to el2 and beyond
play

To EL2, and Beyond! Optimizing the Design and Implementation of - PowerPoint PPT Presentation

Nov 01, 2023 •492 likes •1.12k views

To EL2, and Beyond! Optimizing the Design and Implementation of KVM/ARM Christo ff er Dall <cdall@kernel.org> LEADING Shih-Wei Li <shihwei@cs.columbia.edu> COLLABORATION IN THE ARM ECOSYSTEM connect.linaro.org E

  1. To EL2, and Beyond! Optimizing the Design and Implementation of KVM/ARM Christo ff er Dall <cdall@kernel.org> 
 LEADING 
 Shih-Wei Li <shihwei@cs.columbia.edu> COLLABORATION 
 IN THE ARM 
 ECOSYSTEM connect.linaro.org

  2. “ E ffi cient , isolated duplicate 
 of the real machine” “…a statistically dominant subset of the virtual processor’s instructions be executed directly by the real processor, with no software intervention by the VMM.” –Popek and Golberg [Formal requirements for virtualizable third generation architectures ’74]

  3. IBM 360/91 Columbia University Computer Center machine room in February or March 1969

  4. PDP-10 KL10 CPU and MH10 memory cabinets 
 Originally installed 1985 at Sikorsky Aircraft

  5. Dual Cavium ThunderX Gigabyte R270-T61 
 96 Cores

  6. Virtualization VM VM App App App App Non-privileged App App App Non-privileged Kernel Kernel Hypervisor OS Kernel Privileged Privileged Hardware Hardware Native Virtual Machines

  7. Non-virtualizable architectures

  8. ARM Hardware Virtualization Support != VT-x Virtualization Extensions

  9. x86 Virtualization Support Root (Hypervisor) Non-Root (VM) VM Entry VM Exit VMCS

  10. ARM Virtualization Extensions User EL0 Kernel EL1 Hypervisor EL2

  11. EL2 • Separate CPU mode designed to run hypervisors • Not designed to run full operating systems • Reduced virtual memory support compared to EL1 • Limited support for interacting with userspace in EL0

  12. ARM VE and Hypervisors Dom0 DomU EL0 App App App App ? Linux Linux EL1 Xen EL2

  13. KVM/ARM • KVM is integreated with Linux • Linux is a full operating system designed to run in EL1 • KVM cannot run VMs without EL2

  14. KVM/ARM Split-Mode Host VM App App App App EL0 KVM Linux Kernel EL1 3. Hypercall 2. Return 1. Hypercall 4. Return switch EL2 KVM lowvisor state

  15. What if we could do this? Host VM App App App App EL0 Kernel EL1 2. Return 1. Hypercall Linux KVM EL2

  16. ARMv8.1 VHE App App EL0 • Virtualization Host Extensions EL1 • Supports running unmodified OSes in EL2 without using EL1 Linux EL2

  17. VHE #1: Backwards Compatible • HCR_EL2.E2H complete enables and disables VHE • When disabled, completely backwards compatible with ARMv8.0 • Example: Xen disables VHE

  18. VHE #2: Expands Functionality of EL2 • Expanded EL2 functionality • Inherits all EL1 MMU features • New virtual EL2 timer • A corresponding EL2 system register for each EL1 system register

  19. VHE #3: Support Userspace in EL0 App App EL0 • TGE: Trap General Exceptions • Routes all exceptions to EL2 EL1 Exceptions • VHE no longer disables stage 1 MMU in EL0 Linux EL2

  20. VHE #4: EL2&0 Translation Regime • Same page table format as EL1 • Used in EL0 with TGE bit set

  21. VHE #5: System Register Redirection • Linux is written to run in EL1 EL0 App App • EL<x> is controlled by EL<x> system registers EL1 Linux EL1 Registers • VHE runs Linux in EL2 • Unmodified! Linux EL2 EL2 Registers

  22. VHE #5: System Register Redirection • Linux is written to run in EL0 App App EL1 • VHE runs Linux in EL2 EL1 Linux EL1 Registers • Unmodified! Linux EL2 EL2 Registers

  23. VHE: System Register Redirection mrs x0, ESR_EL1

  24. VHE #5: System Register Redirection ESR_EL1 VHE Disabled mrs x0, ESR_EL1 ESR_EL2

  25. VHE #5: System Register Redirection ESR_EL1 VHE Enabled mrs x0, ESR_EL1 ESR_EL2

  26. VHE #5: System Register Redirection Host VM mrs x0, ESR_EL12 App App EL0 App App Kernel EL1 ESR_EL1 Linux EL2 KVM

  27. VHE #5: More System Register Redirection • Some registers change bit position to be similar between EL1 and EL2 • Example: • VHE: CNTKCTL_EL1 redirects to CNTHTCL_EL2 • But they have di ff erent layouts • VHE: EL2 register changes layout to EL1 register (with extra bits)

  28. Legacy KVM/ARM without VHE Linux Hypervisor EL1 Run VM KVM Trap Lowvisor EL2

  29. KVM/ARM with VHE Linux Hypervisor Run VM EL2 KVM world switch Function 
 Call

  30. No VHE hardware • How do we measure VHE performance? • None available at start of this work • Still no publicly available hardware

  31. Linux in EL2 Modify Linux to: 1. Access EL2 registers EL0 Userspace 2. Use EL2 virtual memory system EL1 3. Support user space applications in EL0 Linux EL2 KVM

  32. 
 System Registers Accesses • Lots of: 
 #ifndef CONFIG_EL2_KERNEL 
 msr tcr_el1, x0 
 #else 
 msr tcr_el2, x0 
 #endif

  33. EL1 VA Space (39 bits) 0x7f ffffffff 0xffffffff ffffffff Userspace Kernel 0xffffff80 00000000 0x0 TTBR0_EL1 TTBR1_EL1

  34. EL2 VA Space (39 bits) 0x7f ffffffff Where do we put the kernel and userspace? 0x0 TTBR0_EL2

  35. EL2 Split VA Space • Problem A: address space 0x7f ffffffff compression Kernel • Problem B: Page table 0x40 00000000 formats 0x3f ffffffff Userspace • Problem C: requires TLB invalidation 0x0 TTBR0_EL2 *Only problems on non-VHE hardware!

  36. Sharing Page Tables in EL0 and EL2 • Same page table between user and kernel • Di ff erent page table format in EL0 and EL2 
 Descriptor bit EL0 EL2 AP[2] R/W R/W AP[1] User access RES1 UXN/XN UXN XN PXN PXN RES0

  37. The AP[1] bit and Linux in EL2 • AP[1] controls if userspace can access the page • Must be set to 0 for kernel mappings • RES1 in EL2 Descriptor bit EL0 EL2 AP[2] R/W R/W AP[1] User access RES1 UXN/XN UXN XN PXN PXN RES0

  38. 
 RES1 definition ARMv8.0 hardware must treat non-register RES1 bits as: 
 “ reads-as-written with no e ff ect on the behaviour of the CPU ”

  39. UXN/XN and PXN for Linux in EL2 • PXN has no e ff ect outside EL1 • UXN/XN means ‘execute never’ in both modes • Cannot separate user and kernel executable Descriptor bit EL0 EL2 AP[2] R/W R/W AP[1] User access RES1 UXN/XN UXN XN PXN PXN RES0

  40. No ASID Support in EL2 • Address Space Identifiers (ASID) • Avoids TLB aliasing by tagging accesses with per-context ID • No ASID support in EL2 • Must invalidate EL2 TLB on host process context switch

  41. Routing Exceptions to EL2 Linux in EL1 Linux in EL2 User User EL0 EL0 Exceptions from userspace Exceptions Exceptions Kernel EL1 EL1 from userspace from kernel Exceptions Kernel EL2 from kernel

  42. Routing Exceptions to EL2 • HCR_EL2.TGE traps general exceptions to EL2 • Does NOT work, because TGE without VHE disables MMU in userspace

  43. Routing Exceptions to EL2 User EL0 • Forward exceptions with shim software using a small shim EL1 Kernel EL2

  44. Linux in EL2 on non-VHE hardware The bad (and the ugly) The Good • Less secure than Linux in EL1 • Good prototyping tool! • Relies on strictly correct • Closely emulates performance of implementation of RES1 page VHE for running VMs table bits • Potentially worse performance for host workloads

  45. Experimental Setup *Measurements obtained using Linux in EL2. • AMD Seattle B0 ARM Server • 64-bit ARMv8-A • 2.0 GHz AMD A1100 CPU • 8-way SMP • 16 GB RAM • 10 GB Ethernet (passthrough)

  46. VHE Performance at First Glance *Measurements obtained using Linux in EL2. CPU Clock Cycles non-VHE VHE* Hypercall 3.181 3.045

  47. The KVM Run Loop vcpu_load while (1) { prepare(); run_vcpu(); vcpu run loop handle_exit(); } vcpu_put

  48. KVM/ARM Optimization vcpu_load • Move logic out of the run loop and into vcpu_load and vcpu_put vcpu run loop • Only possible with VHE 
 (or Linux in EL2) vcpu_put

  49. ARM Generic Timers • Also known as “Architected Timers” • Timer hardware directly programmable by guest • Expired timers generate physical interrupts for the hypervisor

  50. KVM/ARM Timers VCPU entry • Programs timer with guest state VCPU is running • When the timer fires it causes an exit to the hypervisor VCPU exit • Reads guest timer state to memory • Disables hardware timer • In software: If timer is expired, inject virtual interrupt

  51. Optimized KVM/ARM Timers VCPU load • Programs timer with guest state VCPU is running • When the timer fires it causes an exit to the hypervisor KVM is running • When the time fires, the timer ISR injects virtual interrupts to the guest. VCPU put • Reads guest timer state to memory • Disables hardware timer

  52. EL1 System Registers Host VM App App EL0 App App • Defer saving/restoring Kernel EL1 EL1 system register state to vcpu_load and vcpu_put Linux EL2 KVM

  53. Virtualization Features Host VM • Legacy KVM/ARM design App App EL0 App App enabled/disabled virtualization features on every transition Kernel EL1 Linux KVM • Virtual/Physical interrupts Disable traps • Stage 2 memory translation KVM Lowvisor EL2 Enable traps

  54. Virtualization Features Host VM Optimized version: App App EL0 App App • Leave virtualization features enabled Kernel EL1 • Host EL2 never uses stage 2 translations Linux and always has full EL2 KVM hardware access.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SKiLLDiSPLAY Show what you can do! Slide 1 21 % The skills you should check out for TCCE 9 LTS Show

SKiLLDiSPLAY Show what you can do! Slide 1 21 % The skills you should check out for TCCE 9 LTS Show

SKiLLDiSPLAY Show what you can do! Slide 1 21 % The skills you should check out for TCCE 9 LTS Show what you can do! Slide 2 How do you know such things? Show what you can do! Slide 3 TYPO3 Education Committee &amp; TYPO3 GmbH Show what you can do!

237 views • 12 slides
FISCAL FORECAST Operating Budget: Fiscal Years 2011 - 2015 1 AGENDA The context

FISCAL FORECAST Operating Budget: Fiscal Years 2011 - 2015 1 AGENDA The context

Alexandria City Public Schools Department of Financial Services October 19, 2009 FISCAL FORECAST Operating Budget: Fiscal Years 2011 - 2015 1 AGENDA The context Demonstration of the Population and enrollment forecast model

728 views • 27 slides
NSTIC, Privacy and Social Login Presentation at the W3C Workshop on Identity in the Browser

NSTIC, Privacy and Social Login Presentation at the W3C Workshop on Identity in the Browser

NSTIC, Privacy and Social Login Presentation at the W3C Workshop on Identity in the Browser Francisco Corella and Karen P. Lewison Pomcor 1 05/03/2011 Pomcor Getting Rid of Passwords n is one long term goal of NSTIC n But it may

255 views • 7 slides
Media redirection for Spice remote computing solution Optimizing media stream processing for

Media redirection for Spice remote computing solution Optimizing media stream processing for

Media redirection for Spice remote computing solution Optimizing media stream processing for media players and VoIP clients in virtual desktop infrastructures Lyakhov F.A., Mazur E.S., Kuzin A.M., Semenov S.K. 1 Common media processing

599 views • 17 slides
Space Traveling across VM Automatically Bridging the Semantic-Gap in Virtual Machine

Space Traveling across VM Automatically Bridging the Semantic-Gap in Virtual Machine

Background and The Problem State-of-the-Art Our Approach: Data Space Traveling Conclusion Space Traveling across VM Automatically Bridging the Semantic-Gap in Virtual Machine Introspection via Online Kernel Data Redirection Yangchun Fu, and

926 views • 66 slides
ECE566 Enterprise Storage Architecture Fall 2020 RAID Tyler Bletsch Duke University Slides

ECE566 Enterprise Storage Architecture Fall 2020 RAID Tyler Bletsch Duke University Slides

ECE566 Enterprise Storage Architecture Fall 2020 RAID Tyler Bletsch Duke University Slides include material from Vince Freeh (NCSU) A case for redundant arrays of inexpensive disks Circa late 80s.. MIPS = 2 year-1984 Joys Law

427 views • 31 slides
Storing Data: Disks and Files Database Management System, R. Ramakrishnan and J. Gehrke 1

Storing Data: Disks and Files Database Management System, R. Ramakrishnan and J. Gehrke 1

Storing Data: Disks and Files Database Management System, R. Ramakrishnan and J. Gehrke 1 Storing and Retrieving Data v Database Management Systems need to: Store large volumes of data Store data reliably (so that data is not lost!)

538 views • 16 slides
CPSC 410/ 611: Week 9 Disk St ruct ure Disk Scheduling RAI D Disk Block

CPSC 410/ 611: Week 9 Disk St ruct ure Disk Scheduling RAI D Disk Block

CPSC 410 / 611 : Operating Systems CPSC 410/ 611: Week 9 Disk St ruct ure Disk Scheduling RAI D Disk Block Management Reading: Silberschat z Chapt er 12 CPSC 410/ 611: Week 9 Disk St ruct ure Disk

145 views • 12 slides
CPSC 410/611: Disk Management Disk Structure Disk Scheduling RAID Disk Block

CPSC 410/611: Disk Management Disk Structure Disk Scheduling RAID Disk Block

CPSC 410 / 611 : Operating Systems Disk Management CPSC 410/611: Disk Management Disk Structure Disk Scheduling RAID Disk Block Management Reading: Doeppner 6.1, 6.4 (more to follow, on File Systems) Disk Structure sector

367 views • 13 slides
Introduction to I/O and File storage. Disk Management dollar/GB GB/dollar RAM

Introduction to I/O and File storage. Disk Management dollar/GB GB/dollar RAM

Secondary Storage Management Disks just like memory, only different Why have disks? Memory is small. Disks are large. Short term storage for memory contents (e.g., swap space). Reduce what must be kept in memory (e.g., code

404 views • 6 slides
CS 423 Operating System Design: Reliable Storage Tianyin Xu CS 423: Operating Systems Design

CS 423 Operating System Design: Reliable Storage Tianyin Xu CS 423: Operating Systems Design

CS 423 Operating System Design: Reliable Storage Tianyin Xu CS 423: Operating Systems Design Storage is hard ; - ( In each cluster's first year, it's typical that 1,000 individual machine failures will occur; thousands of hard drive

645 views • 45 slides
Lecture 28: Reliability Todays topics: GPU wrap-up Disk basics RAID

Lecture 28: Reliability Todays topics: GPU wrap-up Disk basics RAID

Lecture 28: Reliability Todays topics: GPU wrap-up Disk basics RAID Research topics Review 1 The GPU Architecture 2 Architecture Features Simple in-order pipelines that rely on thread-level parallelism to hide

350 views • 19 slides
Chapter 14: Mass-Storage Systems CMSC 421 Section 0202 Disk Structure Disk Scheduling

Chapter 14: Mass-Storage Systems CMSC 421 Section 0202 Disk Structure Disk Scheduling

Chapter 14: Mass-Storage Systems CMSC 421 Section 0202 Disk Structure Disk Scheduling Disk Management Swap-Space Management RAID Structure Disk Attachment Stable-Storage Implementation I/O Systems Tertiary Storage

126 views • 12 slides
Storing Data: Disks and Database Management Systems need to: Files Store large volumes of

Storing Data: Disks and Database Management Systems need to: Files Store large volumes of

Storing and Retrieving Data Storing Data: Disks and Database Management Systems need to: Files Store large volumes of data Store data reliably (so that data is not lost!) Retrieve data efficiently Alternatives for storage

584 views • 7 slides
Input/Output 1 Range of I/O Hardware Some typical device, network, and data base rates 2 1

Input/Output 1 Range of I/O Hardware Some typical device, network, and data base rates 2 1

Input/Output 1 Range of I/O Hardware Some typical device, network, and data base rates 2 1 How do we talk to Hardware? Through Device Controllers I/O devices have components: mechanical component electronic component The

494 views • 24 slides
CS143: Disks and Files 1 System Architecture CPU System Bus Disk Controller ... Word (1B

CS143: Disks and Files 1 System Architecture CPU System Bus Disk Controller ... Word (1B

CS143: Disks and Files 1 System Architecture CPU System Bus Disk Controller ... Word (1B 64B) Block ~ x GB/sec Disk (512B 50KB) Main ~ x MB/sec Memory 2 Magnetic disk vs SSD Magnetic Disk Stores data on a magnetic disk

841 views • 40 slides
Introduction One OS function is to control devices significant fraction of code (80-90% of

Introduction One OS function is to control devices significant fraction of code (80-90% of

Introduction One OS function is to control devices significant fraction of code (80-90% of Linux) Want all devices to be simple to use convenient Operating Systems ex: stdin/stdout , pipe, re-direct Want to optimize

376 views • 5 slides
Introduction to Datacenters &amp; the Cloud Introduction to Storage in the Cloud Alex M. Hurd

Introduction to Datacenters &amp; the Cloud Introduction to Storage in the Cloud Alex M. Hurd

Introduction to Datacenters &amp; the Cloud Introduction to Storage in the Cloud Alex M. Hurd Clarkson Open Source Institute April 14, 2015 Alex M. Hurd (COSI) Introduction to Datacenters &amp; the Cloud April 14, 2015 1 / 14 Overview What

640 views • 14 slides
Software RAID on Linux Software RAID on Linux Presented by: Niladri Saha Niladri Saha Amit

Software RAID on Linux Software RAID on Linux Presented by: Niladri Saha Niladri Saha Amit

Software RAID on Linux Software RAID on Linux Presented by: Niladri Saha Niladri Saha Amit Kumar Saha Amit Kumar Saha College Roll No. 04/CSE/17 College Roll No. 04/CSE/17 College Roll No. 04/CSE/20 College Roll No. 04/CSE/20 Univ. Roll

710 views • 28 slides
File System Implementation Operating Systems Hebrew University Spring 2010 1 File

File System Implementation Operating Systems Hebrew University Spring 2010 1 File

File System Implementation Operating Systems Hebrew University Spring 2010 1 File Sequence of bytes, with no structure as far as the operating system is concerned. The only operations are to read and write bytes. Interpretation of

728 views • 50 slides
CSCI 350 Ch. 12 Storage Device Mark Redekopp Michael Shindler &amp; Ramesh Govindan 2

CSCI 350 Ch. 12 Storage Device Mark Redekopp Michael Shindler &amp; Ramesh Govindan 2

1 CSCI 350 Ch. 12 Storage Device Mark Redekopp Michael Shindler &amp; Ramesh Govindan 2 Introduction Storage HW limitations Poor random-access Asymmetric read/write performance Reliability issues File system designers

458 views • 31 slides
Entrepreneurship in Action: From Idea to Opportunity {II} Means-Ends Framework in Action:

Entrepreneurship in Action: From Idea to Opportunity {II} Means-Ends Framework in Action:

Entrepreneurship in Action: From Idea to Opportunity {II} Means-Ends Framework in Action: Trajectory of New Technologies Emergence of a New Venture Through Superior Value Proposition Storage Primary Secondary storage storage

556 views • 40 slides
CS525: Advanced Database Organization Notes 2: Storage Hardware Yousef M. Elmehdwi Department of

CS525: Advanced Database Organization Notes 2: Storage Hardware Yousef M. Elmehdwi Department of

CS525: Advanced Database Organization Notes 2: Storage Hardware Yousef M. Elmehdwi Department of Computer Science Illinois Institute of Technology yelmehdwi@iit.edu August 23 rd , 2018 Slides: adapted from a courses taught by Hector

1.33k views • 59 slides
Filesystems CC BY-SA 2015 Nate Levesque What is a filesystem? How your operating system stores

Filesystems CC BY-SA 2015 Nate Levesque What is a filesystem? How your operating system stores

Filesystems CC BY-SA 2015 Nate Levesque What is a filesystem? How your operating system stores files and directories on disk Often provides some useful features in addition to just deciding how data gets organized on your hard drive

749 views • 33 slides

More recommend