Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Xen and the art of embedded virtualization (ELC 2017)


Published on

Hypervisors are becoming more and more widespread in embedded environments, from automotive to medical and avionics. Their use case is different from traditional server and desktop virtualization, and so are their requirements. This talk will explain why hypervisors are used in embedded, and the unique challenges posed by these environments to virtualization technologies.

Xen, a popular open source hypervisor, was born to virtualize x86 Linux systems for the data center. It is now the leading open source hypervisor for ARM embedded platforms. The presentation will show how the ARM port of Xen differs from its x86 counterpart. It will go through the fundamental design decisions that made Xen a good choice for ARM embedded virtualization. The talk will explain the implementation of key features such as device assignment and interrupt virtualization.

Published in: Software
  • Login to see the comments

Xen and the art of embedded virtualization (ELC 2017)

  1. 1. Stefano Stabellini @stabellinist Xen on ARM, and the Art of Embedded Virtualization Security, Isolation, Partitioning
  2. 2. Why Xen? Why an hypervisor?
  3. 3. Galois SMACCMPPilot Demo Xen Summit 2014
  4. 4. Why Xen? • Efficiency and Consolidation • Isolation and Partitioning • Componentization • Resilience • Scaling • Portability
  5. 5. Xen: a type-1 hypervisor Hardware Xen Dom0 DomU HW drivers PV backends PV Frontends DomU PV Frontends DomU PV Frontends
  6. 6. Xen: the gears of the cloud • Large user base (> 10M individual users) • Powers the largest clouds in production • Not just servers
  7. 7. Xen: Open Source
  8. 8. Xen: Open Source partial
  9. 9. Embedded != Cloud Different requirements: • short boot times • small footprint • small codebase (certifications) • non-PCI device assignment • driver domains • low, deterministic irq latency • real time schedulers • co-processor virtualization
  10. 10. Xen on ARM • A lean and simple architecture – No cruft – No emulation, No QEMU – Small attack surface – One type of guest • Exploit the hardware as much as possible • A very good match for the hardware • Clean architecture = a very small code base – Xen, ARM and ARM64 =~ 30K LOC
  11. 11. Xen on ARM: a perfect match for the HW
  12. 12. Xen on ARM: unique features • Device Passthrough (even Non-Discoverable Devices) – iomem and irqs VM config parameters • No guest firmware by default - fast VM boot • Certifications efforts ongoing • Low, Deterministic IRQ latency (WARM_MAX < 2000ns)
  13. 13. Low IRQ latency: no maintenance interrupts DomU Xen irq 109 virq 109 DomU Xen EOI DomU Xen Maintenance interrupt GICH_LR Write GICH_LR Clear
  14. 14. Low IRQ latency: physical follow virtual vcpu0 vcpu1 pcpu0 pcpu1 irq 109 virq 109
  15. 15. Low IRQ latency: physical follow virtual vcpu0 vcpu1 pcpu0 pcpu1 irq 109 virq 109
  16. 16. Low IRQ latency: physical follow virtual vcpu0 vcpu1 pcpu0 pcpu1 irq 109 virq 109
  17. 17. Xen Schedulers CPU CPU CPU CPU CPU CPU CPU CPU
  18. 18. Xen Schedulers CPU CPU CPU CPU CPU CPU CPU CPU Real Time Scheduler ARINC 653 Regular VM Scheduler Credit Dedicated to 1 VCPU Dedicated to 1 VCPU
  19. 19. Memory Introspection
  20. 20. PV Protocols Existing: net, block, console, keyboard, mouse, framebuffer, XenGT New: 9pfs, PVCalls, Multi Touch, Sound, Display
  21. 21. Driver Domains Hardware Xen Dom0 DomU NetFront Disk Driver Domain Toolstack Disk Driver BlockBack Network Driver Domain Network Driver NetBack BlockFront
  22. 22. Automotive Hardware Xen Dom0 Linux Control Domain UI Domain Automotive Grade Android HW Drivers GPU Driver PV Block & Net frontends PV Block & Net Backends Audio Driver
  23. 23. GlobalLogic
  24. 24. EPAMEPAM
  25. 25. EPAM: DEMO
  26. 26. Xilinx Zynq MPSoC Xen Dom0 Linux Baremetal App Toolstack FPGA Driver Baremetal App FPGA Driver Baremetal App FPGA Driver Baremetal App FPGA Driver FPGA Dedicated CPU Dedicated CPU Dedicated CPU Dedicated CPU
  27. 27. Xen: best security process in the industry • A very transparent process • Responsible disclosure • Few security issues for Xen on ARM • Xen stable trees maintained for security for 3 years
  28. 28. Release process • 6 month release – December – June • Xen 4.8 released on the 5th of December 2016 • Xen 4.9 planned for the 2nd of June 2017
  29. 29. Xen on ARM: what’s next ● Guest creation directly from Xen at boot via Device Tree ● Dynamic Memory Map ● Setup VM-to-VM communication channels from VM config
  30. 30. More resources • Port Xen to a new SOC: • Add Xen support Xen to your OS: • Xen on ARM whitepaper: • Xen on ARM wiki: • Device Passthrough presentation: • OE meta-virtualization Xen recipe: • OpenXT (Xen + OpenEmbedded): • Biweekly ARM Community Call:
  31. 31. Please engage! • Xen devel ML: • Xen user ML: • IRC on freenode: #xenarm or #xen-devel
  32. 32. Fin