Virtualization: Not Just For Servers Hollis Blanchard PowerPC kernel hacker

Topics Definitions Benefits Tradeoffs Embedded Virtualization Use Cases Embedded Issues with Virtualization Conclusion

Virtualization from 10,000 feet Securely share hardware between multiple guest software stacks Minimize changes to guest software A host kernel manages the hardware resources Could multiplex hardware; could just provide isolation KVM: Linux as host kernel Isolation is a requirement Fault containment, security Host kernel must be more privileged than guests kernel app processor guest app guest app host processor

Virtualization Flavors Full virtualization: no guest kernel modifications at all Privileged operations in the guest are either handled by hardware or emulated by software Performance could benefit from guest co-operation Paravirtualization: remove all privileged operations from guest kernel Including MMU and interrupt control Probably requires extensive source code modifications Balance: good performance, minimize guest modifications Use full virtualization for most operations, but modify guest in performance-critical areas

Virtualization Benefits

Benefits of Server Virtualization Workload consolidation Increase server utilization Reduce capital, hardware management, power, space, heat costs Legacy OS support Especially with large slow-moving 3 rd -party software products Instant provisioning Easily create new virtual machines Easily reallocate resources (memory, processor, IO) between running virtual machines Migration Predicted hardware downtime Workload balancing

Benefits of Embedded Virtualization Workload consolidation Flexible resource provisioning License barrier Legacy software support Especially important with dozens or hundreds of embedded operating systems, commercial and home-brew Improve reliability Improve security

Virtualization Tradeoffs

There is a performance tradeoff Applications that used to own the whole processor must now share it Hypervisor adds some runtime overhead too Full virtualization without hardware support means software emulation Increase in management complexity Old scenario: two software stacks + two hardware systems New scenario: two software stacks + one hardware system + one host kernel More abstraction, more software layers, more complexity... More bugs Increases size of Trusted Computing Base Increases impact of (unpredicted) hardware failure

Embedded Virtualization Use Cases

Workload Consolidation Consolidate legacy systems legacy SW legacy HW host kernel legacy SW new HW legacy SW legacy HW legacy SW legacy SW

Legacy Software Run legacy software on new core/chip/board with full virtualization legacy SW legacy HW host kernel legacy SW new HW new SW

Legacy Software Consolidate legacy software RT app proprietary kernel core Linux/KVM visualization app core RT app proprietary kernel core Linux visualization app core

Multicore Enablement Legacy uniprocessor applications legacy app core legacy kernel core multicore kernel core host kernel app legacy kernel legacy app legacy app

Multicore Enablement Flexible resource management core host kernel data plane data plane control plane data control

Improved Reliability Hot standby without additional hardware HW host kernel HW backup app HW backup app HW app

Secure Monitoring Protect monitoring software host kernel HW monitor app HW app kernel network

Embedded Virtualization Issues

Memory/flash footprint Is Linux too big to be a host kernel? Weren't you going to run Linux anyways? Do you need multiple copies of Linux? Different kernel versions Greater performance and functional isolation than plain Linux tasks Extremely tight footprint requirements? See TRANGO

Security Host kernel must be certified Increases size of Trusted Computing Base Extreme security requirements? See Green Hills Software's “Padded Cell”

Direct IO Access Guest can directly access physical IO without host involvement Native speed IOMMU provides isolation and physical address translation (DMA)‏ Translation could be done with guest modifications Issues: IOMMU required for DMA isolation Limited by number of physical IO devices Guests must have device drivers What about legacy guests on new hardware? Breaks migration IRQ delivery and routing

Emulated IO Host software emulates guest IO accesses Issues: Must write software to (perfectly?) emulate hardware Dramatic increase in IO latency Host OS must have physical device drivers Device driver availability, licensing concerns

Virtual IO No hardware at all, just inter-guest data transfer New guest device drivers co-operate with host Issues: Requires guest modification (at least new device drivers)‏ Host OS still needs physical IO drivers

Real-time support RTOS + Linux model Requires RT support in host kernel Scheduling Dedicated cores? Time-sharing adds context switch latency Interrupt handler latency Direct IO access? Linux task RTOS core Linux/KVM RTOS task core device

Hardware Virtualization Support Efficient virtualization requires hardware support Goal: minimize performance overhead and modifications to guests Architecture support High-end x86 (Intel VT, AMD SVM)‏ High-end PowerPC (PowerPC 970)‏ Embedded PowerPC virtualization architecture announced ARM TrustZone

Conclusion There is overlap between server and embedded virtualization scenarios, but also scenarios and issues unique to embedded systems. Deploying virtualization is an engineering tradeoff, but virtualization offers some compelling advantages for embedded applications.