Xen and the art of embedded virtualization (ELC 2017)
-
Upload
stefano-stabellini -
Category
Software
-
view
53 -
download
2
Transcript of Xen and the art of embedded virtualization (ELC 2017)
![Page 1: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/1.jpg)
Stefano Stabellini @stabellinist
Xen on ARM,and the Art of Embedded Virtualization
Security, Isolation, Partitioning
![Page 2: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/2.jpg)
Why Xen?Why an hypervisor?
![Page 3: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/3.jpg)
![Page 4: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/4.jpg)
Galois SMACCMPPilot
Demo
Xen Summit 2014
![Page 5: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/5.jpg)
Why Xen?
• Efficiency and Consolidation• Isolation and Partitioning• Componentization• Resilience• Scaling• Portability
![Page 6: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/6.jpg)
Xen: a type-1 hypervisor
Hardware
Xen
Dom0 DomU
HW drivers
PV backends PV Frontends
DomU
PV Frontends
DomU
PV Frontends
![Page 7: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/7.jpg)
Xen: the gears of the cloud
• Large user base (> 10M individual users)
• Powers the largest clouds in production
• Not just servers
![Page 8: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/8.jpg)
Xen: Open Source
![Page 9: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/9.jpg)
Xen: Open Source
partial
![Page 10: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/10.jpg)
Embedded != Cloud
Different requirements:
• short boot times• small footprint• small codebase (certifications)• non-PCI device assignment• driver domains• low, deterministic irq latency• real time schedulers• co-processor virtualization
![Page 11: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/11.jpg)
Xen on ARM
• A lean and simple architecture– No cruft– No emulation, No QEMU– Small attack surface– One type of guest
• Exploit the hardware as much as possible• A very good match for the hardware• Clean architecture = a very small code base
– Xen, ARM and ARM64 =~ 30K LOC
![Page 12: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/12.jpg)
Xen on ARM: a perfect match for the HW
![Page 13: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/13.jpg)
Xen on ARM: unique features
• Device Passthrough (even Non-Discoverable Devices)– iomem and irqs VM config parameters
• No guest firmware by default - fast VM boot
• Certifications efforts ongoing
• Low, Deterministic IRQ latency (WARM_MAX < 2000ns)
![Page 14: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/14.jpg)
Low IRQ latency: no maintenance interrupts
DomU
Xen
irq 109
virq 109
DomU
Xen
EOI
DomU
Xen
Maintenance interrupt
GICH_LRWrite
GICH_LRClear
![Page 15: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/15.jpg)
Low IRQ latency: physical follow virtual
vcpu0 vcpu1
pcpu0 pcpu1
irq 109
virq 109
![Page 16: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/16.jpg)
Low IRQ latency: physical follow virtual
vcpu0 vcpu1
pcpu0 pcpu1
irq 109
virq 109
![Page 17: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/17.jpg)
Low IRQ latency: physical follow virtual
vcpu0 vcpu1
pcpu0 pcpu1
irq 109
virq 109
![Page 18: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/18.jpg)
Xen Schedulers
CPU CPU CPU CPU
CPU CPU CPU CPU
![Page 19: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/19.jpg)
Xen Schedulers
CPU CPU CPU CPU
CPU CPU CPU CPU
Real Time SchedulerARINC 653
Regular VM SchedulerCredit
Dedicatedto 1 VCPU
Dedicatedto 1 VCPU
![Page 20: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/20.jpg)
Memory Introspection
![Page 21: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/21.jpg)
PV Protocols
Existing: net, block, console, keyboard, mouse, framebuffer, XenGT
New: 9pfs, PVCalls, Multi Touch, Sound, Display
![Page 22: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/22.jpg)
Driver Domains
Hardware
Xen
Dom0 DomU
NetFront
Disk Driver Domain
Toolstack Disk Driver
BlockBack
Network Driver
Domain
Network Driver
NetBack BlockFront
![Page 23: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/23.jpg)
Automotive
Hardware
Xen
Dom0Linux Control Domain
UI DomainAutomotive Grade Android
HW Drivers GPU Driver
PV Block & Net frontends
PV Block & Net Backends
AudioDriver
![Page 24: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/24.jpg)
GlobalLogic
![Page 25: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/25.jpg)
EPAMEPAM
![Page 26: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/26.jpg)
EPAM: DEMO
https://www.youtube.com/watch?v=jMmz1odBZb8
![Page 27: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/27.jpg)
Xilinx Zynq MPSoC
Xen
Dom0Linux
Baremetal App
Toolstack FPGA Driver
Baremetal App
FPGA Driver
Baremetal App
FPGA Driver
Baremetal App
FPGA Driver
FPGA
Dedicated CPU Dedicated CPU Dedicated CPU Dedicated CPU
![Page 28: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/28.jpg)
Xen: best security process in the industry
• A very transparent process
• Responsible disclosure
• Few security issues for Xen on ARM
• Xen stable trees maintained for security for 3 years
![Page 29: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/29.jpg)
Release process
• 6 month release– December– June
• Xen 4.8 released on the 5th of December 2016• Xen 4.9 planned for the 2nd of June 2017
![Page 30: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/30.jpg)
Xen on ARM: what’s next
● Guest creation directly from Xen at boot via Device Tree● Dynamic Memory Map● Setup VM-to-VM communication channels from VM
config
![Page 31: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/31.jpg)
More resources
• Port Xen to a new SOC: https://goo.gl/384aD8• Add Xen support Xen to your OS: https://goo.gl/3qgqcM• Xen on ARM whitepaper: https://goo.gl/TcuqXd• Xen on ARM wiki: https://goo.gl/9qsfMf• Device Passthrough presentation: https://goo.gl/KM0f8c• OE meta-virtualization Xen recipe:
https://goo.gl/m7GuXR• OpenXT (Xen + OpenEmbedded): http://openxt.org• Biweekly ARM Community Call: https://goo.gl/8ULYRn
![Page 32: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/32.jpg)
Please engage!
• Xen devel ML: [email protected]• Xen user ML: [email protected]• IRC on freenode: #xenarm or #xen-devel
![Page 33: Xen and the art of embedded virtualization (ELC 2017)](https://reader033.fdocuments.net/reader033/viewer/2022051502/58ee8dc61a28ab9d1a8b4597/html5/thumbnails/33.jpg)
Fin