Keynote Speech: Xen ARM Virtualization

Keynote Speech:
Xen ARM Virtualization

VP Sang-bum Suh, Ph.D.
sbuk.suh@samsung.com
S/W Platform Team
DMC Research Center
SAMSUNG Electronics

2 November 2011, Seoul Korea

Xen Summit Asia 2011
© 2011 SAMSUNG Electronics Co.

Contents

SEC Overview
DMC R&D Center Overview


SEC Overview


Corporate Philosophy

SW Platform Team. 3 / 27

History

1969  Established the company

1972  Started manufacturing B&W TV

 Ranked #1 in DRAM
1992
 Developed the cellular telephone system

 Became market leader in flash memory
2002
 Achieved leading share of LCD panel market

2004  Introduced mobile WiMAX technology (World‟s 1st)

2006  Ranked #1 in TV market

2007  Ranked #2 in global handset market

2010  No.1 revenue in global electronics industry
($134B)

Business Divisions


Recent Technology Leadership

Pioneering new technologies

2005 2006 2007 2008 2009 2010

World‟s World‟s World‟s World‟s World‟s World‟s
largest TV first first first slimmest first
Sep 2005 HSDPA 30nm 64GB HSUPA LED TV 30nm 2GB
phone NAND phone Jan 2009 DDR DRAM
May 2006 2007 Apr 2008 Jan 2010

World‟s
first
Blu-ray
player
Jun 2006


DMC R&D Center Overview


Core R&D Domain (1/3)

1. NG Comm. & Networking 2. Advanced Media Processing

Conduct research for
Create NG multimedia devices
NG communication systems
using innovative technologies
& connectivity solutions in advance

 NG mobile comm. system  NG display & audio solution
 Wired/Wireless connectivity (UHD, 3D, Amp, Speaker)
 NG broadcast & service technologies  NG video/audio codec
 Realistic graphics
 Medical imaging



3. Convergence & Platform Solutions 4. Intelligent/Emotional Interaction

Build a new kind of ecosystem
Create customized
for multi-device convergence
intelligent/emotional UX
& improve platform competitiveness

 Multi-device convergence  UI identity for SEC’s device
(AllShare1), Smart Home)  Multimodal interaction
 Mobile S/W platform (SLP) (Flexible & Ambient interface)
 Cloud service platform  NG UX (Context awareness)

1) AllShare : Integrated Service Solution of SEC (IT/Smart CE/Non-IT Devices)


5. Differentiated Device Solutions 6. Eco-friendly Solutions

Differentiate mobile device
Develop eco-friendly core technologies
through innovative module solution
& create new business opportunities
& sensor application

 Camera SoC (DSC/CAM common)  Energy management (HEMS, BEMS)
 Mobile camera module  Energy saving (printer, air conditioner)
 Sensor application  Life-care solution
 New function module (EMR1) pen) (Water/Air care, u-Health, etc.)
 Clean material

1) EMR: Electro Magnetic Resonance © 2011 SAMSUNG Electronics Co.

Future Computing Trends

Changes in
Computing

Closed Keyboard/Mouse Multitouch Augmented Reality Gesture Interactive 3D UI Open
Voice Call, SMS Video Call, MMS Eye-Tracking Manytouch Realtime Web Distributed
Centralized
Correct Info. Centeralized/Concentrated Distributed/Scattered Correct+Timely Info.
Stationary Known Comm. Entities Unknown/Utrusted Comm. Entities Mobile
Collaboration Sensor
Keyboard/ Network
Mouse Every Node
as Both of
Local Multitouch Client/Server
Personal Cloud
Store
Computer
Embedded Single-core Multi-core Many-core

IT Single-core Multi-core Many-core
UC Berkeley [2009] [2012] [2017]
Sensornet Chip Tiger 1GHz Single-Core ARM 2GHz 4-core ARM 3GHz 8-core
(TI MSP430 8MHz Dunnington 3GHz 6-core Intel 4GHz 32-core Intel 6GHz 128-core
core, 10KB RAM) SensorNet Chip
(128MHz core, 160KB RAM)

“Privacy” “Realtime”

Industry Trends
Introduction of Virtualization Technology in Embedded Devices
Strengthening of Smartphone Features

Ubiqitous Wind River
Instant Boot MS Widnows Google
Acquisition Symbian OS
(Android Google Linux based Phone 7 Chrome OS
(VxWorks, RTLinu Open source OS
quick boot: Andriod mobile OS (’2010 4Q) (’2010 4Q)
x) (2010.02)
(2010.01) Middleware

Trango XenDesktop
Acquisition / XenApp
Desktop/App. VirtualLogix
(2008,11) VMWare VLX for ARM Nirvana Phone
Virtualization
MVP RTOS. Mpcore (Virtual Desktop
(2009.01) (2010. 02) w/ Phone(2011) Virtualization

Google
Google
Apple Android
Chrome Browser
iOS Sandbox &
Sandbox Permission-based
Sandbox & System
Renderer Process Isolation Security
Access Control
* RTM : Root of Trust Measurement


Why CE Virtualization?
1 – HW Consolidation: AP(Application Processor) and BP(Baseband Processor) can share
multicore ARM CPU SoC in order to run both Linux and Real-time OS efficiently.

2 – OS Isolation: important call services can be effectively separated from downloaded third party
applications by Xen ARM combined with access control.

3 – Rich User Experience: multiple OS domains can run concurrently on a single smartphone.

1 2 3

를

Secure

Nucleus
Android
Kernel

Linux
GPOS RTOS

Virtualization SW ( Realtime Hypervisor)
V-Core V-Core V-Core V-Core V-Core V-Core V-Core V- Core

Core Core Core Core
Linux 1 Linux 2
Memory
Multi - Core Peri Important Hypervisor Hypervisor
services H/W
Hardware
AP SoC +BP SoC -> Consolidated Multicore SoC Secure Smartphone Rich Applications from Multiple OS


Goals

 Lightweight virtualization for secure 3G/4G mobile devices
 High performance hypervisor based on ARM processor
 Fine-grained access control fitted to mobile devices

Architecture of Xen ARM
VM 0 VM n

Application Lightweight Xen-Tools Application
Application Application

Guest Backend Drivers Frontend Drivers
Domain
Native Drivers

VM Interface VM Interface

Secure
Xen ARM Domain Resource Access
Hypervisor Manager Allocator Control

Hardware System
Peripheral CPU UART
Devices Memory


Overview
Logical
mode
split
 CPU virtualization
 Virtualization requires 3 privilege CPU levels, but ARM supports 2 levels Xen ARM mode 

 Xen ARM mode: supervisor mode ( most privileged level) virtual kernel mode 
virtual user mode 
 Virtual kernel mode: User mode ( least privileged level)
 Virtual user mode: User mode ( least privileged level)

VM 2
VM 0 VM 1 VM 2 Xen ARM
 Memory virtualization Address
Spaces
Address
Spaces
Address
Spaces
VM 1
Kernel
 VM’s local memory should be VM 0
User Process
User Process
User Process
User Process
protected from other VMs Xen ARM
MMU
 Xen ARM switches VM’s virtual address space Xen ARM
Physical Virtual
Address Space Address Space
using MMU
 VM is not allowed to manipulate MMU directly
VM0 (Linux) VM1 (Linux )

Application
Application
 I/O virtualization
Front-end
 Split driver model of Xen ARM Native
driver
Back-end
driver
driver

 Client & Server architecture for shared I/O devices
I/O event
 Client: frontend driver Interrupt
Xen ARM
 Server: native/backend driver Device


Performance Evaluation


Virtualization Overhead
Micro-benchmark Results
LMBENCH Micro Benchmark ( Bandwidth )
 Evaluation Environments : Samsung
Blackjack Phone
 CPU : Xscale PXA310, 624MHz
Higher is better
 L1 Cache : 32KB + 32KB
 L2 Cache : 256KB (Disabled)
 Memory : 128MB
 Guest OS: Linux-2.6.21

LMBENCH Micro Benchmark ( latency )

Lower is better


Virtualization Overhead Comparison
Benchmark Results
9
 Evaluation Environments : Samsung Higher is better Xen/ARM L4
8

Relative Performance
Blackjack Phone
7
 CPU : Xscale PXA310, 624MHz
6
5
 L2 Cache : 256KB (Disabled)
4
 Memory : 128MB
3
2
1
0

AIM7 Macro Benchmark S : size(byte)
P : # of processes
Normalized Performance

1

0.8

0.6 Native Linux
Xen/ARM
0.4
L4
0.2

0
1 2 3
Number of Tasks


Performance Comparison
Micro-benchmark Results

Lower is better
1600
 Evaluation Environments : nVidia Tegra250
 CPU : Cortex-A9 1GHz Dual Core
1400 Native Linux Para-virtualized Linux
 L2 Cache : 1MB
1200
 Memory : 1GB
1000

(Latency) usec
800

600

400

200

0



Real-time Performance
• Evaluation Environment  Cyclictest benchmark repeats
Category Description 1. RT task sleeps for 10ms
2. Timer interrupt will occur after 10ms
H/W CPU Cortex-A9 / 1GHz / Dual Core 3. Timer interrupt wakes up the RT
(Tegra250
) RAM 1GB
domain(uC/OS-II)
4. uC/OS-II preempts Xen ARM
S/W Hypervisor Xen ARM 5. RT task is scheduled
6. RT task logs timestamp
Guest OS Linux-2.6.29
(DOM0) (Running Busy Loop Task)
Guest OS uC/OS-II
(DOM1) (Running RT Task : Cyclictest benchmark)

Native(uC/OS-II)

Min Avg Max

9995 9996.810169 10000

Xen ARM(uC/OS-II)

Min Avg Max
Response Overhead(3us)
9996 9999.327119 10001

Unit : usec


Effectiveness of Access Control

CPU Utilization: Network
Test Environment Domain0 (IDD) Domain1

iperf
(client) Policy
net_atk CPU 100
bonnie
M anager
mtd_atk
Usage
iperf
(server)
Linux
(%) 80
Linux kernel v2.6.21
minicom Kernel
I/O ACM v2.6.21
60 TcN0
Linux
kernel Secure Xen on ARM
TcN1
40
TcN2
Serial Cable M easurement 20 TcN3
Cable

WT3000 power m eter 0
Linux PC SGH-i780
3 6 9 12 15 18 21 24 27 30
net_atk: UDP packet flooding (sending out UDP packets with the size Time
of 44,160 bytes every 1000 usecs) (Sec)
mtd_atk: overwhelming NAND READ operations (scanning every
directory in the filesystem and reading file contents) CPU Utilization: Storage
CPU 100
Usage
Test Cases (%) 80
Network I/O Test Storage I/O Test
Cases Cases
60 TcS0
No Attack TcN0 TcS0
TcS1
Under Attack 40
TcN1 TcS1 TcS2
(No I/O ACM)
Under Attack 20 TcS3
TcN2 TcS2
(20% I/O ACM Policy)
0
Under Attack
TcN3 TcS3
(10% I/O ACM Policy) 3 6 9 12 15 18 21 24 27 30
Time
(Sec)


Effectiveness of Access Control
Throughput: Network
No attack
800
700
Throughput (KB/Sec)

600  Effectiveness of our access control:
500 UDP
throughput increase and power consumption
Under decrease even under malware attack
400
attack TCP
300
200
100
0
TcN0 TcN1 TcN2 TcN3 Power Consumption
Test Cases No attack Under attack

Throughput: Storage 3

No attack
4500 2.5
Throughput (KB/Sec)

4000
2
3500
Under
3000
attack 1.5 Network
2500 Seq.out
Storage
2000 Seq.in
1
1500 Rand.seek

1000 0.5
500
Test Cases
0 0
TcS0 TcS1 TcS2 TcS3 TcN0/TcS0 TcN1/TcS1 TcN2/TcS2 TcN3/TcS3
Test Cases Test Cases


History of Xen ARM
„04 „08 „09 „10 „11

Xen ARM 1st Xen ARM 2nd Xen ARM 3rd Xen ARM 4th Xen ARM 5th
x86 Xen Hypervisor
Release: Release: Release: Release: Release: Cortex-A9
Release
ARM9 Xen Paravirtualized ARM11MPCore Performance MPCore Support
(Cambridge University)
Hypervisor, M Linux kernel Support Optimization (Samsung)
ini-OS (v2.6.24), Xen tool (Samsung) (Samsung)
(Samsung) (Samsung)

Xen ARM Open Source Community

 http://wiki.xensource.com/xenwiki/XenARM

Supported Hardware & Guest OS(Stand-alone Version)

 Linux v2.6.11, v2.6.18, v2.6.21, v2.6.24, v2.6.27
 ARM926EJ-S (i.MX21, OMAP5912)
(multicore supported)
 Xscale 3rd Generation Architecture  uC/OS-II
(PXA310, Samsung SGH- i780)
 ARM1136/ARM1176(Core Only)
 Goldfish (EQMU Emulator)
 Versatile Platform Board
 ARM11MPCore (Realview PB11MP)
 Tegra250


Future Roadmap of Xen ARM
„11 „12 „13

Finish initial merge Lightweight version of
Xen tools
Cortex-A15 Support
Mainline Merging

 Integration of Xen ARM with mainline (80% completed)
 Rebased on the recent xen-unstable.hg
 Many parts of the Xen ARM has been rewritten for the integration.

 Dynamic domheap allocation
 Support of “pseudo-physical to machine translation” is ongoing.

 Dynamic xenheap expansion
 Xenheap could be expanded on demand
 Initially Xen ARM reserves 1MB(1 Section) of memory for heap


Xen ARM Development / Contribution Model
Development / Contribution Model

Xen ARM
Developers

ARM Specific
Patches

xen-devel mailing Xen arm mailing
(Review) (Review)

Patches
Commit Commit

Pull

xen-unstable.hg xen-arm.git


Issues
Xen-Tools
- Porting to ARM architecture is required
• Currently libxc does not support ARM architecture.

Real-time
- Implementing Real-time Scheduler
• How does the VMM knows which domain requires real-time scheduling?.
- Implementing VMM Preemption
• How to minimize interrupts and event latency within the view of VM? (for VM perspective)
Access Control


Thank You !


Issue: Xen-Tools
Lightweight version of Xen-tools

 Python-based xend/xm too heavy for small devices.

 Lightweight version of xend/xm for embedded devices
 Adopt Plug-in architecture
 To avoid re-compilation when new virtual device introduced.

Python-based Xm/Xend
Memory Usage Several tens of MB Several hundreds of KB.
Latency Several seconds < 1 second

xenstored

Socket

Dynamic
IPC Load / Unload
xm Xend
(Written by C) (Written by C) Plug-ins
(Extension)


Issue: Real-time vs. Throughput
• Evaluation Environment  Cyclictest benchmark repeats
Category Description 1. RT task sleeps for 10ms
2. Timer interrupt will occur after 10ms
H/W CPU Cortex-A9 / 1GHz / Dual Core 3. Timer interrupt wakes up the RT
(Tegra250)
RAM 1GB
domain(uC/OS-II)
4. uC/OS-II preempts Xen ARM
S/W Hypervisor Xen ARM 5. RT task is scheduled
6. RT task logs timestamp
Guest OS Linux-2.6.29
(DOM0) (Running Busy Loop Task)
Guest OS uC/OS-II
(DOM1) (Running RT Task : Cyclictest benchmark)

Native(uC/OS-II)

Min Avg Max

9995 9996.810169 10000

Xen ARM(uC/OS-II)

Min Avg Max
Response Overhead(3us)
9996 9999.327119 10001

Unit : usec


Issue: Access Control
sHype, XSM and our ACM

sHype[SAI05] XSM [COK06] Xen ARM ACM

Access Control Flexible based on Flexible based on Flexible based on Flask(TE and
Policies Flask(TE and Chinese Flask(TE and Chinese proprietary policy)
Wall) Wall, RBAC, MLS, and
MCS)

Objects of Access Virtual resources and Physical/virtual Physical/virtual resources and
Control domain management resources and domain domain management
management
Protection against N/A N/A Memory, battery, DMA, and
mobile malware- event channels are controlled by
based DoS attacks ACM
Access control to Enforced by ACM at Enforced by ACM at Enforced by ACM at each
objects in each VMM VMM domain(for performance reason)
guest domain

Etc Xen ARM specific hooks


Comparison of ARM vs. x86 Virtualizability
Comparison

x86 ARM
Ring Compression Segmentation and Paging Paging and Domain Protection
(Protection mechanisms)
Cache Architecture PIPT VIVT / VIPT / PIPT
I/O I/O Instructions + memory- Only memory-mapped I/O
mapped I/O
# of privilege levels 4 2


Mobile Malware Confidential

[Source: F-Secure]

• Number of mobile malware 500 400 421
400 345
– More than 420 mobile phone viruses
(2008) 300
200 146
– Tens of thousands of infections
worldwide 100 27
0
2004 2005 2006 2007 2008
[Source: McAfee]
• Concerns about mobile phone security 100% 6.9 13.9
16.1 18.4
– by market 80%

60%
93.1 86.1
83.9 81.6
40%
Feel safe
20%
Concerned
0%
UK US Japan Total

SW Platform Team.
Mobicom'09, September 20-25, 2009, Beijing, China 33 / 27

Current Status of Xen ARM
Changeset

Common files which have been modified
Directory File Comment

xen Rules.mk - override TARGET_SUBARCH := $(XEN_TARGET_ARCH)
+ override TARGET_SUBARCH :=
$(XEN_TARGET_SUBARCH)
xen/common page_alloc.c Add reserve_boot_pages() function

xen/drivers Makefile Exclude x86 dependent device drivers when Xen is built for ARM
architecture
xen/include/public Xen.h Add preprocessor macros to include arch-arm.h header file.
xen/include/xen libelf.h Add preprocessor macros to support ARM architecture.

New files
• We wrote xxx files for ARM architecture


Xen ARM Access Control
Protect unauthorized access to system resources from a compromised
domain

37 access control enforcers in
Secure Domain Normal Domain hypercalls
Secure App1 Secure App2 App2
App1 Flexible architecture based on
Secure SW App4
Policy Manager Installer App3 Flask
Backend Access Control Frontend  Currently, 5 access control
Driver Module Driver
Kernel Kernel models supported (TE, BLP, Biba,
CW, Samsung Proprietary)
Access Control Cryptographic
Policy Conductor Operation IF 1. hypercall
Access control of the resources
2. Access control query

Access Control 3. Decision  Physical resources (TE,
Hooks
Decision Maker
Decision Cache VMM Samsung Proprietary)
• Memory, CPU, I/O space, IRQ
SoC NAND Flash Devices
Secure ROM
CPU  Virtual resources (TE, BLP, Biba)
Master Key, Bootloader
• Event-channel, grant table
 Domain management (CW)
• Domain creation/destroy


Keynote Speech: Xen ARM Virtualization

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (11)

Similar to Keynote Speech: Xen ARM Virtualization

Similar to Keynote Speech: Xen ARM Virtualization (20)

More from The Linux Foundation

More from The Linux Foundation (20)

Recently uploaded

Recently uploaded (20)

Keynote Speech: Xen ARM Virtualization