microkernel virtualization under one roof dare the
play

Microkernel virtualization under one roof - dare the impossible - - PowerPoint PPT Presentation

Jul 06, 2023 •375 likes •941 views

Microkernel virtualization under one roof - dare the impossible - Alexander Bttcher < alexander.boettcher@genode-labs.com > Outline 1. Introduction 2. Kernel interfaces 3. VM interface harmonization 4. VMMs harmonized 5. Conclusion

  1. Microkernel virtualization under one roof - dare the impossible - Alexander Böttcher < alexander.boettcher@genode-labs.com >

  2. Outline 1. Introduction 2. Kernel interfaces 3. VM interface harmonization 4. VMMs harmonized 5. Conclusion Microkernel virtualization under one roof - dare the impossible - 2

  3. Outline 1. Introduction 2. Kernel interfaces 3. VM interface harmonization 4. VMMs harmonized 5. Conclusion Microkernel virtualization under one roof - dare the impossible - 3

  4. Motivation Off-the-shell virtualization solution ridden with complexity. Application of virtualization call for trustworthy solutions. Complexity defeats trust. Alternative approach → Microkernels with hardware assisted virtualization extensions Microkernel virtualization under one roof - dare the impossible - 4

  5. Component based virtualization architecture Guest OS Guest OS Guest OS non-root mode root mode VMM VMM VMM Resource management Apps Drivers 9,000 SLOC kernel NOVA Microhypervisor Microkernel virtualization under one roof - dare the impossible - 5

  6. Genode OS framework Microkernel virtualization under one roof - dare the impossible - 6

  7. General supported kernels on Genode Microkernel virtualization under one roof - dare the impossible - 7

  8. Kernels with hardware assisted virtualization Microkernel virtualization under one roof - dare the impossible - 8

  9. VMM inventory of Genode Hardware assisted virtualization/separation support Microkernel Host VMM Guest vCPU hw ARM, 32bit custom 1, 32bit hw/trustzone ARM, 32bit custom 1, 32bit hw with Muen Intel, 64bit VBox 4 1, 32bit Seoul N , 32bit NOVA Intel & AMD VBox 4 N , 32bit, 64 bit 32bit, 64bit VBox 5 N , 32bit, 64 bit Microkernel virtualization under one roof - dare the impossible - 9

  10. Research challenge Vision: VMMs runnable on all kernels w/o re-compilation Microkernel virtualization under one roof - dare the impossible - 10

  11. Research challenge Vision: VMMs runnable on all kernels w/o re-compilation Focus on x86 microkernels for now → NOVA, seL4, Fiasco.OC, and -hw- Microkernel virtualization under one roof - dare the impossible - 10

  12. Research challenge Vision: VMMs runnable on all kernels w/o re-compilation Focus on x86 microkernels for now → NOVA, seL4, Fiasco.OC, and -hw- Approach: Generalize VM interface as used by -hw- Microkernel virtualization under one roof - dare the impossible - 10

  13. Outline 1. Introduction 2. Kernel interfaces 3. VM interface harmonization 4. VMMs harmonized 5. Conclusion Microkernel virtualization under one roof - dare the impossible - 11

  14. Flow of a virtualization event User-level VMM Guest OS � UTCB VMCS copy UTCB world switch NOVA Microkernel virtualization under one roof - dare the impossible - 12

  15. vCPU state on NOVA VMM UTCB user space kernel space UTCB VMCS/VMCB NOVA microhypervisor Transfer: UTCB, VMCS/VMCB agnostic , partial state support Microkernel virtualization under one roof - dare the impossible - 13

  16. vCPU state on Fiasco.OC VMM UTCB vCPU state user space kernel space UTCB VMCS/VMCB vCPU state Fiasco.OC microkernel Transfer: vCPU state, not VMCS/VMCB agnostic , full state Microkernel virtualization under one roof - dare the impossible - 14

  17. vCPU state on seL4 VMM IPCBuffer user space kernel space IPCBuffer VMCS vCPU state seL4 microkernel Transfer: hybrid - IPCBuffer & syscall per VMCS register IPCBuffer: VM exit - 17 registers, VM enter - 3 registers Microkernel virtualization under one roof - dare the impossible - 15

  18. Control flow on NOVA VMM UTCB thread IPC call user space kernel space IPC reply UTCB VMCS/VMCB vCPU NOVA microhypervisor Microkernel virtualization under one roof - dare the impossible - 16

  19. Control flow on Fiasco.OC VMM UTCB vCPU state thread syscall done user space vmresume kernel space (blocking) UTCB VMCS/VMCB vCPU vCPU state Fiasco.OC microkernel Microkernel virtualization under one roof - dare the impossible - 17

  20. Control flow on seL4 VMM IPCBuffer thread syscall done user space vmenter kernel space (blocking) IPCBuffer VMCS vCPU vCPU state seL4 microkernel Microkernel virtualization under one roof - dare the impossible - 18

  21. Control flow on Genode’s -hw- VMM UTCB vCPU state thread signal user space kernel space run UTCB vCPU vCPU state Genode’s -hw- microkernel (ARM) Microkernel virtualization under one roof - dare the impossible - 19

  22. Outline 1. Introduction 2. Kernel interfaces 3. VM interface harmonization 4. VMMs harmonized 5. Conclusion Microkernel virtualization under one roof - dare the impossible - 20

  23. Design goals VMM → just a component Genode components designed event driven Non-blocking thread ( entrypoint ) register for event sources Events cause transition in state machine State transition by Genode signal or RPC Microkernel virtualization under one roof - dare the impossible - 21

  24. Design goals VMM → just a component Genode components designed event driven Non-blocking thread ( entrypoint ) register for event sources Events cause transition in state machine State transition by Genode signal or RPC VM event → just another event source I/O event → just another event source Kernel agnostic ABI Unified vCPU state per platform Microkernel virtualization under one roof - dare the impossible - 21

  25. Envisioned vCPU handling VMM timer network entrypoint signal signal user space VM event kernel space vCPU0 vCPUn kernel Microkernel virtualization under one roof - dare the impossible - 22

  26. Envisioned vCPU handling - multi core VMM entrypoint A entrypoint B user space kernel space vCPU A0 ... vCPU An vCPU B0 ... vCPU Bn kernel Microkernel virtualization under one roof - dare the impossible - 23

  27. VM interface - kernel agnostic VMM Entrypoint VM interface ld.lib.so user space kernel space vCPU0 ... vCPUn kernel Genode -base- library with unified ABI in ld.lib.so Microkernel virtualization under one roof - dare the impossible - 24

  28. VM interface - kernel agnostic VM connection/session → VM address space established create_vcpu() - setup new vCPUs cpu_state() - access to guest state attach/detach() - memory management of VM VM_handler class - registration for VM event handling run/pause() - control execution of vCPUs - non-blocking Microkernel virtualization under one roof - dare the impossible - 25

  29. VM interface - kernel agnostic entrypoint VMM VM interface (client) ld.lib.so connection init VM interface (server) core user space kernel space kernel Microkernel virtualization under one roof - dare the impossible - 26

  30. VM interface - kernel agnostic entrypoint VMM VM interface (client) ld.lib.so VM session init VM interface (server) core user space kernel space vCPU0 ... vCPUn kernel Microkernel virtualization under one roof - dare the impossible - 27

  31. VM interface - kernel agnostic entrypoint VMM VM interface (client) ld.lib.so VM session init VM interface (server) core user space kernel space vCPU0 ... vCPUn kernel Server: 200-400 LOC Client: NOVA, seL4: ~500 - Fiasco.OC: ~1000 - hw: ~30 LOC Microkernel virtualization under one roof - dare the impossible - 28

  32. Control flow on Genode’s -hw- and NOVA VMM UTCB thread IPC call user space kernel space IPC reply UTCB VMCS/VMCB vCPU NOVA microhypervisor VMM UTCB vCPU state thread signal user space kernel space run UTCB vCPU vCPU state Genode’s -hw- microkernel (ARM) Microkernel virtualization under one roof - dare the impossible - 29

  33. Control flow on Genode’s -hw- and NOVA Event source VMM VM (timer) kernel vCPU Entrypoint hw/NOVA vCPU0 vCPU1 VM exit signal/IPC call run/IPC reply non-blocking VM resume event (timeout) pause/recall non-blocking VM exit signal/IPC call run/IPC reply inject vIRQ Microkernel virtualization under one roof - dare the impossible - 30

  34. Control flow on seL4 and Fiasco.OC VMM IPCBuffer thread syscall done user space vmenter kernel space (blocking) IPCBuffer VMCS vCPU vCPU state seL4 microkernel VMM UTCB vCPU state thread syscall done user space vmresume kernel space (blocking) UTCB VMCS/VMCB vCPU vCPU state Fiasco.OC microkernel Microkernel virtualization under one roof - dare the impossible - 31

  35. Control flow on seL4 and Fiasco.OC Event source VMM kernel VM (timer) Entrypoint seL4/Fiasco.OC vCPU0 vCPU1 vmenter/vmresume blocking syscall VM resume Blocking syscall unfortunate → complicates life Kernels provide mechanism to cancel Avoid special case handling in Genode for first take → Workaround: spawn per vCPU extra thread Microkernel virtualization under one roof - dare the impossible - 32

  36. Control flow on seL4 and Fiasco.OC Event source VMM kernel VM (timer) Entrypoint Handler0 Handler1 vCPU0 vCPU1 run run non-blocking vmenter/vmresume VM resume run run non-blocking vmenter/vmresume VM resume Microkernel virtualization under one roof - dare the impossible - 33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to a microkernel microkernel maybe self supporting initially they are built on a host

Introduction to a microkernel microkernel maybe self supporting initially they are built on a host

slide 1 gaius Introduction to a microkernel microkernel maybe self supporting initially they are built on a host and downloaded to a target during Operating systems we will be developing a microkernel which has been written in: Modula-2, C and

526 views • 28 slides
Demo: Timing Aware Hardware Virtualization on the L4Re Microkernel System Adam Lackorzynski

Demo: Timing Aware Hardware Virtualization on the L4Re Microkernel System Adam Lackorzynski

www.kernkonzept.com Demo: Timing Aware Hardware Virtualization on the L4Re Microkernel System Adam Lackorzynski (Kernkonzept &amp;TUD), Alex Warg (Kernkonzept) www.kernkonzept.com Demo FreeRTOS Linux NXP/Freescale LS1021A TWR L4Re

530 views • 4 slides
The roof, the whole roof and nothing but the roof The Prosecution of Property

The roof, the whole roof and nothing but the roof The Prosecution of Property

The roof, the whole roof and nothing but the roof The Prosecution of Property Misdescription Murdo MacLeod QC Compass Chambers Regulatory Crime Conference R v Beresford Adams 2011 Facts: BA Estate agents in Wrexham. The complainant

405 views • 23 slides
1 Cerebrum Pre- frontal Cortex Cerebellum Brain Stem Moral/Abstract Reasoning Empathy

1 Cerebrum Pre- frontal Cortex Cerebellum Brain Stem Moral/Abstract Reasoning Empathy

Oh boy , I sure hope this Shh. He might use I can see Albuquerque! guy presents things we Edu - jargon to can really use. sound impressive. Do I dare disturb the universe? Dare! Dare! These political times in education are rough

754 views • 34 slides
Virtualization Virtualization Memory virtualization Process feels like it has its own

Virtualization Virtualization Memory virtualization Process feels like it has its own

4/25/08 Virtualization Virtualization Memory virtualization Process feels like it has its own address space Created by MMU, configured by OS Storage virtualization Logical view of disks connected to a machine External

441 views • 8 slides
Unit 15: Experimental Microkernel Systems 15.2. Chorus: Microkernel and User-space Actors AP

Unit 15: Experimental Microkernel Systems 15.2. Chorus: Microkernel and User-space Actors AP

Unit 15: Experimental Microkernel Systems 15.2. Chorus: Microkernel and User-space Actors AP 9/01 CHORUS: a new Look at Microkernel- based Operating Systems OS structuring: modular set of system servers which sit on top of a minimal

599 views • 42 slides
OHCHS ROOF PROJECT Replacement of Roof and HVAC Units Roof Installed during the 1998 high

OHCHS ROOF PROJECT Replacement of Roof and HVAC Units Roof Installed during the 1998 high

OHCHS ROOF PROJECT Replacement of Roof and HVAC Units Roof Installed during the 1998 high school renovation 180,000 sq ft of roofing Roof membrane was guaranteed for 15 years. Since 2008 the district has spent $54,345 on roof

265 views • 11 slides
Virtualization What is Virtualization? Virtualization is the simulation of the software and/

Virtualization What is Virtualization? Virtualization is the simulation of the software and/

Virtualization What is Virtualization? Virtualization is the simulation of the software and/ or hardware upon which other software runs. This simulated environment is called a virtual machine --Wikipedia 2 Computer Systems Arch.

1.26k views • 26 slides
YEAR 9 OPTIONS Dare to be Dramatic? #We Are Drama! Dare to be Dramatic? #We Are Drama! The

YEAR 9 OPTIONS Dare to be Dramatic? #We Are Drama! Dare to be Dramatic? #We Are Drama! The

YEAR 9 OPTIONS Dare to be Dramatic? #We Are Drama! Dare to be Dramatic? #We Are Drama! The GCSE Dram ama a specifi ecifica cation tion al allows s for much ch freedom om in the curricu rriculum lum in terms ms of Group p size

1.3k views • 86 slides
YEAR 9 OPTIONS DARE E TO BE DRAMATIC? ATIC? #WE E ARE DRAMA! A! DARE E TO BE DRAMATIC?

YEAR 9 OPTIONS DARE E TO BE DRAMATIC? ATIC? #WE E ARE DRAMA! A! DARE E TO BE DRAMATIC?

YEAR 9 OPTIONS DARE E TO BE DRAMATIC? ATIC? #WE E ARE DRAMA! A! DARE E TO BE DRAMATIC? ATIC? #WE E ARE DRAMA! A! The GCSE Drama specification allows for much freedom in the curriculum in terms of Group sizes, Topics and

973 views • 86 slides
REDDING LIBRARY GREEN ROOF GREEN ROOF PLANNING PLANNING Citizen need Grant

REDDING LIBRARY GREEN ROOF GREEN ROOF PLANNING PLANNING Citizen need Grant

REDDING LIBRARY GREEN ROOF GREEN ROOF PLANNING PLANNING Citizen need Grant availability Public design process Desire for green features Green Roof Advantages Green Roof Advantages Longer roof life Longer roof life

193 views • 7 slides
AMD Pacifica Virtualization Technology AMD Unveils Virtualization Platform AMD Pacifica

AMD Pacifica Virtualization Technology AMD Unveils Virtualization Platform AMD Pacifica

AMD Pacifica Virtualization Technology AMD Unveils Virtualization Platform AMD Pacifica Tutorial 2 Virtual Machine Approaches Carve a Server into Many Virtual Machines Hosted Hypervisor-based Virtualization Virtualization App App

539 views • 18 slides
Virtualization and SDN Applications 2 Virtualization Network Virtualization Sharing

Virtualization and SDN Applications 2 Virtualization Network Virtualization Sharing

4/1/2013 Virtualization and SDN Applications 2 Virtualization Network Virtualization Sharing physical hardware or software resources by Share physical network resources to form multiple multiple users and/or use cases diverse virtual

511 views • 5 slides
4/22/2009 Virtualization Memory virtualization Process feels like it has its own address

4/22/2009 Virtualization Memory virtualization Process feels like it has its own address

4/22/2009 Virtualization Memory virtualization Process feels like it has its own address space Created by MMU, configured by OS Distributed Systems Storage virtualization Logical view of disks connected to a machine

407 views • 3 slides
Virtualization. A dream within a dream Type 1 Virtualization Hypervisor run on bare

Virtualization. A dream within a dream Type 1 Virtualization Hypervisor run on bare

Virtualization. A dream within a dream Type 1 Virtualization Hypervisor run on bare metal. Dedicated virtualization machine. Higher performance. Typical for servers. Type 2 Virtualization Hypervisor sits on

571 views • 17 slides
Virtualization and Containerization What is Virtualization? What is Containerization? What does

Virtualization and Containerization What is Virtualization? What is Containerization? What does

Virtualization and Containerization What is Virtualization? What is Containerization? What does this do for us? Virtual Machines: Terminology Types of Hypervisors VirtualBox and VMWare

2.8k views • 30 slides
Cryptocurrency Regulation in the EU AML Regime: the path towards effective harmonization? 2nd

Cryptocurrency Regulation in the EU AML Regime: the path towards effective harmonization? 2nd

EDUARDO SILVA DE FREITAS Cryptocurrency Regulation in the EU AML Regime: the path towards effective harmonization? 2nd Crypto Asset Lab Conference CONTEXT AND Financial Accountant , UK, 2019 RESEARCH &quot; EU members adopt tougher crypto

597 views • 16 slides
Welcome to RESULTS! RESULTS is a movement of passionate, committed, everyday people. Together, we

Welcome to RESULTS! RESULTS is a movement of passionate, committed, everyday people. Together, we

Welcome to RESULTS! RESULTS is a movement of passionate, committed, everyday people. Together, we use our voices to influence political decisions that will bring an end to poverty. RESULTS New Advocate Orientation RESULTS: Who We Are &amp; Why

588 views • 33 slides
Citizenship question Introduced in March 2018 Challenged by multiple states in 2018

Citizenship question Introduced in March 2018 Challenged by multiple states in 2018

Citizenship question Introduced in March 2018 Challenged by multiple states in 2018 Heard by Supreme Court in April 2019 Decision announced by Supreme Court in June 2019 Question abandoned in July 2019 Answering the Census is

280 views • 13 slides
Re-inventing js.com Hi, Im Katie @katie_fenn Hi, Im Katie @katie_fenn Hi, Im

Re-inventing js.com Hi, Im Katie @katie_fenn Hi, Im Katie @katie_fenn Hi, Im

Re-inventing js.com Hi, Im Katie @katie_fenn Hi, Im Katie @katie_fenn Hi, Im Katie @katie_fenn cw: animation work at make the npmjs.com website also support the registry from sheffield @katie_fenn disclaimer:

1.24k views • 81 slides
ECON2915 Economic Growth Lecture 5 : Technology. Andreas Moxnes University of Oslo Fall 2016 1

ECON2915 Economic Growth Lecture 5 : Technology. Andreas Moxnes University of Oslo Fall 2016 1

ECON2915 Economic Growth Lecture 5 : Technology. Andreas Moxnes University of Oslo Fall 2016 1 / 44 Productivity Recall Enormous differences in A across countries. 2 / 44 Technology A varies because of differences in technology? What

590 views • 44 slides
Mixed Models II - Behind the Scenes Report Revised June 11, 2002 by G. Monette What is a mixed

Mixed Models II - Behind the Scenes Report Revised June 11, 2002 by G. Monette What is a mixed

Mixed Models II - Behind the Scenes Report Revised June 11, 2002 by G. Monette What is a mixed model &quot;really&quot; estimating? Paradox lost - paradox regained - paradox lost again. &quot;Simple example&quot;: 4 patients each observed

507 views • 13 slides
On Growth Policy Design in Developed Economies Lionel Robbins Lectures 19-21 January 2009

On Growth Policy Design in Developed Economies Lionel Robbins Lectures 19-21 January 2009

On Growth Policy Design in Developed Economies Lionel Robbins Lectures 19-21 January 2009 Introduction The French government is engaging in supposedly growth-enhancing reforms And its new growth agenda appears to be partly inspired

901 views • 57 slides
SAFETY MANAGEMENT &amp; SITE ESTABLISHMENT Unit 4 SAFETY LAW (Part 2) Construction (Design and

SAFETY MANAGEMENT &amp; SITE ESTABLISHMENT Unit 4 SAFETY LAW (Part 2) Construction (Design and

SAFETY MANAGEMENT &amp; SITE ESTABLISHMENT Unit 4 SAFETY LAW (Part 2) Construction (Design and Management) Regulations 2015 (formerly CDM 2007) Aim of this lecture Examine CDM Regulations 2015 Examine the ACoP of CDM Regulations

150 views • 14 slides

More recommend