayisi. Izinhlelo zokusebenza zabasebenzisi zisebenza ezingeni le-Ring 3 (imodi yomsebenzisi) futhi azivunyelwe ukwenza noma yini eziyifunayo, kodwa kunalokho kufanele zicele ukufinyelela isikhathi ngasinye ukuze zenze umsebenzi othile (ngaleyo ndlela, izinhlelo zokusebenza zabasebenzisi zikwazi ukufinyelela idatha yazo kuphela futhi azikwazi “ukuthola ungene” ku-sandbox yomunye umuntu). Iringi 1 no-2 zenzelwe ukusetshenziswa abashayeli.
Ngaphambi kokusungulwa kwe-Intel VT-x / AMD SVM, ama-hypervisors agijima ku-Ring 0, futhi izivakashi zagijima ku-Ring 1. Njengoba i-Ring 1 ingenawo amalungelo anele okusebenza okuvamile kwe-OS, ngocingo ngalunye oluyilungelo oluvela ohlelweni lwezivakashi, I-hypervisor bekufanele iguqule le kholi endizeni futhi iyenze ku-Ring 0 (njengoba i-QEMU yenza). Labo. isivakashi kanambambili CHA yabulawa ngokuqondile kuphrosesa, futhi isikhathi ngasinye sadlula ekulungisweni okuningana okuphakathi kundiza.
I-overhead yayibalulekile futhi lokhu kwakuyinkinga enkulu, abakhiqizi beprosesa, ngaphandle komunye nomunye, bakhipha isethi yemiyalo enwetshiwe (Intel VT-x / AMD SVM) evumela ukukhipha ikhodi ye-OS yesivakashi. NGQO kumprosesa womsingathi (ngokweqa noma yiziphi izinyathelo eziphakathi nendawo ezibizayo, njengoba kwakunjalo ngaphambili).
Ngokufika kwe-Intel VT-x/AMD SVM, kwasungulwa ileveli entsha yeRing -1 (minus one). Futhi manje i-hypervisor isebenza kuyo, futhi izivakashi zigijima ku-Ring 0 futhi zithole ukufinyelela okukhethekile ku-CPU.
Labo. ekugcineni:
- umsingathi ugijima ku-Ring 0
- izivakashi zisebenza ku-Ring 0
- I-hypervisor isebenza ku-Ring -1
4) QEMU-KVM
I-KVM inikeza izihambeli ukufinyelela ku-Ring 0 futhi isebenzisa i-QEMU ukuze ilingise i-I/O (iphrosesa, amadiski, inethiwekhi, ividiyo, i-PCI, i-USB, izimbobo ze-serial, njll. izivakashi “eziyibonayo” futhi zisebenze ngayo).
Ngakho-ke i-QEMU-KVM (noma i-KVM-QEMU) :)
CREDITS
PS Umbhalo walesi sihloko ushicilelwe ekuqaleni esiteshini seTelegram njengempendulo yombuzo ovela komunye wabahlanganyeli besiteshi.
Bhala emazwaneni lapho ngingasiqondi kahle isihloko noma uma kukhona engingakwengeza.
Siyabonga!
Source: www.habr.com