SlideShare a Scribd company logo

Extending bhyve beyond FreeBSD guests - EuroBSDCon 2013

B
bsdvirt

This document summarizes Peter Grehan's talk on extending the bhyve hypervisor beyond FreeBSD guests. It discusses the components that make up bhyve, including the vmm kernel module, bhyveload bootloader, bhyve userspace component, and bhyvectl utility. It then covers the process of developing bhyve to support non-FreeBSD guests starting with UEFI, grub, Linux, and OpenBSD. Future work on supporting NetBSD, D'FlyBSD, Illumos, and Windows is also mentioned. Thanks are given to neel and Tycho Nightingale for their contributions to bhyve's development.

Technology
1 of 21
Download to read offline
Extending bhyve beyond FreeBD guests Peter Grehan grehan@freebsd.org EuroBSDcon 2013 Sunday, September 29, 2013
What is bhyve ? • A “minimally viable x86 hypervisor” • serial console, PCI virtio block/net, 64 bit host/guests (covers most) • RequiresVT-x/EPT CPU support (core i*) • In base-system FreeBSD as of 10.0 Sunday, September 29, 2013
Pieces #1: vmm.ko • Kernel module implementing: • VT-x state setup, enter/exit context switching • Local APIC emulation • VT-d IOMMU for PCI pass-thru • Guest physical memory mgmt • user-space cdev interface • Small: 64KB text Sunday, September 29, 2013
Pieces #2: bhyveload • user-space bootloader • FreeBSD “userboot” library + bhyve API • CreatesVM; lays out kernel + metadata; sets up initialVM register state • ... and then exits. Sunday, September 29, 2013
Pieces #3: bhyve • User-space run loop • Implements PCI bus/device emulation • PCI devs - uart, virtio block/net • Device backends • stdin/out, tap device, file/block device • Threads for vCPUs, i/o devs, kqueue loop. • Small: 130KB text (less than ifconfig) Sunday, September 29, 2013
Pieces #4: bhyvectl • Simple utility • Dump/modifyVM state (registers,VMCS) • DumpVM stats (e.g. # HLT exits) • DeleteVMs Sunday, September 29, 2013
Why non-FreeBSD ? • Simple: what users expect • Intent of bhyve was always to run unmodified guests • Restricting to modified guest o/s dooms to slow decay, or as a limited audience developer-only tool • UML Linux Sunday, September 29, 2013
Ordering Development • Development started with modified guest o/s - reduces unknowns and complexity • Then moved to an unmodified guest • ... older versions of guest • ... guest o/s’s with source access/buildability • binary-only guest o/s’s last. Sunday, September 29, 2013
First “other”: UEFI • BSD-licensed BIOS replacement • “OVMF” build target for virtual machines • Extracts parameters from hypervisor • Memory map, # CPUs etc Sunday, September 29, 2013
UEFI issues • Simple linear loader, but with 16-bit entry • set up memory area for params • Wanted 8259/8254 for timer support • Replaced with HPET • PCI BARs reprogrammed • Blew away PCI serial port: changed to use LPC bridge and ISA-style addresses Sunday, September 29, 2013
grub • “grub-emu” build target for user-space • Mainly for filesystem debug • Hacked^h^h^h^hCo-opted for a Linux/ *BSD userspace loader Sunday, September 29, 2013
grub-1.98 • grub-emu builds OOTB on FreeBSD • However, boot-loader code assumes 32- bit. Lots of 64-bit issues • Assumes it is running in target address space with linear mapping • Direct pointer derefs • Trampolines to launch o/s • Too much conditional code. Abandoned. Sunday, September 29, 2013
grub-2.00 • grub-emu nightmare build on FreeBSD • gnulib, aaaargh !!! • Once done, excellent clean codebase • Indirection for target mem/reg sets • Easy interface to bhyve API • No conditional code in Linux/*BSD loaders Sunday, September 29, 2013
Linux • 32-bit “flat” entry point • Intended for non-BIOS environments • Well documented ! • RequiresVT-x ‘unrestricted guest’ support • Lots of trial and error to fix initial TR/TSS state to avoid “invalid guest state” exit on vmenter Sunday, September 29, 2013
Linux #2 • CR0 unconditional write exposed bug • Lots of CPUID probing • Required hiding more and more fields • Lots of MSRs that required emulation/ ignorance • “Interesting” use of 8254 timer Sunday, September 29, 2013
Mo’ Linux • Requires PCI hostbridge, or no PCI probing • ISO initrd doesn’t have virtio block drivers • Fixed with GSoC AHCI emulation • IOAPIC changed to ignore level-trigger • SMP, virtio devices worked fine • No custom kernels. Lots of code reading Sunday, September 29, 2013
OpenBSD • Using 5.3. Not quite working. • Well supported by grub-2.00 • No MSI in virtio drivers • Well... non-standard and bhyve-specific • 1-line change, committed (thanks!) Sunday, September 29, 2013
OpenBSD #2 • APIC code exposed instruction emul bugs • RIP-relative addressing, SIB + displacement • Required RTC NVRAM implementation • PCI MSI capability writes to r/o regs • Fine on real h/w; no point in trapping • Extensive kernel rebuilds for debug Sunday, September 29, 2013
Future o/s’s • NetBSD - no MSI in drivers (fixed?) • D’flyBSD - BIOS emul for loader • Illumos • Requires BIOS emul • Useful for ZFS development • Windows - daunting, no source Sunday, September 29, 2013
Thanks to... • neel@freebsd.org, who did (and does) all the hard stuff • Tycho Nightingale from Pluribus Networks who contributed the UEFI work Sunday, September 29, 2013
Questions ? Sunday, September 29, 2013

Recommended

Look Into Libvirt Osier Yang
Look Into Libvirt Osier YangLook Into Libvirt Osier Yang
Look Into Libvirt Osier Yang
OpenCity Community
 
Libvirt and bhyve under FreeBSD
Libvirt and bhyve under FreeBSDLibvirt and bhyve under FreeBSD
Libvirt and bhyve under FreeBSD
Craig Rodrigues
 
XPDS14: libvirt support for libxenlight - James Fehlig, SUSE
XPDS14: libvirt support for libxenlight - James Fehlig, SUSEXPDS14: libvirt support for libxenlight - James Fehlig, SUSE
XPDS14: libvirt support for libxenlight - James Fehlig, SUSE
The Linux Foundation
 
Cis222 2
Cis222 2Cis222 2
Cis222 2
Russ Ferriday
 
Intro To Gentoo Embedded Cclug
Intro To Gentoo Embedded CclugIntro To Gentoo Embedded Cclug
Intro To Gentoo Embedded Cclug
Steve Arnold
 
unga - boosting opensim
unga - boosting opensimunga - boosting opensim
unga - boosting opensim
Impalah Shenzhou
 
Kernel Recipes 2013 - Conditional boot
Kernel Recipes 2013 - Conditional bootKernel Recipes 2013 - Conditional boot
Kernel Recipes 2013 - Conditional boot
Anne Nicolas
 
Fundamental Virtualisasi di openSUSE
Fundamental Virtualisasi di openSUSEFundamental Virtualisasi di openSUSE
Fundamental Virtualisasi di openSUSE
utianayuba
 

Recommended

Look Into Libvirt Osier Yang
Look Into Libvirt Osier YangLook Into Libvirt Osier Yang
Look Into Libvirt Osier Yang
OpenCity Community
 
Libvirt and bhyve under FreeBSD
Libvirt and bhyve under FreeBSDLibvirt and bhyve under FreeBSD
Libvirt and bhyve under FreeBSD
Craig Rodrigues
 
XPDS14: libvirt support for libxenlight - James Fehlig, SUSE
XPDS14: libvirt support for libxenlight - James Fehlig, SUSEXPDS14: libvirt support for libxenlight - James Fehlig, SUSE
XPDS14: libvirt support for libxenlight - James Fehlig, SUSE
The Linux Foundation
 
Cis222 2
Cis222 2Cis222 2
Cis222 2
Russ Ferriday
 
Intro To Gentoo Embedded Cclug
Intro To Gentoo Embedded CclugIntro To Gentoo Embedded Cclug
Intro To Gentoo Embedded Cclug
Steve Arnold
 
unga - boosting opensim
unga - boosting opensimunga - boosting opensim
unga - boosting opensim
Impalah Shenzhou
 
Kernel Recipes 2013 - Conditional boot
Kernel Recipes 2013 - Conditional bootKernel Recipes 2013 - Conditional boot
Kernel Recipes 2013 - Conditional boot
Anne Nicolas
 
Fundamental Virtualisasi di openSUSE
Fundamental Virtualisasi di openSUSEFundamental Virtualisasi di openSUSE
Fundamental Virtualisasi di openSUSE
utianayuba
 
Development platform virtualization using qemu
Development platform virtualization using qemuDevelopment platform virtualization using qemu
Development platform virtualization using qemu
Premjith Achemveettil
 
Vagrant
VagrantVagrant
Vagrant
Evans Ye
 
Vagrant & Docker
Vagrant & DockerVagrant & Docker
Vagrant & Docker
Joao Antonio Ferreira (Parana)
 
Docker Tutorial
Docker TutorialDocker Tutorial
Docker Tutorial
Tatsuya Yagi
 
Virtualization with qemu-kvm and libvirt on openSUSE 42.2
Virtualization with qemu-kvm and libvirt on openSUSE 42.2Virtualization with qemu-kvm and libvirt on openSUSE 42.2
Virtualization with qemu-kvm and libvirt on openSUSE 42.2
Benny Dito
 
20110522kernelvm xen+virtio
20110522kernelvm xen+virtio20110522kernelvm xen+virtio
20110522kernelvm xen+virtio
Takeshi HASEGAWA
 
Unix Ramblings
Unix RamblingsUnix Ramblings
Unix Ramblings
Bill Miller
 
Docker + Arm - Multi-arch builds with Docker `buildx`
Docker + Arm - Multi-arch builds with Docker `buildx`Docker + Arm - Multi-arch builds with Docker `buildx`
Docker + Arm - Multi-arch builds with Docker `buildx`
Elton Stoneman
 
The consortium 基于状态的数据中心自动化管理工具
The consortium 基于状态的数据中心自动化管理工具The consortium 基于状态的数据中心自动化管理工具
The consortium 基于状态的数据中心自动化管理工具
Leo Zhou
 
Computer, end program
Computer, end programComputer, end program
Computer, end program
Sameer Verma
 
openSUSE12.2 Review
openSUSE12.2 ReviewopenSUSE12.2 Review
openSUSE12.2 Review
SUSE Labs Taipei
 
EcamScript (ESM) It's about time !
EcamScript (ESM) It's about time !EcamScript (ESM) It's about time !
EcamScript (ESM) It's about time !
Sébastien Pertus
 
Virtualization for Developers
Virtualization for DevelopersVirtualization for Developers
Virtualization for Developers
John Coggeshall
 
Kernel Recipes 2013 - Crosstool-NG, a cross-toolchain generator
Kernel Recipes 2013 - Crosstool-NG, a cross-toolchain generatorKernel Recipes 2013 - Crosstool-NG, a cross-toolchain generator
Kernel Recipes 2013 - Crosstool-NG, a cross-toolchain generator
Anne Nicolas
 
Deploying to Ubuntu on Linode
Deploying to Ubuntu on LinodeDeploying to Ubuntu on Linode
Deploying to Ubuntu on Linode
WO Community
 
Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...
Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...
Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...
inside-BigData.com
 
Make own you kernel os
Make own you kernel osMake own you kernel os
Make own you kernel os
Ramin Farajpour Cami
 
NetBSD on Google Compute Engine (en)
NetBSD on Google Compute Engine (en)NetBSD on Google Compute Engine (en)
NetBSD on Google Compute Engine (en)
Ryo ONODERA
 
Linux kernel system call
Linux kernel system callLinux kernel system call
Linux kernel system call
Ramin Farajpour Cami
 
Gentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile EverythingGentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile Everything
Donnie Berkholz
 
Optimizing VM images for OpenStack with KVM/QEMU
Optimizing VM images for OpenStack with KVM/QEMUOptimizing VM images for OpenStack with KVM/QEMU
Optimizing VM images for OpenStack with KVM/QEMU
OpenStack Foundation
 
Opening last bits of the infrastructure
Opening last bits of the infrastructureOpening last bits of the infrastructure
Opening last bits of the infrastructure
Erwan Velu
 

More Related Content

What's hot

Development platform virtualization using qemu
Development platform virtualization using qemuDevelopment platform virtualization using qemu
Development platform virtualization using qemu
Premjith Achemveettil
 
Vagrant
VagrantVagrant
Vagrant
Evans Ye
 
Vagrant & Docker
Vagrant & DockerVagrant & Docker
Vagrant & Docker
Joao Antonio Ferreira (Parana)
 
Docker Tutorial
Docker TutorialDocker Tutorial
Docker Tutorial
Tatsuya Yagi
 
Virtualization with qemu-kvm and libvirt on openSUSE 42.2
Virtualization with qemu-kvm and libvirt on openSUSE 42.2Virtualization with qemu-kvm and libvirt on openSUSE 42.2
Virtualization with qemu-kvm and libvirt on openSUSE 42.2
Benny Dito
 
20110522kernelvm xen+virtio
20110522kernelvm xen+virtio20110522kernelvm xen+virtio
20110522kernelvm xen+virtio
Takeshi HASEGAWA
 
Unix Ramblings
Unix RamblingsUnix Ramblings
Unix Ramblings
Bill Miller
 
Docker + Arm - Multi-arch builds with Docker `buildx`
Docker + Arm - Multi-arch builds with Docker `buildx`Docker + Arm - Multi-arch builds with Docker `buildx`
Docker + Arm - Multi-arch builds with Docker `buildx`
Elton Stoneman
 
The consortium 基于状态的数据中心自动化管理工具
The consortium 基于状态的数据中心自动化管理工具The consortium 基于状态的数据中心自动化管理工具
The consortium 基于状态的数据中心自动化管理工具
Leo Zhou
 
Computer, end program
Computer, end programComputer, end program
Computer, end program
Sameer Verma
 
openSUSE12.2 Review
openSUSE12.2 ReviewopenSUSE12.2 Review
openSUSE12.2 Review
SUSE Labs Taipei
 
EcamScript (ESM) It's about time !
EcamScript (ESM) It's about time !EcamScript (ESM) It's about time !
EcamScript (ESM) It's about time !
Sébastien Pertus
 
Virtualization for Developers
Virtualization for DevelopersVirtualization for Developers
Virtualization for Developers
John Coggeshall
 
Kernel Recipes 2013 - Crosstool-NG, a cross-toolchain generator
Kernel Recipes 2013 - Crosstool-NG, a cross-toolchain generatorKernel Recipes 2013 - Crosstool-NG, a cross-toolchain generator
Kernel Recipes 2013 - Crosstool-NG, a cross-toolchain generator
Anne Nicolas
 
Deploying to Ubuntu on Linode
Deploying to Ubuntu on LinodeDeploying to Ubuntu on Linode
Deploying to Ubuntu on Linode
WO Community
 
Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...
Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...
Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...
inside-BigData.com
 
Make own you kernel os
Make own you kernel osMake own you kernel os
Make own you kernel os
Ramin Farajpour Cami
 
NetBSD on Google Compute Engine (en)
NetBSD on Google Compute Engine (en)NetBSD on Google Compute Engine (en)
NetBSD on Google Compute Engine (en)
Ryo ONODERA
 
Linux kernel system call
Linux kernel system callLinux kernel system call
Linux kernel system call
Ramin Farajpour Cami
 
Gentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile EverythingGentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile Everything
Donnie Berkholz
 

What's hot (20)

Development platform virtualization using qemu
Development platform virtualization using qemuDevelopment platform virtualization using qemu
Development platform virtualization using qemu
 
Vagrant
VagrantVagrant
Vagrant
 
Vagrant & Docker
Vagrant & DockerVagrant & Docker
Vagrant & Docker
 
Docker Tutorial
Docker TutorialDocker Tutorial
Docker Tutorial
 
Virtualization with qemu-kvm and libvirt on openSUSE 42.2
Virtualization with qemu-kvm and libvirt on openSUSE 42.2Virtualization with qemu-kvm and libvirt on openSUSE 42.2
Virtualization with qemu-kvm and libvirt on openSUSE 42.2
 
20110522kernelvm xen+virtio
20110522kernelvm xen+virtio20110522kernelvm xen+virtio
20110522kernelvm xen+virtio
 
Unix Ramblings
Unix RamblingsUnix Ramblings
Unix Ramblings
 
Docker + Arm - Multi-arch builds with Docker `buildx`
Docker + Arm - Multi-arch builds with Docker `buildx`Docker + Arm - Multi-arch builds with Docker `buildx`
Docker + Arm - Multi-arch builds with Docker `buildx`
 
The consortium 基于状态的数据中心自动化管理工具
The consortium 基于状态的数据中心自动化管理工具The consortium 基于状态的数据中心自动化管理工具
The consortium 基于状态的数据中心自动化管理工具
 
Computer, end program
Computer, end programComputer, end program
Computer, end program
 
openSUSE12.2 Review
openSUSE12.2 ReviewopenSUSE12.2 Review
openSUSE12.2 Review
 
EcamScript (ESM) It's about time !
EcamScript (ESM) It's about time !EcamScript (ESM) It's about time !
EcamScript (ESM) It's about time !
 
Virtualization for Developers
Virtualization for DevelopersVirtualization for Developers
Virtualization for Developers
 
Kernel Recipes 2013 - Crosstool-NG, a cross-toolchain generator
Kernel Recipes 2013 - Crosstool-NG, a cross-toolchain generatorKernel Recipes 2013 - Crosstool-NG, a cross-toolchain generator
Kernel Recipes 2013 - Crosstool-NG, a cross-toolchain generator
 
Deploying to Ubuntu on Linode
Deploying to Ubuntu on LinodeDeploying to Ubuntu on Linode
Deploying to Ubuntu on Linode
 
Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...
Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...
Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...
 
Make own you kernel os
Make own you kernel osMake own you kernel os
Make own you kernel os
 
NetBSD on Google Compute Engine (en)
NetBSD on Google Compute Engine (en)NetBSD on Google Compute Engine (en)
NetBSD on Google Compute Engine (en)
 
Linux kernel system call
Linux kernel system callLinux kernel system call
Linux kernel system call
 
Gentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile EverythingGentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile Everything
 

Similar to Extending bhyve beyond FreeBSD guests - EuroBSDCon 2013

Optimizing VM images for OpenStack with KVM/QEMU
Optimizing VM images for OpenStack with KVM/QEMUOptimizing VM images for OpenStack with KVM/QEMU
Optimizing VM images for OpenStack with KVM/QEMU
OpenStack Foundation
 
Opening last bits of the infrastructure
Opening last bits of the infrastructureOpening last bits of the infrastructure
Opening last bits of the infrastructure
Erwan Velu
 
Rootless Containers
Rootless ContainersRootless Containers
Rootless Containers
Akihiro Suda
 
Podman rootless containers
Podman rootless containersPodman rootless containers
Podman rootless containers
Giuseppe Scrivano
 
Easily emulating full systems on amazon fpg as
Easily emulating full systems on amazon fpg asEasily emulating full systems on amazon fpg as
Easily emulating full systems on amazon fpg as
RISC-V International
 
[CB19] Attacking DRM subsystem to gain kernel privilege on Chromebooks by Di ...
[CB19] Attacking DRM subsystem to gain kernel privilege on Chromebooks by Di ...[CB19] Attacking DRM subsystem to gain kernel privilege on Chromebooks by Di ...
[CB19] Attacking DRM subsystem to gain kernel privilege on Chromebooks by Di ...
CODE BLUE
 
Introducing Container Technology to TSUBAME3.0 Supercomputer
Introducing Container Technology to TSUBAME3.0 SupercomputerIntroducing Container Technology to TSUBAME3.0 Supercomputer
Introducing Container Technology to TSUBAME3.0 Supercomputer
Akihiro Nomura
 
The State of Rootless Containers
The State of Rootless ContainersThe State of Rootless Containers
The State of Rootless Containers
Akihiro Suda
 
MIPS-X
MIPS-XMIPS-X
MIPS-X
Zoltan Balazs
 
Identifying and Supporting 'X-compatible' Hardware Blocks
Identifying and Supporting 'X-compatible' Hardware BlocksIdentifying and Supporting 'X-compatible' Hardware Blocks
Identifying and Supporting 'X-compatible' Hardware Blocks
Chen-Yu Tsai
 
High-Performance Computing with C++
High-Performance Computing with C++High-Performance Computing with C++
High-Performance Computing with C++
JetBrains
 
Raspberry Pi Introduction
Raspberry Pi IntroductionRaspberry Pi Introduction
Raspberry Pi Introduction
Michal Sedlak
 
pkgsrc on SmartOS
pkgsrc on SmartOSpkgsrc on SmartOS
pkgsrc on SmartOS
jonperkin
 
5. IO virtualization
5. IO virtualization5. IO virtualization
5. IO virtualization
Hwanju Kim
 
Armbian linux
Armbian linuxArmbian linux
Armbian linux
igorpecovnik
 
Unraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production CloudUnraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production Cloud
Salman Baset
 
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityTokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Phil Estes
 
The end of embedded Linux (as we know it)
The end of embedded Linux (as we know it)The end of embedded Linux (as we know it)
The end of embedded Linux (as we know it)
Chris Simmonds
 
Running Applications on the NetBSD Rump Kernel by Justin Cormack
Running Applications on the NetBSD Rump Kernel by Justin Cormack Running Applications on the NetBSD Rump Kernel by Justin Cormack
Running Applications on the NetBSD Rump Kernel by Justin Cormack
eurobsdcon
 
[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020
Akihiro Suda
 

Similar to Extending bhyve beyond FreeBSD guests - EuroBSDCon 2013 (20)

Optimizing VM images for OpenStack with KVM/QEMU
Optimizing VM images for OpenStack with KVM/QEMUOptimizing VM images for OpenStack with KVM/QEMU
Optimizing VM images for OpenStack with KVM/QEMU
 
Opening last bits of the infrastructure
Opening last bits of the infrastructureOpening last bits of the infrastructure
Opening last bits of the infrastructure
 
Rootless Containers
Rootless ContainersRootless Containers
Rootless Containers
 
Podman rootless containers
Podman rootless containersPodman rootless containers
Podman rootless containers
 
Easily emulating full systems on amazon fpg as
Easily emulating full systems on amazon fpg asEasily emulating full systems on amazon fpg as
Easily emulating full systems on amazon fpg as
 
[CB19] Attacking DRM subsystem to gain kernel privilege on Chromebooks by Di ...
[CB19] Attacking DRM subsystem to gain kernel privilege on Chromebooks by Di ...[CB19] Attacking DRM subsystem to gain kernel privilege on Chromebooks by Di ...
[CB19] Attacking DRM subsystem to gain kernel privilege on Chromebooks by Di ...
 
Introducing Container Technology to TSUBAME3.0 Supercomputer
Introducing Container Technology to TSUBAME3.0 SupercomputerIntroducing Container Technology to TSUBAME3.0 Supercomputer
Introducing Container Technology to TSUBAME3.0 Supercomputer
 
The State of Rootless Containers
The State of Rootless ContainersThe State of Rootless Containers
The State of Rootless Containers
 
MIPS-X
MIPS-XMIPS-X
MIPS-X
 
Identifying and Supporting 'X-compatible' Hardware Blocks
Identifying and Supporting 'X-compatible' Hardware BlocksIdentifying and Supporting 'X-compatible' Hardware Blocks
Identifying and Supporting 'X-compatible' Hardware Blocks
 
High-Performance Computing with C++
High-Performance Computing with C++High-Performance Computing with C++
High-Performance Computing with C++
 
Raspberry Pi Introduction
Raspberry Pi IntroductionRaspberry Pi Introduction
Raspberry Pi Introduction
 
pkgsrc on SmartOS
pkgsrc on SmartOSpkgsrc on SmartOS
pkgsrc on SmartOS
 
5. IO virtualization
5. IO virtualization5. IO virtualization
5. IO virtualization
 
Armbian linux
Armbian linuxArmbian linux
Armbian linux
 
Unraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production CloudUnraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production Cloud
 
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityTokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker Security
 
The end of embedded Linux (as we know it)
The end of embedded Linux (as we know it)The end of embedded Linux (as we know it)
The end of embedded Linux (as we know it)
 
Running Applications on the NetBSD Rump Kernel by Justin Cormack
Running Applications on the NetBSD Rump Kernel by Justin Cormack Running Applications on the NetBSD Rump Kernel by Justin Cormack
Running Applications on the NetBSD Rump Kernel by Justin Cormack
 
[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020
 

Recently uploaded

Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
FODUU
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
Zilliz
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 

Recently uploaded (20)

Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 

Extending bhyve beyond FreeBSD guests - EuroBSDCon 2013

  • 1. Extending bhyve beyond FreeBD guests Peter Grehan grehan@freebsd.org EuroBSDcon 2013 Sunday, September 29, 2013
  • 2. What is bhyve ? • A “minimally viable x86 hypervisor” • serial console, PCI virtio block/net, 64 bit host/guests (covers most) • RequiresVT-x/EPT CPU support (core i*) • In base-system FreeBSD as of 10.0 Sunday, September 29, 2013
  • 3. Pieces #1: vmm.ko • Kernel module implementing: • VT-x state setup, enter/exit context switching • Local APIC emulation • VT-d IOMMU for PCI pass-thru • Guest physical memory mgmt • user-space cdev interface • Small: 64KB text Sunday, September 29, 2013
  • 4. Pieces #2: bhyveload • user-space bootloader • FreeBSD “userboot” library + bhyve API • CreatesVM; lays out kernel + metadata; sets up initialVM register state • ... and then exits. Sunday, September 29, 2013
  • 5. Pieces #3: bhyve • User-space run loop • Implements PCI bus/device emulation • PCI devs - uart, virtio block/net • Device backends • stdin/out, tap device, file/block device • Threads for vCPUs, i/o devs, kqueue loop. • Small: 130KB text (less than ifconfig) Sunday, September 29, 2013
  • 6. Pieces #4: bhyvectl • Simple utility • Dump/modifyVM state (registers,VMCS) • DumpVM stats (e.g. # HLT exits) • DeleteVMs Sunday, September 29, 2013
  • 7. Why non-FreeBSD ? • Simple: what users expect • Intent of bhyve was always to run unmodified guests • Restricting to modified guest o/s dooms to slow decay, or as a limited audience developer-only tool • UML Linux Sunday, September 29, 2013
  • 8. Ordering Development • Development started with modified guest o/s - reduces unknowns and complexity • Then moved to an unmodified guest • ... older versions of guest • ... guest o/s’s with source access/buildability • binary-only guest o/s’s last. Sunday, September 29, 2013
  • 9. First “other”: UEFI • BSD-licensed BIOS replacement • “OVMF” build target for virtual machines • Extracts parameters from hypervisor • Memory map, # CPUs etc Sunday, September 29, 2013
  • 10. UEFI issues • Simple linear loader, but with 16-bit entry • set up memory area for params • Wanted 8259/8254 for timer support • Replaced with HPET • PCI BARs reprogrammed • Blew away PCI serial port: changed to use LPC bridge and ISA-style addresses Sunday, September 29, 2013
  • 11. grub • “grub-emu” build target for user-space • Mainly for filesystem debug • Hacked^h^h^h^hCo-opted for a Linux/ *BSD userspace loader Sunday, September 29, 2013
  • 12. grub-1.98 • grub-emu builds OOTB on FreeBSD • However, boot-loader code assumes 32- bit. Lots of 64-bit issues • Assumes it is running in target address space with linear mapping • Direct pointer derefs • Trampolines to launch o/s • Too much conditional code. Abandoned. Sunday, September 29, 2013
  • 13. grub-2.00 • grub-emu nightmare build on FreeBSD • gnulib, aaaargh !!! • Once done, excellent clean codebase • Indirection for target mem/reg sets • Easy interface to bhyve API • No conditional code in Linux/*BSD loaders Sunday, September 29, 2013
  • 14. Linux • 32-bit “flat” entry point • Intended for non-BIOS environments • Well documented ! • RequiresVT-x ‘unrestricted guest’ support • Lots of trial and error to fix initial TR/TSS state to avoid “invalid guest state” exit on vmenter Sunday, September 29, 2013
  • 15. Linux #2 • CR0 unconditional write exposed bug • Lots of CPUID probing • Required hiding more and more fields • Lots of MSRs that required emulation/ ignorance • “Interesting” use of 8254 timer Sunday, September 29, 2013
  • 16. Mo’ Linux • Requires PCI hostbridge, or no PCI probing • ISO initrd doesn’t have virtio block drivers • Fixed with GSoC AHCI emulation • IOAPIC changed to ignore level-trigger • SMP, virtio devices worked fine • No custom kernels. Lots of code reading Sunday, September 29, 2013
  • 17. OpenBSD • Using 5.3. Not quite working. • Well supported by grub-2.00 • No MSI in virtio drivers • Well... non-standard and bhyve-specific • 1-line change, committed (thanks!) Sunday, September 29, 2013
  • 18. OpenBSD #2 • APIC code exposed instruction emul bugs • RIP-relative addressing, SIB + displacement • Required RTC NVRAM implementation • PCI MSI capability writes to r/o regs • Fine on real h/w; no point in trapping • Extensive kernel rebuilds for debug Sunday, September 29, 2013
  • 19. Future o/s’s • NetBSD - no MSI in drivers (fixed?) • D’flyBSD - BIOS emul for loader • Illumos • Requires BIOS emul • Useful for ZFS development • Windows - daunting, no source Sunday, September 29, 2013
  • 20. Thanks to... • neel@freebsd.org, who did (and does) all the hard stuff • Tycho Nightingale from Pluribus Networks who contributed the UEFI work Sunday, September 29, 2013