BUD17-301: Zeno's paradox: Optimizing KVM/ARM

Post on 19-Mar-2017

167 views 2 download

Preview:

Click to see full reader
Report this document
SHARE

transcript

BUD17-301: KVM/ARM Nested VirtualizationChristoffer Dall

Hardware

Hypervisor

VM

VM

Kernel

App App

Nested Virtualization

Hypervisor

VM

Kernel

App App

VM

Kernel

App App

Hardware

Host Hypervisor

VM

VM

Kernel

App App

Terminology

Guest Hypervisor

Nested VM

Kernel

App App

Nested VM

Kernel

App App

L0

L1

L2

L1

L0

Use Cases

1. IaaS hosting private clouds

2. Test your hypervisor in a VM

3. Debug your hypervisor in a VM

4. Develop hypervisors using a cloud

Theorem 2

“A conventional third generation computer is recursively virtualizable if it is: (a) virtualizable, and (b) a VMM without any timing dependencies can be

constructed for it.”

Formal requirements for virtualizable third generation architectures [Popek and Goldberg ’74]

Recursively Virtualizable

• Only applies to virtualizable architectures

• ARM and x86 are not virtualizable

• Hardware support for virtualization

ARM Virtualization Extensions

Kernel

UserEL0

EL1

HypervisorEL2

VM

ARM Virtualization Extensions

EL0

EL1

EL2 Hypervisor

Kernel

User Space

VM

Kernel

User Space

ARM Nested Virtualization

EL0

EL1

EL2 Host Hypervisor

Kernel

User Space

Kernel

User Space

VirtualEL2 Guest Hypervisor Guest Hypervisor

ARM Nested Virtualization

EL0

EL1

EL2 Host Hypervisor

Kernel

User Space

Kernel

User Space

EL ?? Guest Hypervisor Guest Hypervisor

ARM Nested Virtualization

EL0

EL1

EL2 Host Hypervisor

Kernel

User Space

Kernel

User Space

EL0 Guest Hypervisor Guest Hypervisor

Trap-and-emulate

ARM Nested Virtualization

EL0

EL1

EL2 Host Hypervisor

Kernel

User Space

Kernel

User Space

EL1 Guest Hypervisor Guest Hypervisor

?? -and-emulate

ARMv8.3

• Supports running the guest hypervisor in EL1

• HCR_EL2.NV:

• Traps EL2 operations executed in EL1 to EL2

• Traps eret to EL2

• CPU Virtualization

• Memory Virtualization

• Timer Virtualization

• Interrupt Virtualization

KVM/ARM Nested Virtualization

struct kvm_cpu_context { u64 sys_regs[NR_SYS_REGS]; + u64 el2_regs[NR_EL2_REGS]; }

struct kvm_vcpu_arch { … struct kvm_cpu_context ctxt; }

Nested CPU Virtualization

Host

Linux

AppApp

VM

Kernel

AppApp

KVM

EL0

EL1

EL2Restore EL1 sys_regs

Save EL1 sys_regs

Hypervisor-VM Switch

Host

Linux

AppApp

VM

Kernel

KVM

EL0

EL1

EL2Save/restore EL1 sys_regs

Guest Hypervisor

Save/restore el2_regs

Hypervisor-Hypervisor Switch

• Define mapping of EL2 registers to EL1 registers

• Example: TTBR0_EL2 to TTBR0_EL1

• Example: SCTLR_EL2 adapted to SCTLR_EL1

• Shadow EL1 registers

Emulating EL2 in EL1

&sys_regs

u64 *vcpu->ctxtx.hw_regs

&shadow_sys_regs

PSTATE.mode == EL2PSTATE.mode == EL0/1

Shadow Registers

• Trap to virtual EL2

• “Forward” exceptions

• Emulate virtual exceptions

VM

EL0

EL1

EL2 Host KVM

Kernel

User Space

Guest KVMvEL2

Virtual Exceptions

• Returning from virtual EL2

• Trap eret to EL2 (ARMv8.3)

• Emulate virtual exception return

VM

EL0

EL1

EL2 Host KVM

Kernel

User Space

Guest KVMvEL2

Virtual Exceptions

• CPU Virtualization

• Memory Virtualization

• Timer Virtualization

• Interrupt Virtualization

KVM/ARM Nested Virtualization

Virtual Address (VA)

Physical Address (PA)

Memory Virtualization

Virtual Address (VA)

Physical Address (PA)

Intermediate Physical Address (IPA)

Memory Virtualization

Stage 1: VM kernel

Stage 2: Hypervisor

Virtual Address (VA)

Physical Address (PA)

Intermediate Physical Address (IPA)

Stage 1: Nested VM kernel

Nested Intermediate Physical Address

Stage 2: Host hypervisor

Stage ?: Guest hypervisor

Nested Memory Virtualization

Virtual Address (VA)

Physical Address (PA)

Intermediate Physical Address (IPA)

Nested Memory Virtualization

Stage 1: Nested VM kernel

Stage 2: Host hypervisorShadowStage 2

Page Table

Shadow Stage 2Page Tables

• Translate IPA to PA

• Entries are created by host KVM by walking guest hypervisor stage 2 page tables in software

VM

EL0

EL1

EL2 Host KVM

Kernel

User Space

vEL2 Guest KVM

IPA -> VM PA

VA -> IPA

VM PA -> PA

• CPU Virtualization

• Memory Virtualization

• Timer Virtualization

• Interrupt Virtualization

KVM/ARM Nested Virtualization

• ARM provides a virtual and physical timer in EL1

• EL2 provides a separate EL2 “hyp” timer

• KVM must emulate a VM with EL2 and the hyp timer

Nested Timer Virtualization

• CPU Virtualization

• Memory Virtualization

• Timer Virtualization

• Interrupt Virtualization

KVM/ARM Nested Virtualization

ARM Generic Interrupt Controller (GIC)

GIC

CPU 0

CPU 1

CPUInterface

CPUInterface

Dist.

IRQ

ACK

DeviceInterrupt

Lines

ARM Generic Interrupt Controller (GIC)

GIC

CPU 0

CPU 1

CPUInterface

CPUInterface

Dist.

IRQ

ACK

Virtual CPUInterface

Virtual CPUInterface

VIRQ

ACK

List Registers (LRs)

List Registers (LRs)

VMNested VM

• Deliver both virtual and nested virtual interrupts using the GIC

• Multi-level virtualization using single-level virtualization hardware [Turtles - OSDI ‘10]

Nested Interrupt Virtualization

Host VMM

Kernel

User Space

Guest VMM

Virtual CPUInterface

LRs

• Shadow LRs

• Guest hypervisor traps when attempting to program virtual LRs

• Host hypervisor handles traps by writing to shadow LRs

• Hardware uses shadow LRs when running the nested VM

Nested Interrupt Virtualization

Implementation Status

• RFC v1 on @kvmarm by Jintack Lim (Columbia University)

• CONFIG_KVM_ARM_NESTED_HYP

• vcpu->arch.features & KVM_ARM_VCPU_NESTED_VIRT

To Do• Must expose EL2 registers to user space

• Mostly scattered out over existing files. Should we try to isolate more?

• Hard-coded addresses and interrupt numbers

• Reverse map for shadow stage 2 page tables

• More efficient emulation of TLBI instructions

• Get rid of config option and use command line parameter instead

• Hypercalls from the VM vs. virtual self-hypercalls and PSCI

Questions?and please review the patches…

Backup Slides

KVM/ARM Nested Virtualization

• VHE is fun with nested virtualization

• We don’t set the E2H bit

• The VM thinks it runs in EL2 using VHE so uses EL1 register accesses to access EL2 registers

• But really does run in EL1 and doesn’t need to trap except on a few registers with different bit configuration

CPU Virtualization - VHE

KVM/ARM Nested Virtualization

• EL2 is separate translation regime

• No ASIDs - cannot alias with EL1 translations

• VMID not used

• Emulating virtual EL2 in EL1

• Separate VMID for virtual EL2

• Always use ASID 0

Memory Virtualization - VMIDs and ASIDs

Top related

OConnor -- Zeno's Paradox
Documents
Biometric Devices - Zeno's Forensic Site :: Home
Documents
The kernel’s limits to growth - BUD17-500K1
Technology
BUD17-317: LAVA Migration - 2017
Technology
BUD17-400: Secure Data Path with OPTEE
Technology
Bud17 500 -open suse-96boards_final
Technology
BUD17-215: LAVA Users Forum
Technology
BUD17-223: IoT Toolchain BoF
Technology
BUD17-TR04: Kernel Debug Stories
Technology
Computing Memory-Driven - Amazon Web Servicesconnect.linaro.org.s3.amazonaws.com/bud17/Presentations/BUD17-50… · Software stack for Memory-Driven Computing Machine ... Open sourced
Documents
BUD17-320: High resolution data plane timers
Technology
BUD17-412: OpenSDK OE Builds on 96Boards
Technology
BUD17-211: MMC and MQ
Technology
Lear - Zeno's Arrow
Documents
Zeno's First Argument Concerning Plurality
Documents
Zeno's Paradoxes
Documents
George Grey Welcome Keynote - BUD17-100K1
Technology
HHVM on AArch64 - BUD17-400K1
Technology
BUD17-309: IRQ prediction
Technology
Android "AOSP TV" - BUD17
Technology

Copyright © 2018 DOCUMENTS