novm: Hypervisor Rebooted Adin Scannell



Similar documents
Cloud^H^H^H^H^H Virtualization Technology. Andrew Jones May 2011

Advanced Computer Networks. Network I/O Virtualization

Enhancing Hypervisor and Cloud Solutions Using Embedded Linux Iisko Lappalainen MontaVista

Virtualization. Pradipta De

The Art of Virtualization with Free Software

Nested Virtualization

Architecture of the Kernel-based Virtual Machine (KVM)

Virtualization. Types of Interfaces

BHyVe. BSD Hypervisor. Neel Natu Peter Grehan

KVM: Kernel-based Virtualization Driver

CS5460: Operating Systems. Lecture: Virtualization 2. Anton Burtsev March, 2013

Intro to Virtualization

Virtualization Technologies

KVM: A Hypervisor for All Seasons. Avi Kivity avi@qumranet.com

Brian Walters VMware Virtual Platform. Linux J. 1999, 63es, Article 6 (July 1999).

Microkernels, virtualization, exokernels. Tutorial 1 CSC469

Date: December 2009 Version: 1.0. How Does Xen Work?

Enterprise-Class Virtualization with Open Source Technologies

2972 Linux Options and Best Practices for Scaleup Virtualization

COS 318: Operating Systems. Virtual Machine Monitors

Hardware Based Virtualization Technologies. Elsie Wahlig Platform Software Architect

Introduction to Virtualization & KVM

Virtualization in Linux KVM + QEMU

Chapter 16: Virtual Machines. Operating System Concepts 9 th Edition

IOS110. Virtualization 5/27/2014 1

VIRTUALIZATION 101. Brainstorm Conference 2013 PRESENTER INTRODUCTIONS

ovirt self-hosted engine seamless deployment

Linux Virtualization Nesting and Management

Real-Time KVM for the Masses Unrestricted Siemens AG All rights reserved

ServerPronto Cloud User Guide

KVM Virtualization in RHEL 7 Made Easy

Xen Project 4.4: Features and Futures. Russell Pavlicek Xen Project Evangelist Citrix Systems

Full and Para Virtualization

Virtual Private Systems for FreeBSD

Virtual Servers. Virtual machines. Virtualization. Design of IBM s VM. Virtual machine systems can give everyone the OS (and hardware) that they want.

Chapter 14 Virtual Machines

What s New with VMware Virtual Infrastructure

Cisco Application-Centric Infrastructure (ACI) and Linux Containers

Use Cases for Docker in Enterprise Linux Environment CloudOpen North America, 2014 Linda Wang Sr. Software Engineering Manager Red Hat, Inc.

The QEMU/KVM Hypervisor

A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing

Virtualization. Dr. Yingwu Zhu

EXPLORING LINUX KERNEL: THE EASY WAY!

Options in Open Source Virtualization and Cloud Computing. Andrew Hadinyoto Republic Polytechnic

High-performance vnic framework for hypervisor-based NFV with userspace vswitch Yoshihiro Nakajima, Hitoshi Masutani, Hirokazu Takahashi NTT Labs.

Virtualization and Performance NSRC

OSes. Arvind Seshadri Mark Luk Ning Qu Adrian Perrig SOSP2007. CyLab of CMU. SecVisor: A Tiny Hypervisor to Provide

virtio-vsock Zero-configuration host/guest communication Stefan Hajnoczi KVM Forum 2015 KVM FORUM 2015 STEFAN HAJNOCZI

Module I-7410 Advanced Linux FS-11 Part1: Virtualization with KVM

How To Understand The Power Of A Virtual Machine Monitor (Vm) In A Linux Computer System (Or A Virtualized Computer)

Virtualization System Vulnerability Discovery Framework. Speaker: Qinghao Tang Title:360 Marvel Team Leader

Building Docker Cloud Services with Virtuozzo

KVM on S390x. Revolutionizing the Mainframe

Chapter 5 Cloud Resource Virtualization

Using Linux as Hypervisor with KVM

Docker : devops, shared registries, HPC and emerging use cases. François Moreews & Olivier Sallou

Hyper-V R2: What's New?

HRG Assessment: Stratus everrun Enterprise

Introduction to KVM. By Sheng-wei Lee #

Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies

Implementing and Managing Windows Server 2008 Hyper-V

Servervirualisierung mit Citrix XenServer

Operating Systems Virtualization mechanisms

Data Centers and Cloud Computing. Data Centers. MGHPCC Data Center. Inside a Data Center

ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy

Virtualization. Explain how today s virtualization movement is actually a reinvention

6422: Implementing and Managing Windows Server 2008 Hyper-V (3 Days)

KVM Security Comparison

Best Practices on monitoring Solaris Global/Local Zones using IBM Tivoli Monitoring

Virtualization analysis

MODULE 3 VIRTUALIZED DATA CENTER COMPUTE

Linstantiation of applications. Docker accelerate

Enabling Technologies for Distributed Computing

KVM Architecture Overview

Cloud Server. Parallels. Key Features and Benefits. White Paper.

Data Centers and Cloud Computing. Data Centers

A quantitative comparison between xen and kvm

Compromise-as-a-Service

Google

Proposal for Virtual Private Server Provisioning

RCL: Design and Open Specification

Virtual Computing and VMWare. Module 4

System Structures. Services Interface Structure

NETWORK EMULATION AND NETKIT

Creating Overlay Networks Using Intel Ethernet Converged Network Adapters

Virtual Systems with qemu

Hybrid Virtualization The Next Generation of XenLinux

RED HAT ENTERPRISE VIRTUALIZATION

WHITEPAPER INTRODUCTION TO CONTAINER SECURITY. Introduction to Container Security

RED HAT CONTAINER STRATEGY

Knut Omang Ifi/Oracle 19 Oct, 2015

Veritas InfoScale 7.0 Virtualization Guide - Linux

Traditional v/s CONVRGD

RUNNING vtvax FOR WINDOWS

I/O Virtualization Using Mellanox InfiniBand And Channel I/O Virtualization (CIOV) Technology

Transcription:

novm: Hypervisor Rebooted Adin Scannell

What is this talk about? 1. Rethinking the hypervisor 2. A new VMM for Linux (novm)

Who am I? Adin Scannell Systems software developer Where do I work? Formerly CTO @ Gridcentric Inc. Now Software Engineer @ Google How can you reach me? ascannell@google.com

Virtualization is amazing! Powers massive compute infrastructures Makes maintaining legacy systems easier (and developing and testing on new systems) Enables high-availability, backup, live-migration, etc.

Why is everyone excited about containers?

Some people, when confronted with a problem managing their server, think "I know, I'll use virtualization." Now, they have $(virsh list wc -l) problems.

Virtualization pain points Legacy devices, legacy BIOS, etc. Performance problems Dealing with disk images

DOCKERMANIA Lightweight runtime (Linux) App store distribution (registry) Simple software stack (tarballs and files)

Containers are amazing!

Containers aren t perfect Host kernel dependency limits... Portability: SO_REUSEPORT? Everything must be >= 3.9! Isolation: Security is tough (CVE-2013-1858) Shared kernel state is complex and difficult to isolate Migration, suspend & resume are much harder

How can we make containers more like VMs?

How can we make containers more like VMs? How can we make VMs more like containers?

What do I want? (usage) Support docker-style deployment: novm run --docker_image ubuntu:14.04 grep -v '^#' /etc/apt/sources.list Map in different filesystem trees easily: novm run --read /var/log=>/prod/foo/log log_analyzer.py

What do I want? (usage) Support docker-style deployment: novm run --docker_image ubuntu:14.04 grep -v '^#' /etc/apt/sources.list Map in different filesystem trees easily: novm run --read /var/log=>/prod/foo/log log_analyzer.py Support different kernels per container : novm run --kernel linux-3.9 nodejs so_reuseport.js Also: live migration, suspend & resume, etc.

What s novm? A lightweight VMM, written in Go. Designed to run applications, not systems.

Containers app app app OS Hardware

Containers cgroups + namespaces syscall app app app container container OS Hardware

Virtual machines app app app app OS OS OS OS Hypervisor Hardware

Virtual machines app app app app x86 + vmcalls vmx / svm OS OS OS OS Hypervisor Hardware

Virtual machines on Linux app app app OS OS app VMM (qemu) VMM Linux Kernel KVM Hardware

Dimensions Lifecycle Virtualization Containers Performance Virtualization Containers Isolation & Security Virtualization Containers Portability Virtualization Containers

Containers app syscall Ring 3 Ring 0 Host Kernel Host Untrusted

Virtual machines VMM User Code Devices application application syscall vmexit syscall Ring 3 Ring 0 Host Kernel (KVM) Guest Kernel Kernel Host Guest

novm process interactions (stdin, stdout, signals, etc.) [1] novm proxy virtio rpc Devices [1] proxy application syscall vmexit virtio rpc syscall Ring 3 Ring 0 Host Kernel (KVM) Guest Kernel Kernel Host Guest

Creating a novm (< 1s) 1. Create a KVM VM a. (Management layer creates tap devices, etc.) 2. Layout kernel and initrd payload a. (Build page-tables and use protected entry point) 3. Run guest kernel a. initrd mounts two 9p filesystems: sysroot & noguest b. switch_root to noguest as init, / is sysroot c. noguest opens virtio console, starts RPC server d. noguest sets up IP configuration, etc. 4. Talk to noguest to run process

Dimensions process-like Lifecycle Virtualization novm Containers Performance Virtualization Containers Isolation & Security Virtualization Containers Portability Virtualization Containers

Go is great for a VMM! Built-in scalability and async tasks Better error protection Garbage collection Bounds checking, type checking Built-in serialization and reflection Eliminates bookkeeping for S&R

VirtIO Channels == Go Channels? for buf := range vchannel.incoming { header := buf.map(0, VirtioNetHeaderSize) pktstart := VirtioNetHeaderSize - device.vnet pktend := buf.length() - pktstart // Read a packet from the tap device. buf.read(device.fd, pktstart, pktend) vchannel.outgoing <- buf }

Asynchronous I/O func (fs *VirtioFsDevice) process(buf *VirtioBuffer) { fs.handle(buf) fs.virtiodevice.channels[0].outgoing <- buf } func (fs *VirtioFsDevice) run() error { for { buf := <-fs.virtiodevice.channels[0].incoming go fs.process(buf) } }

Closures efd := vm.newboundeventfd(addr, ioevent.size(), ioevent.data()) go func(ioevent IoEvent) { for { // Wait for the next event. efd.wait() // Resubmit the ioevent; no need to lookup the device. handler.submit(ioevent, offset) } }(ioevent)

Dimensions process-like Lifecycle Virtualization novm Containers Performance Virtualization novm Containers Isolation & Security Virtualization novm Containers Portability virtio only Virtualization Containers

File mapper read : { / : /, }, write : { / : /tmp/vm, /var/mysql : /proddb } Filesystem Mapper novm syscall 9p Devices virtio9p application syscall Ring 3 not in kernel space! Ring 0 Host Kernel (KVM) Linux Guest Kernel Host Guest

Dimensions process-like Lifecycle Virtualization novm Containers Performance Virtualization novm Containers Isolation & Security Virtualization novm Containers Portability virtio only Virtualization novm Containers file-based, not disk-based

Status What works? Legacy devices: ACPI, UART, PCI, RTC, PIT, etc. Virtio devices: Net, Block, FS, Console 100% zero copy backends Zero downtime restart and upgrades TBD: Live migration, suspend & resume Performance

What was great? Working with KVM! int kvm_fd = open( /dev/kvm, O_RDWR); int kvm_vm = ioctl(kvm_fd, KVM_CREATE_VM, 0); int kvm_vcpu = ioctl(kvm_vm, KVM_CREATE_VCPU, 0); int r = ioctl(kvm_vcpu, KVM_RUN); Go is amazing!

What was tricky? Legacy free? Hardly. Device trees? Nope. Virtio-mmio? Nope. Virtio devices: PCI w/ MSI-X interrupts (& eventfds) VCPUs are goroutines How do you interrupt a goroutine? Performance analysis will be tricky

Thanks! Questions? Code available: https://github.com/google/novm Email: ascannell@google.com

How does a traditional VMM work? VMM

How does a traditional VMM work? VMM BIOS

How does a traditional VMM work? VMM BIOS

How does a traditional VMM work? VMM H/W H/W BIOS

How does a traditional VMM work? tap device VMM H/W H/W BIOS disk image

How does a traditional VMM work? VMM H/W H/W boot loader BIOS

How does a traditional VMM work? VMM H/W H/W real mode OS boot loader BIOS

How does a traditional VMM work? VMM H/W H/W OS real mode OS BIOS

How does a traditional VMM work? app app VMM H/W H/W OS BIOS

How do you build a VMM? (part 1) int kvm_fd = open( /dev/kvm, O_RDWR); (1) int kvm_vm = ioctl(kvm_fd, KVM_CREATE_VM, 0); (2) int kvm_vcpu = ioctl(kvm_vm, KVM_CREATE_VCPU, 0); (3) int r = ioctl(kvm_vcpu, KVM_RUN); crash

How do you build a VMM? (part 2) void* memory_alloc = malloc(100 * 1024 * 1024); struct kvm_userspace_memory_region m = {.slot = 0, };.flags = 0,.guest_phys_addr = 0,.memory_size = 100 * 1024 * 1024,.userspace_addr = ( u64)memory_alloc, int r = ioctl(kvm_vcpu, KVM_SET_USER_MEMORY_REGION, &m); (4) int r = ioctl(kvm_vcpu, KVM_RUN); crash

How do you build a VMM? (part 3) struct kvm_run *kvm = mmap(kvm_vcpu); int r = ioctl(kvm_vcpu, KVM_RUN); if (kvm->exit_reason == KVM_IO && kvm->io.port == 0xCF8) { /* Pretend to be a PCI bus! */ }

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information