Keynote Speech: Xen ARM Virtualization

5,101 views
5,084 views

Published on

Sang-bum Suh will give a talk on the current status and the future direction of Xen ARM. Xen ARM is the first ARM virtualization S/W based on Xen Architecture.

Published in: Technology, Business

Keynote Speech: Xen ARM Virtualization

  1. 1. Keynote Speech:Xen ARM Virtualization VP Sang-bum Suh, Ph.D. sbuk.suh@samsung.com S/W Platform Team DMC Research Center SAMSUNG Electronics 2 November 2011, Seoul Korea Xen Summit Asia 2011 © 2011 SAMSUNG Electronics Co.
  2. 2. Contents SEC Overview DMC R&D Center Overview Xen ARM Virtualization © 2011 SAMSUNG Electronics Co.
  3. 3. SEC Overview © 2011 SAMSUNG Electronics Co.
  4. 4. Corporate Philosophy © 2011 SAMSUNG Electronics Co.SW Platform Team. 3 / 27
  5. 5. History 1969  Established the company 1972  Started manufacturing B&W TV  Ranked #1 in DRAM 1992  Developed the cellular telephone system  Became market leader in flash memory 2002  Achieved leading share of LCD panel market 2004  Introduced mobile WiMAX technology (World‟s 1st) 2006  Ranked #1 in TV market 2007  Ranked #2 in global handset market 2010  No.1 revenue in global electronics industry ($134B) © 2011 SAMSUNG Electronics Co.SW Platform Team. 4 / 27
  6. 6. Business Divisions © 2011 SAMSUNG Electronics Co.SW Platform Team. 5 / 27
  7. 7. Recent Technology Leadership Pioneering new technologies 2005 2006 2007 2008 2009 2010 World‟s World‟s World‟s World‟s World‟s World‟s largest TV first first first slimmest first Sep 2005 HSDPA 30nm 64GB HSUPA LED TV 30nm 2GB phone NAND phone Jan 2009 DDR DRAM May 2006 2007 Apr 2008 Jan 2010 World‟s first Blu-ray player Jun 2006 © 2011 SAMSUNG Electronics Co.SW Platform Team. 6 / 27
  8. 8. DMC R&D Center Overview © 2011 SAMSUNG Electronics Co.
  9. 9. Core R&D Domain (1/3) 1. NG Comm. & Networking 2. Advanced Media Processing Conduct research for Create NG multimedia devices NG communication systems using innovative technologies & connectivity solutions in advance  NG mobile comm. system  NG display & audio solution  Wired/Wireless connectivity (UHD, 3D, Amp, Speaker)  NG broadcast & service technologies  NG video/audio codec  Realistic graphics  Medical imaging © 2011 SAMSUNG Electronics Co.SW Platform Team. 8 / 27
  10. 10. Core R&D Domain (2/3) 3. Convergence & Platform Solutions 4. Intelligent/Emotional Interaction Build a new kind of ecosystem Create customized for multi-device convergence intelligent/emotional UX & improve platform competitiveness  Multi-device convergence  UI identity for SEC’s device (AllShare1), Smart Home)  Multimodal interaction  Mobile S/W platform (SLP) (Flexible & Ambient interface)  Cloud service platform  NG UX (Context awareness) 1) AllShare : Integrated Service Solution of SEC (IT/Smart CE/Non-IT Devices) © 2011 SAMSUNG Electronics Co.SW Platform Team. 9 / 27
  11. 11. Core R&D Domain (3/3) 5. Differentiated Device Solutions 6. Eco-friendly Solutions Differentiate mobile device Develop eco-friendly core technologies through innovative module solution & create new business opportunities & sensor application  Camera SoC (DSC/CAM common)  Energy management (HEMS, BEMS)  Mobile camera module  Energy saving (printer, air conditioner)  Sensor application  Life-care solution  New function module (EMR1) pen) (Water/Air care, u-Health, etc.)  Clean material 1) EMR: Electro Magnetic Resonance © 2011 SAMSUNG Electronics Co.SW Platform Team. 10 / 27
  12. 12. Xen ARM Virtualization © 2011 SAMSUNG Electronics Co.
  13. 13. Future Computing TrendsChanges inComputing Closed Keyboard/Mouse Multitouch Augmented Reality Gesture Interactive 3D UI Open Voice Call, SMS Video Call, MMS Eye-Tracking Manytouch Realtime Web DistributedCentralizedCorrect Info. Centeralized/Concentrated Distributed/Scattered Correct+Timely Info. Stationary Known Comm. Entities Unknown/Utrusted Comm. Entities Mobile Collaboration Sensor Keyboard/ Network Mouse Every Node as Both of Local Multitouch Client/Server Personal Cloud Store ComputerEmbedded Single-core Multi-core Many-core IT Single-core Multi-core Many-core UC Berkeley [2009] [2012] [2017] Sensornet Chip Tiger 1GHz Single-Core ARM 2GHz 4-core ARM 3GHz 8-core (TI MSP430 8MHz Dunnington 3GHz 6-core Intel 4GHz 32-core Intel 6GHz 128-core core, 10KB RAM) SensorNet Chip (128MHz core, 160KB RAM) “Privacy” “Realtime” © 2011 SAMSUNG Electronics Co.SW Platform Team. 12 / 27
  14. 14. Industry Trends Introduction of Virtualization Technology in Embedded Devices Strengthening of Smartphone Features Ubiqitous Wind River Instant Boot MS Widnows Google Acquisition Symbian OS (Android Google Linux based Phone 7 Chrome OS (VxWorks, RTLinu Open source OS quick boot: Andriod mobile OS (’2010 4Q) (’2010 4Q) x) (2010.02) (2010.01) Middleware Trango XenDesktop Acquisition / XenApp Desktop/App. VirtualLogix (2008,11) VMWare VLX for ARM Nirvana Phone Virtualization MVP RTOS. Mpcore (Virtual Desktop (2009.01) (2010. 02) w/ Phone(2011) Virtualization Google Google Apple Android Chrome Browser iOS Sandbox & Sandbox Permission-based Sandbox & System Renderer Process Isolation Security Access Control * RTM : Root of Trust Measurement © 2011 SAMSUNG Electronics Co.SW Platform Team. 13 / 27
  15. 15. Why CE Virtualization? 1 – HW Consolidation: AP(Application Processor) and BP(Baseband Processor) can share multicore ARM CPU SoC in order to run both Linux and Real-time OS efficiently. 2 – OS Isolation: important call services can be effectively separated from downloaded third party applications by Xen ARM combined with access control. 3 – Rich User Experience: multiple OS domains can run concurrently on a single smartphone. 1 2 3 를 Secure Nucleus Android Kernel Linux GPOS RTOS Virtualization SW ( Realtime Hypervisor)V-Core V-Core V-Core V-Core V-Core V-Core V-Core V- Core Core Core Core Core Linux 1 Linux 2 Memory Multi - Core Peri Important Hypervisor Hypervisor services H/W HardwareAP SoC +BP SoC -> Consolidated Multicore SoC Secure Smartphone Rich Applications from Multiple OS © 2011 SAMSUNG Electronics Co.SW Platform Team. 14 / 27
  16. 16. Xen ARM Virtualization Goals  Lightweight virtualization for secure 3G/4G mobile devices  High performance hypervisor based on ARM processor  Fine-grained access control fitted to mobile devices Architecture of Xen ARM VM 0 VM n Application Lightweight Xen-Tools Application Application Application Guest Backend Drivers Frontend Drivers Domain Native Drivers VM Interface VM Interface Secure Xen ARM Domain Resource Access Hypervisor Manager Allocator Control Hardware System Peripheral CPU UART Devices Memory © 2011 SAMSUNG Electronics Co.SW Platform Team. 15 / 27
  17. 17. Xen ARM Virtualization Overview Logical mode split  CPU virtualization  Virtualization requires 3 privilege CPU levels, but ARM supports 2 levels Xen ARM mode   Xen ARM mode: supervisor mode ( most privileged level) virtual kernel mode  virtual user mode   Virtual kernel mode: User mode ( least privileged level)  Virtual user mode: User mode ( least privileged level) VM 2 VM 0 VM 1 VM 2 Xen ARM  Memory virtualization Address Spaces Address Spaces Address Spaces VM 1 Kernel  VM’s local memory should be VM 0 User Process User Process User Process User Process protected from other VMs Xen ARM MMU  Xen ARM switches VM’s virtual address space Xen ARM Physical Virtual Address Space Address Space using MMU  VM is not allowed to manipulate MMU directly VM0 (Linux) VM1 (Linux ) Application Application Application Application Application Application  I/O virtualization Front-end  Split driver model of Xen ARM Native driver Back-end driver driver  Client & Server architecture for shared I/O devices I/O event  Client: frontend driver Interrupt Xen ARM  Server: native/backend driver Device © 2011 SAMSUNG Electronics Co.SW Platform Team. 16 / 27
  18. 18. Performance Evaluation © 2011 SAMSUNG Electronics Co.
  19. 19. Virtualization Overhead Micro-benchmark Results LMBENCH Micro Benchmark ( Bandwidth )  Evaluation Environments : Samsung Blackjack Phone  CPU : Xscale PXA310, 624MHz Higher is better  L1 Cache : 32KB + 32KB  L2 Cache : 256KB (Disabled)  Memory : 128MB  Guest OS: Linux-2.6.21 LMBENCH Micro Benchmark ( latency ) Lower is better © 2011 SAMSUNG Electronics Co.SW Platform Team. 18 / 27
  20. 20. Virtualization Overhead Comparison Benchmark Results LMBENCH Micro Benchmark ( latency ) 9  Evaluation Environments : Samsung Higher is better Xen/ARM L4 8 Relative Performance Blackjack Phone 7  CPU : Xscale PXA310, 624MHz 6  L1 Cache : 32KB + 32KB 5  L2 Cache : 256KB (Disabled) 4  Memory : 128MB 3  Guest OS: Linux-2.6.21 2 1 0 AIM7 Macro Benchmark S : size(byte) P : # of processes Normalized Performance 1 0.8 0.6 Native Linux Xen/ARM 0.4 L4 0.2 0 1 2 3 Number of Tasks © 2011 SAMSUNG Electronics Co.SW Platform Team. 19 / 27
  21. 21. Performance Comparison Micro-benchmark Results Lower is better 1600  Evaluation Environments : nVidia Tegra250  CPU : Cortex-A9 1GHz Dual Core 1400 Native Linux Para-virtualized Linux  L1 Cache : 32KB + 32KB  L2 Cache : 1MB 1200  Memory : 1GB  Guest OS: Linux-2.6.29 1000 (Latency) usec 800 600 400 200 0 LMBENCH Micro Benchmark ( latency ) © 2011 SAMSUNG Electronics Co.SW Platform Team. 20 / 27
  22. 22. Real-time Performance • Evaluation Environment  Cyclictest benchmark repeats Category Description 1. RT task sleeps for 10ms 2. Timer interrupt will occur after 10ms H/W CPU Cortex-A9 / 1GHz / Dual Core 3. Timer interrupt wakes up the RT (Tegra250 ) RAM 1GB domain(uC/OS-II) 4. uC/OS-II preempts Xen ARM S/W Hypervisor Xen ARM 5. RT task is scheduled 6. RT task logs timestamp Guest OS Linux-2.6.29 (DOM0) (Running Busy Loop Task) Guest OS uC/OS-II (DOM1) (Running RT Task : Cyclictest benchmark) Native(uC/OS-II) Min Avg Max 9995 9996.810169 10000 Xen ARM(uC/OS-II) Min Avg Max Response Overhead(3us) 9996 9999.327119 10001 Unit : usec © 2011 SAMSUNG Electronics Co.SW Platform Team. 21 / 27
  23. 23. Effectiveness of Access Control CPU Utilization: Network Test Environment Domain0 (IDD) Domain1 iperf (client) Policy net_atk CPU 100 bonnie M anager mtd_atk Usage iperf (server) Linux (%) 80 Linux kernel v2.6.21 minicom Kernel I/O ACM v2.6.21 60 TcN0 Linux kernel Secure Xen on ARM TcN1 40 TcN2 Serial Cable M easurement 20 TcN3 Cable WT3000 power m eter 0 Linux PC SGH-i780 3 6 9 12 15 18 21 24 27 30 net_atk: UDP packet flooding (sending out UDP packets with the size Time of 44,160 bytes every 1000 usecs) (Sec) mtd_atk: overwhelming NAND READ operations (scanning every directory in the filesystem and reading file contents) CPU Utilization: Storage CPU 100 Usage Test Cases (%) 80 Network I/O Test Storage I/O Test Cases Cases 60 TcS0 No Attack TcN0 TcS0 TcS1 Under Attack 40 TcN1 TcS1 TcS2 (No I/O ACM) Under Attack 20 TcS3 TcN2 TcS2 (20% I/O ACM Policy) 0 Under Attack TcN3 TcS3 (10% I/O ACM Policy) 3 6 9 12 15 18 21 24 27 30 Time (Sec) © 2011 SAMSUNG Electronics Co.SW Platform Team. 22 / 27
  24. 24. Effectiveness of Access Control Throughput: Network No attack 800 700 Throughput (KB/Sec) 600  Effectiveness of our access control: 500 UDP throughput increase and power consumption Under decrease even under malware attack 400 attack TCP 300 200 100 0 TcN0 TcN1 TcN2 TcN3 Power Consumption Test Cases No attack Under attack Throughput: Storage 3 No attack 4500 2.5 Throughput (KB/Sec) 4000 2 3500 Under 3000 attack 1.5 Network 2500 Seq.out Storage 2000 Seq.in 1 1500 Rand.seek 1000 0.5 500 Test Cases 0 0 TcS0 TcS1 TcS2 TcS3 TcN0/TcS0 TcN1/TcS1 TcN2/TcS2 TcN3/TcS3 Test Cases Test Cases © 2011 SAMSUNG Electronics Co.SW Platform Team. 23 / 27
  25. 25. History of Xen ARM „04 „08 „09 „10 „11 Xen ARM 1st Xen ARM 2nd Xen ARM 3rd Xen ARM 4th Xen ARM 5th x86 Xen Hypervisor Release: Release: Release: Release: Release: Cortex-A9 Release ARM9 Xen Paravirtualized ARM11MPCore Performance MPCore Support (Cambridge University) Hypervisor, M Linux kernel Support Optimization (Samsung) ini-OS (v2.6.24), Xen tool (Samsung) (Samsung) (Samsung) (Samsung) Xen ARM Open Source Community  http://wiki.xensource.com/xenwiki/XenARM Supported Hardware & Guest OS(Stand-alone Version)  Linux v2.6.11, v2.6.18, v2.6.21, v2.6.24, v2.6.27  ARM926EJ-S (i.MX21, OMAP5912) (multicore supported)  Xscale 3rd Generation Architecture  uC/OS-II (PXA310, Samsung SGH- i780)  ARM1136/ARM1176(Core Only)  Goldfish (EQMU Emulator)  Versatile Platform Board  ARM11MPCore (Realview PB11MP)  Tegra250 © 2011 SAMSUNG Electronics Co.SW Platform Team. 24 / 27
  26. 26. Future Roadmap of Xen ARM „11 „12 „13 Finish initial merge Lightweight version of Xen tools Cortex-A15 Support Mainline Merging  Integration of Xen ARM with mainline (80% completed)  Rebased on the recent xen-unstable.hg  Many parts of the Xen ARM has been rewritten for the integration.  Dynamic domheap allocation  Support of “pseudo-physical to machine translation” is ongoing.  Dynamic xenheap expansion  Xenheap could be expanded on demand  Initially Xen ARM reserves 1MB(1 Section) of memory for heap © 2011 SAMSUNG Electronics Co.SW Platform Team. 25 / 27
  27. 27. Xen ARM Development / Contribution Model Development / Contribution Model Xen ARM Developers ARM Specific Patches xen-devel mailing Xen arm mailing (Review) (Review) Patches Commit Commit Pull xen-unstable.hg xen-arm.git © 2011 SAMSUNG Electronics Co.SW Platform Team. 26 / 27
  28. 28. Issues Xen-Tools - Porting to ARM architecture is required • Currently libxc does not support ARM architecture. Real-time - Implementing Real-time Scheduler • How does the VMM knows which domain requires real-time scheduling?. - Implementing VMM Preemption • How to minimize interrupts and event latency within the view of VM? (for VM perspective) Access Control © 2011 SAMSUNG Electronics Co.SW Platform Team. 27 / 27
  29. 29. Thank You ! © 2011 SAMSUNG Electronics Co.
  30. 30. Issue: Xen-Tools Lightweight version of Xen-tools  Python-based xend/xm too heavy for small devices.  Lightweight version of xend/xm for embedded devices  Adopt Plug-in architecture  To avoid re-compilation when new virtual device introduced. Python-based Xm/Xend Memory Usage Several tens of MB Several hundreds of KB. Latency Several seconds < 1 second xenstored Socket Dynamic IPC Load / Unload xm Xend (Written by C) (Written by C) Plug-ins (Extension) © 2011 SAMSUNG Electronics Co.SW Platform Team. 29 / 27
  31. 31. Issue: Real-time vs. Throughput • Evaluation Environment  Cyclictest benchmark repeats Category Description 1. RT task sleeps for 10ms 2. Timer interrupt will occur after 10ms H/W CPU Cortex-A9 / 1GHz / Dual Core 3. Timer interrupt wakes up the RT (Tegra250) RAM 1GB domain(uC/OS-II) 4. uC/OS-II preempts Xen ARM S/W Hypervisor Xen ARM 5. RT task is scheduled 6. RT task logs timestamp Guest OS Linux-2.6.29 (DOM0) (Running Busy Loop Task) Guest OS uC/OS-II (DOM1) (Running RT Task : Cyclictest benchmark) Native(uC/OS-II) Min Avg Max 9995 9996.810169 10000 Xen ARM(uC/OS-II) Min Avg Max Response Overhead(3us) 9996 9999.327119 10001 Unit : usec © 2011 SAMSUNG Electronics Co.SW Platform Team. 30 / 27
  32. 32. Issue: Access Control sHype, XSM and our ACM sHype[SAI05] XSM [COK06] Xen ARM ACM Access Control Flexible based on Flexible based on Flexible based on Flask(TE and Policies Flask(TE and Chinese Flask(TE and Chinese proprietary policy) Wall) Wall, RBAC, MLS, and MCS) Objects of Access Virtual resources and Physical/virtual Physical/virtual resources and Control domain management resources and domain domain management management Protection against N/A N/A Memory, battery, DMA, and mobile malware- event channels are controlled by based DoS attacks ACM Access control to Enforced by ACM at Enforced by ACM at Enforced by ACM at each objects in each VMM VMM domain(for performance reason) guest domain Etc Xen ARM specific hooks © 2011 SAMSUNG Electronics Co.SW Platform Team. 31 / 27
  33. 33. Comparison of ARM vs. x86 Virtualizability Comparison x86 ARM Ring Compression Segmentation and Paging Paging and Domain Protection (Protection mechanisms) Cache Architecture PIPT VIVT / VIPT / PIPT I/O I/O Instructions + memory- Only memory-mapped I/O mapped I/O # of privilege levels 4 2 © 2011 SAMSUNG Electronics Co.SW Platform Team. 32 / 27
  34. 34. Mobile Malware Confidential [Source: F-Secure]• Number of mobile malware 500 400 421 400 345 – More than 420 mobile phone viruses (2008) 300 200 146 – Tens of thousands of infections worldwide 100 27 0 2004 2005 2006 2007 2008 [Source: McAfee]• Concerns about mobile phone security 100% 6.9 13.9 16.1 18.4 – by market 80% 60% 93.1 86.1 83.9 81.6 40% Feel safe 20% Concerned 0% UK US Japan Total SW Platform Team.Mobicom09, September 20-25, 2009, Beijing, China 33 / 27
  35. 35. Current Status of Xen ARM Changeset Common files which have been modified Directory File Comment xen Rules.mk - override TARGET_SUBARCH := $(XEN_TARGET_ARCH) + override TARGET_SUBARCH := $(XEN_TARGET_SUBARCH) xen/common page_alloc.c Add reserve_boot_pages() function xen/drivers Makefile Exclude x86 dependent device drivers when Xen is built for ARM architecture xen/include/public Xen.h Add preprocessor macros to include arch-arm.h header file. xen/include/xen libelf.h Add preprocessor macros to support ARM architecture. New files • We wrote xxx files for ARM architecture © 2011 SAMSUNG Electronics Co.SW Platform Team. 34 / 27
  36. 36. Xen ARM Access Control Protect unauthorized access to system resources from a compromised domain 37 access control enforcers in Secure Domain Normal Domain hypercalls Secure App1 Secure App2 App2 App1 Flexible architecture based on Secure SW App4 Policy Manager Installer App3 Flask Backend Access Control Frontend  Currently, 5 access control Driver Module Driver Kernel Kernel models supported (TE, BLP, Biba, CW, Samsung Proprietary) Access Control Cryptographic Policy Conductor Operation IF 1. hypercall Access control of the resources 2. Access control query Access Control 3. Decision  Physical resources (TE, Hooks Decision Maker Decision Cache VMM Samsung Proprietary) • Memory, CPU, I/O space, IRQ SoC NAND Flash Devices Secure ROM CPU  Virtual resources (TE, BLP, Biba) Master Key, Bootloader • Event-channel, grant table  Domain management (CW) • Domain creation/destroy © 2011 SAMSUNG Electronics Co.SW Platform Team. 35 / 27

×