Stefano Stabellini @stabellinist
Xen on ARM,and the Art of Embedded Virtualization
Security, Isolation, Partitioning
Why Xen?Why an hypervisor?
Galois SMACCMPPilot
Demo
Xen Summit 2014
Why Xen?
• Efficiency and Consolidation• Isolation and Partitioning• Componentization• Resilience• Scaling• Portability
Xen: a type-1 hypervisor
Hardware
Xen
Dom0 DomU
HW drivers
PV backends PV Frontends
DomU
PV Frontends
DomU
PV Frontends
Xen: the gears of the cloud
• Large user base (> 10M individual users)
• Powers the largest clouds in production
• Not just servers
Xen: Open Source
Xen: Open Source
partial
Embedded != Cloud
Different requirements:
• short boot times• small footprint• small codebase (certifications)• non-PCI device assignment• driver domains• low, deterministic irq latency• real time schedulers• co-processor virtualization
Xen on ARM
• A lean and simple architecture– No cruft– No emulation, No QEMU– Small attack surface– One type of guest
• Exploit the hardware as much as possible• A very good match for the hardware• Clean architecture = a very small code base
– Xen, ARM and ARM64 =~ 30K LOC
Xen on ARM: a perfect match for the HW
Xen on ARM: unique features
• Device Passthrough (even Non-Discoverable Devices)– iomem and irqs VM config parameters
• No guest firmware by default - fast VM boot
• Certifications efforts ongoing
• Low, Deterministic IRQ latency (WARM_MAX < 2000ns)
Low IRQ latency: no maintenance interrupts
DomU
Xen
irq 109
virq 109
DomU
Xen
EOI
DomU
Xen
Maintenance interrupt
GICH_LRWrite
GICH_LRClear
Low IRQ latency: physical follow virtual
vcpu0 vcpu1
pcpu0 pcpu1
irq 109
virq 109
Low IRQ latency: physical follow virtual
vcpu0 vcpu1
pcpu0 pcpu1
irq 109
virq 109
Low IRQ latency: physical follow virtual
vcpu0 vcpu1
pcpu0 pcpu1
irq 109
virq 109
Xen Schedulers
CPU CPU CPU CPU
CPU CPU CPU CPU
Xen Schedulers
CPU CPU CPU CPU
CPU CPU CPU CPU
Real Time SchedulerARINC 653
Regular VM SchedulerCredit
Dedicatedto 1 VCPU
Dedicatedto 1 VCPU
Memory Introspection
PV Protocols
Existing: net, block, console, keyboard, mouse, framebuffer, XenGT
New: 9pfs, PVCalls, Multi Touch, Sound, Display
Driver Domains
Hardware
Xen
Dom0 DomU
NetFront
Disk Driver Domain
Toolstack Disk Driver
BlockBack
Network Driver
Domain
Network Driver
NetBack BlockFront
Automotive
Hardware
Xen
Dom0Linux Control Domain
UI DomainAutomotive Grade Android
HW Drivers GPU Driver
PV Block & Net frontends
PV Block & Net Backends
AudioDriver
GlobalLogic
EPAMEPAM
EPAM: DEMO
https://www.youtube.com/watch?v=jMmz1odBZb8
Xilinx Zynq MPSoC
Xen
Dom0Linux
Baremetal App
Toolstack FPGA Driver
Baremetal App
FPGA Driver
Baremetal App
FPGA Driver
Baremetal App
FPGA Driver
FPGA
Dedicated CPU Dedicated CPU Dedicated CPU Dedicated CPU
Xen: best security process in the industry
• A very transparent process
• Responsible disclosure
• Few security issues for Xen on ARM
• Xen stable trees maintained for security for 3 years
Release process
• 6 month release– December– June
• Xen 4.8 released on the 5th of December 2016• Xen 4.9 planned for the 2nd of June 2017
Xen on ARM: what’s next
● Guest creation directly from Xen at boot via Device Tree● Dynamic Memory Map● Setup VM-to-VM communication channels from VM
config
More resources
• Port Xen to a new SOC: https://goo.gl/384aD8• Add Xen support Xen to your OS: https://goo.gl/3qgqcM• Xen on ARM whitepaper: https://goo.gl/TcuqXd• Xen on ARM wiki: https://goo.gl/9qsfMf• Device Passthrough presentation: https://goo.gl/KM0f8c• OE meta-virtualization Xen recipe:
https://goo.gl/m7GuXR• OpenXT (Xen + OpenEmbedded): http://openxt.org• Biweekly ARM Community Call: https://goo.gl/8ULYRn
Please engage!
• Xen devel ML: [email protected]• Xen user ML: [email protected]• IRC on freenode: #xenarm or #xen-devel
Fin