1. Field of the Invention
Embodiments of the present invention pertain to monitoring data structures inside a virtual machine.
2. Related Art
Embodiments of this invention can be implemented in a wide variety of virtualized computer systems. Many such virtualized computer systems are described in the prior art. In particular, though not exclusively, embodiments of this invention can be implemented in virtualized computer systems that have been described in prior patents and applications originally assigned to VMware, Inc. (“VMware”), the original assignee of this patent, along with other published documents from VMware. Thus, for example, embodiments of this invention may be implemented in “hosted” virtualized computer systems and in “non-hosted” or “kernel-based” virtualized computer systems, as those terms are used in prior patents and applications originally assigned to VMware. Embodiments of this invention may also be implemented in virtualized computer systems having varying “degrees of virtualization,” including “para-virtualized” computer systems, as those terms are used in prior patents and applications originally assigned to VMware. Embodiments of the invention may also be implemented in computer systems having a wide variety of physical hardware platforms and configurations, as well as a wide variety of system software platforms and configurations.
FIG. 1 shows one possible arrangement of computer system 700 that implements virtualization. A virtual machine (VM) or “guest” 200 is installed on a “host platform,” or simply “host,” which includes system hardware, that is, hardware platform 100 of computer system 700, and one or more layers or co-resident components comprising system-level software, such as an operating system or similar kernel, or a virtual machine monitor or hypervisor, or some combination of these. The system hardware typically includes one or more processors 110, memory 130, some form of mass storage 140, and various other devices 170. Additionally, an operating system, such as Console Operating System 420, and hosted application(s) 430 are shown with an optional coupling to system hardware 100.
Each VM 200 will typically have both virtual system hardware 201 and guest system software 202. The virtual system hardware typically includes at least one virtual CPU 210, virtual memory 230, at least one virtual disk 240, and one or more virtual devices 270. Note that a disk—virtual or physical—is also a “device,” but is usually considered separately because of the important role of the disk. All of the virtual hardware components of VM 200 may be implemented in software using known techniques to emulate the corresponding physical components. Guest system software 202 includes guest operating system (OS) 220 and drivers 224 as needed for various virtual devices 270. One or more guest applications 260 may run on the guest OS 220 in the VM 200.
Some interface is generally required between the guest software within VM 200 and the various hardware components and devices in underlying hardware platform 100. This interface—which may be referred to generally as “virtualization software”—may include one or more software components and/or layers, possibly including one or more of the software components known in the field of virtual machine technology as “virtual machine monitors” (VMMs) 300, . . . , 300-n, “hypervisors,” or virtualization “kernels” 600. The interface between the guest software and the hardware platform may alternatively be referred to as “virtualization logic” to include the possibility that some virtualization functionality may be implemented in hardware or firmware. The description below is generally made in terms of “virtualization software,” however, except as specifically noted below, the invention may also be implemented in systems in which some virtualization functionality is implemented in hardware and/or firmware.
Virtual Addressing
A traditional method used in computer resource management is virtual memory allocation. Essentially, the use of virtual memory allows an operating system to allocate memory to every program or process running on top of the operating system, so as to simplify memory management within programs. Often, the operating system can allocate more virtual memory than the system has real memory, as it is unlikely that every process or application will be running simultaneously; as such, not all virtual memory will need to be backed by physical memory. To “stretch” the available physical memory in this way, swapping is used to move inactive pages of memory to other storage devices, e.g., a hard drive, to free up physical memory for an active process.
One method of managing virtual memory and a corresponding virtual address space is to use page tables. A page table is a data structure used by a virtual memory system to store a mapping between virtual addresses and physical addresses.
In virtual machines, virtual memory allocation is similar to that described above, but with an additional layer of complexity. For example, a host machine has a defined amount of machine memory available. In a virtualization system, a certain amount of “physical memory” is provided for each virtual machine. As with virtual memory, more physical memory may be provided to virtual machines than there is machine memory available. Analogous to an operating system in a physical computer system, a hypervisor or other virtualization software may use a storage device to back data that is swapped out of machine memory, giving the impression that each virtual machine actually has the physical memory that it has been provided. The guest operating system executing on the virtual machine will then allocate virtual memory to the various processes that are executing on that virtual machine.
There are various reasons why it may be advantageous to monitor certain data structures within a virtual machine. For example, there are various reasons why it may be useful to monitor a process list maintained by an operating system executing within a virtual machine. Monitoring a data structure in a virtual machine is made more challenging, however, because utilization and manipulation of memory by most operating systems is an internal process for the operating system that is not designed to be transparent. The “black box” nature of virtual memory management in most operating systems often makes it difficult to determine the contents of pages in the virtual address space utilized by any given process executing on a virtual machine. For example, at any given time, various pages in the virtual address space may be swapped out to disk, and it is almost impossible to estimate how the guest operating system will choose to swap pages in and out of physical memory.