[slides-virt.git] / index.rst

.. System Virtualization and OS Virtual Machines slides file, created by
   hieroglyph-quickstart on Mon Oct 28 09:39:30 2013.

=============================================
System Virtualization and OS Virtual Machines
=============================================

:Date: 2013-10-29
:Authors: Ivan Boule, Olivier Matz

Plan
====

Contents
--------

.. contents::
   :depth: 2
   :backlinks: none

History
=======

History of Virtual Machines
---------------------------

- VM introduced in the sixties on IBM/370 series

- Co-Designed VM: IBM AS/400

  - High level ISA including I/Os
  - Proprietary CISC → PowerPC

- Application VMs

  - Sun Java, Microsoft Common Language Infrastructure

- OS VMs

  - VMware (virtualized PC on x86)
  - Virtual PC (PC emulation on Mac OS/PowerPC)
  - Many others : Bochs, VirtualBox, Qemu, ...

Virtualization Usages
=====================

System Virtualization Principles
--------------------------------

- Run multiple OS's on the same machine

- By design, an OS assumes to have full control over all physical
  resources of the machine

- Manage sharing/partitioning of machine resources between Guest OS's

  - CPU
  - Physical memory & MMU
  - I/O devices

Goals of System Virtualization
------------------------------

- Reduction of Total Cost of Ownership (TCO)

  - Increase utilisation of server resources

- Reduction of Total Cost of Functioning

  - Energy consumption
  - Cooling
  - Occupied Space

- Hardware Consolidation

- Reduction of Build Of Material (BOM) for high-volume low-end
  products

- Isolation of OS for security purposes


Virtualization in high-throughput network equipments
----------------------------------------------------

.. figure:: high-thput1.jpg

.. figure:: high-thput2.jpg

Virtualization in Multimedia devices
------------------------------------

- Reduction of Build Of Material (BOM) for high-volume low-end
  products

  - No need for a general purpose processor

    - 20 to 25 % BOM reduction

  - Run Linux together with OS supporting Codecs on a single TI DSP

  - Leverage Linux environment

  - Reuse existing DSP software

XXX 2 images

Usages of Virtual Machines
--------------------------

- Server virtualization

  - Web sites hosting

- OS partitionning

  - Time sharing
  - Security

- OS/kernel education & training

  - OS fault recovery
  - OS kernel development
  - Test machine = development host

- Keep backward compatibility of legacy software

- Run applications not supported by host OS

Recovery Servers
----------------

.. figure:: recovery.png


Multi-Core CPU Issues (1)
-------------------------

- CPU power gain

  - No more achieved through Frequency/Speed increase
  - But obtained with higher density & multi-core chips

- Many RTOS designed with mono-processor assumption

  - Adding multi-processor support is complex & costly
  - Scaling requires time, at best...

- Legacy RT applications also designed for mono-processor

  - Adaptation to multi-pro even more difficult than RTOS

Multi-Core CPU Issues (2)
-------------------------

- OS virtualization allows to run simultaneously on a multi-cores CPU
  multiple instances of mono-processor OS's

- Each OS instance is run in a mono-processor

- Virtual Machine assigned to a single CPU core

- No need to change legacy software

- Scalability managed at virtualization level

Virtualization Taxonomy
=======================

Machines Interfaces
-------------------

.. figure:: isa-abi.svg

- ISA = Instruction Set Architecture

  - System level interface
  - All CPU instructions, memory architecture, I/O

- ABI = Application Binary Interface

  - Process level interface
  - User-level non privileged ISA instructions + OS systems 14 calls

Virtualization Taxonomy
-----------------------

- Process level virtualization

  - Emulation of Operating System ABI
  - Emulation of OS ABI, cross-architecture
  - Virtual Servers

- System level virtualization

- Standalone / Hosted Virtualization
- Machine Emulation / Machine Virtualization

Hosted versus Standalone Virtualization
---------------------------------------

- Hosted Virtualization

  - Hosted VM Monitor (VMM) runs on top of native OS
  - VMware WKS, Microsoft VirtualPC, QEMU/KVM, UML

- Standalone Virtualization

  - VMM directly runs on bare hardware
  - VMware ESX, IBM/VM, Xen

- OS run in a VM is named a Guest OS

Hosted Virtualization
---------------------

.. figure:: hosted.svg

Example: VMware Workstation
----------------------------

.. figure:: vmware-wks.png

- Hosted VM
- Unmodified OSes
- Specific device drivers
- x86 only
- Guest OS executed in user mode

Standalone Virtualization
-------------------------

.. figure:: standalone.svg

Example: VMware ESX
-------------------

- Standalone VMM
- Supports unmodified OS binaries

  - Configuration with appropriate device drivers

- x86 only
- No Intel-VT
- Guest OS
- runs in user mode

Process Level Virtualization
============================

Process level ABI Emulation
---------------------------

- Goal: execute binary applications of a given system **X** on the ABI of
  another system **Y**

- Emulate system **X** ABI on top of system **Y** ABI

  - Emulation done by application-level code

- System **Y** must provide services equivalent to those of system
  **X** (file system, sockets, etc...)

Process Level (ABI) Emulators
-----------------------------

- Wine - Windows Emulator on Unix/Linux

  - Windows API in userland
  - Adobe Photoshop, Google Picasa, ...

- Cygwin

  - Unix emulation on Windows
  - POSIX library
  - Bash shell + many Unix commands
  - GNU development tool chain (gcc, gdb)
  - X Window, GNOME, Apache, sshd, ...

Process Level Cross-architecture Emulators
------------------------------------------

- Emulate the Operating System ABI

  - Emulated OS and native OS are the same (ex: both are linux)
  - Emulated arch is different than native architecture (ex: x86 and
    powerpc)

- Example: qemu-user::

      $ gcc hello.c
      $ ./a.out
      hello
      
      $ powerpc-linux-gnu-gcc -static hello.c
      $ ./a.out
      bash: ./a.out: cannot execute binary file
      $ qemu-ppc ./a.out
      hello

Virtual Servers (1)
-------------------

- Single OS kernel / Multiple resource instances

- Isolated kernel execution environments

  - Root file system
  - Network: Routing table, IP tables, interfaces...
  - Process for signals

- Solaris 10 Containers
- LXC, Linux-VServer, openVZ
- FreeBSD Jail

Virtual Servers (2)
-------------------

.. figure:: virtual-servers.svg

Virtual Servers (3)
-------------------

- Pro's

  - CPU independent
  - Lightweight

    - Low memory footprint
    - Low CPU overhead

  - Scalable

- Con's

  - No OS heterogeneity (no GPOS/RTOS combination)
  - Single OS binary instance (common point of failure)

Transparent Hardware Emulation
==============================

Transparent Hardware Emulation (1)
----------------------------------

- Run unmodified OS binaries

- Includes emulation of physical devices

- Cross ISA Emulation

  - qemu-system

- Same ISA Emulation

  - VirtualBox (Intel x86)

Transparent Hardware Emulation (2)
----------------------------------

- Emulate machine X on top of machine Y

- Interpretation

  - 1 instruction of X executed by N instructions of Y
  - Huge slow down method

- Dynamic Binary Translation

  - Convert blocs of X instructions in Y instructions

- Application-level emulator runs on a native OS
- One VM running a single Guest OS

QEMU Architecture
-----------------

.. figure:: qemu.svg

QEMU: Hosted Hardware Emulator
------------------------------

- Cross ISA Emulation

  - Emulate machine X on top of machine Y

- Interpretation + translation

- Intel x86, PowerPC, ARM, Sparc architectures

- Emulation of SMP architectures

- Emulates physical I/O devices

  - Hard Disk drives, CD-ROM, network controllers, USB controllers, ...
  - Synchronous emulation of device I/O operations

Transparent Hardware Virtualization
===================================

Transparent Hardware Virtualization
-----------------------------------

- Guest and host architectures are the same

- Execute native/unmodified OS binary images

- Provide in each VM a complete simulation of hardware

  - Full CPU instruction set
  - Interrupts, exceptions
  - Memory access and MMU
  - I/O devices

- Share machine resources among multiple VMs

Full CPU Virtualization (1)
---------------------------

- Present same functional CPU to all Guest OSes

- VMM manages a CPU context for each VM

  - saved copy of CPU registers
  - representation of software-emulated CPU context

- VMM shares physical CPUs among all VMs

  - VMM includes a VM scheduler

    - round-robin
    - priority-based

Full CPU Virtualization (2)
---------------------------

- Relationships between a VMM and VMs similar to relationships between
  native OS and applications

  - Guarantee mutual isolation between all VMs
  - Protect VMM from all VMs

- Directly execute native binary images of Guest OS's in
  non-privileged mode

- VMM emulates access to protected resources performed by Guest OSs

CPU Virtualization
------------------

- Run each Guest OS in non-privileged mode

.. figure:: cpu-virt.svg

"Hardware-Sensitive" Instructions
---------------------------------

- Interact with protected hardware resources

  - Privileged Instructions (cannot be executed in user mode)
  - Critical Instructions (can be, but should not be executed by Guest OS)

- Must be detected and faked by VMM

- Dynamic Binary Translation of kernel code

  - Done once, saved in Translation Cache
  - Example: Vmware

Privileged Instructions Virtualization
--------------------------------------

- Only allowed in supervisor mode

  - Ex: **cli/sti** to mask/unmask interrupts on Intel x86

- When executed in non-privileged mode

  - CPU automatically detects a privilege violation
  - Triggers a “privilege-violation” exception

- Caught by VMM which fakes the expected effect of the privileged
  instruction

  - Ex: **cli/sti**

    - VMM does not mask/unmask CPU interrupts
    - records « interrupt mask status » in context of VM

Critical Instructions Virtualization (1)
----------------------------------------

- Hardware-sensitive instructions

- Ex: Intel IA-32 pushf/popf::

    pushf /* save EFLAG reg. to stack */
    cli   /* mask interrupts => clear EFLAG.IF */
    ...
    popf /* restore EFLAG reg. => unmask interrupts */

- When executed in non-privileged mode

  - The cli instruction triggers an exception caught by VMM => VMM
    record interrupts masked for current VM

  - But no exception for popf => VMM not aware of Guest OS action
    (unmask interrupts)

Critical Instructions Virtualization (2)
----------------------------------------

- Must be detected and emulated by VMM

- VMM dynamically analyses Guest OS binary code to find critical instructions

- VMM replaces critical instructions by a « trap » instruction to enter the VMM

- VMM emulates expected effect of critical instruction, if any.

Full Memory Virtualization
--------------------------

- CPU include a Memory Management Unit (MMU)

  - Isolated memory addressing spaces
  - Independant of underlying physical memory layout
  - Run mutually protected applications in parallel

- Virtual Memory managed by OS kernel

  - Provides a virtual address space to each process

    - 4 GB on most 32-bit architectures (Intel x86, PowerPC)

  - Manages virtual page → physical case mappings
  - Manages « swap » space to extend physical memory

MMU & Virtual Address Space
---------------------------

.. figure:: mmu1.svg

Intel x86 MMU
-------------

.. figure:: mmu2.svg

Memory Virtualization (1)
-------------------------

- Machine Physical Memory

  - Physical memory available on the machine

- Guest OS Physical Memory

  - Part of machine memory assigned to a VM by VMM

  - ∑ Guest Physical Memory can be > Machine Memory

    - VMM uses « swap » space

- Guest OS Virtual Memory

  - Guest OS manages virtual address spaces of its processes

Memory Virtualization (2)
-------------------------

- Guest OS manages Guest Physical Pages

  - Manages MMU with its own page entries
  - Translates Virtual Addresses into Guest Physical Addresses (GPA)

- VMM transparently manages Machine Physical Pages

  - Guest Physical Address ≠ Machine Physical Address
  - VMM dynamically translates Guest Physical Pages into Machine
    Physical Pages

Memory Virtualization (3)
-------------------------

.. figure:: mem-virt.svg

Memory Virtualization (4)
-------------------------

- VMM maintains Shadow Page Tables

  - Copies of Guest OS translation tables

- VMM catches updates operations of translation tables performed by a
  Guest OS

  - RW-protect all guest OS page tables
  - Emulates operation in shadow page table
  - Updates effective MMU page table entry, if needed

Memory Virtualization (5)
-------------------------

- PTE entries can be tagged with a context ID

  - Avoids to flush TLB when switching current address space upon
    scheduling of a new process

  - usually PTE tag = OS process identifier

- Processes of different Guest OSes can be assigned the same Process
  ID

  - VMM must flush TLB when switching VMs

Memory Virtualization (6)
-------------------------

- VMM must respect Guest OS virtual page faults

  - Not map virtual pages unmapped by Guest OS
  - When Guest OS unmaps a virtual page:

    - VMM must delete the associated real-page/physical page
      mapping, if any.

- Conversely, VMM can transparently:

  - Introduce & resolve real-page faults for Guest OSes
  - Share physical pages between Guest OS's

    - Pages with same content's (e.g. zero-ed pages)

Memory Virtualization (7)
-------------------------

- VMM can swap real pages of a VM

  - on "swap" space managed by VMM

- VMM can dynamically distribute physical memory among VMs

  - Needs a specific support in Guest OS (Linux module)

  - VMM asks Guest OS to release memory

    - Guest OS self-allocates real pages
    - no more available for normal kernel allocation service
    - VMM assigns same amount of physical pages to other VM's

Paravirtualization
==================

Paravirtualization (1)
----------------------

- OS adaptation to avoid binary translation overhead
- Requires access to OS source code
- Include drivers of virtual devices
- Examples:

  - Xen
  - User Mode Linux (UML)

Paravirtualization (2)
----------------------

- Still run each Guest OS in non-privileged mode

- But with minimal virtualization overhead

- => Modified Guest OS kernel

  - Remove Hardware-Sensitive Instructions

    - Use fast VMM system calls instead, if needed

  - Minimise usage of Privileged Instructions

- Only affect Machine/CPU dependant part of OS

- OS portage on new architecture with same CPU

  - Without system ISA

Paravirtualization (3)
----------------------

- Guest OS only use Virtual I/O Devices, in a cooperative way

  - Front-end driver in Guest OS
  - Back-end driver in VMM

- VMM multiplex VM Virtual Devices on physical devices

  - Virtual Ethernet
  - Virtual Disks

- Data transfer through I/O rings

Virtual I/O Devices
-------------------

.. figure:: virt-devices.svg

Paravirtualization Example: Xen
-------------------------------

- Objectives

  - Scalable, support more than 100 VM
  - Share resources of Server machines

- Intel IA-32, x86-64, ARM, ...

- Special first Guest OS called Domain 0

  - Run in privileged mode
  - Have access (and manages) all physical devices
  - Modified version of Linux, FreeBSD

Hardware-Assisted Virtualization
================================

Hardware Assisted Virtualization (1)
------------------------------------

- Support of Virtualization in Hardware
- Run unmodified OS binaries
- With minimal virtualization overhead
- Simplify VMM development
- Examples

  - KVM
  - VMware

Hardware Assisted Virtualization (2)
------------------------------------

- CPU virtualization

  - AMD-V
  - Intel VT-x (x86), Intel VT-i (Itanium) architectures
  - ARM Cortex-A15

- MMU virtualization

  - Intel Extended Page Tables (EPT)
  - AMD Nested Page Tables (NPT)

Hardware Assisted Virtualization (3)
------------------------------------

- DMA virtualization

  - IO-MMU (Intel VT-d)

- I/O Device virtualization

  - Self-Virtualizing devices
  - Single Root I/O Virtualization and Sharing Specification (SR-IOV)
  - Extensions to PCIe (PCI Express) Bus standard

Intel VT-x Architecture
-----------------------

- Support unmodified Guest OS with no need for paravirtualization
  and/or binary code translation

- Simplify VMM tasks & improve VMM performances

- Minimize VMM memory footprint

  - Suppress shadowing of Guest OS page tables

- Enable Guest OS to directly manage I/O devices

  - Without performance lost
  - While enforcing VM isolation and mutual protection

Intel VT-x Architecture Overview
--------------------------------

.. figure:: vt-x.svg

Intel VT-x CPU Virtualization (1)
---------------------------------

- Virtual Machine eXtension (VMX)

  - Two new meta-modes of CPU operation

- VMX root mode

  - Behaviour similar to IA-32 without VT
  - Intended for VMM execution

- VMX non-root mode

  - Alternative IA-32 execution environment
  - Controlled by a VMM
  - Designed to run unchanged Guest OS in a VM

- Both modes support rings 0-3 privilege levels

  - Allow VMM to use several privilege levels

Intel VT-x CPU Virtualization (2)
---------------------------------

- Two additional CPU mode transitions

- From VMX root-mode to VMX non-root mode

  - Named VM Enter (VMLaunch instruction)

- From VMX non-root mode to VMX root mode

  - Named VM Exit (event)

- VM entries & VM exits use a new data structure

  - Virtual Machine Control Structure (VMCS) per VM
  - Referenced with a memory physical address
  - Format and layout hidden
  - New VT-x instructions to access a VMCS

Intel VT-x CPU Virtualization (3)
---------------------------------

- Guest State Area

  - Saved value of registers before beeing changed by
  - VM Exits (e.g., Segment Registers, CR3, IDTR)

- Hidden CPU state (e.g., CPU Interruptibility State)

- Host State Area

  - VM Control Fields
  - Interrupt Virtualization
  - Exceptions bitmaps
  - I/O bitmaps
  - Model Specific Register R/W bitmaps
  - Execution rights for CPU Privileged Instructions


Intel VT-x Interrupt Virtualization
-----------------------------------

- VMCS External Interrupt Exiting

  - All external interrupts cause VM Exit
  - Guest OS cannot mask external interrupts when executing Interrupt
    Masking instructions

- VMCS Interrupt Window Exiting

  - VM Exit occurs whenever Guest OS ready to serve external interrupts

- Used by VMM to control VM interrupts

Intel VT-x MMU Virtualization
-----------------------------

- Extended Page Tables (EPT)

  - Second level of Page Tables in MMU
  - Translate Guest OS Physical Address into Machine Physical Address
  - Controlled by VMM

- Virtual Processor IDentifier (VPID)

  - Used to tag TLB entries
  - Avoid to flush TLB upon VM switch

Virtual Memory Virtualization
-----------------------------

.. figure:: vt-x-mem.svg

Intel VT-x Extended Page Tables (1)
-----------------------------------

- VMM controls Extended Page Tables

- EPT used in VMX non-root operation

  - Activated on VM Enter
  - Desactivated on VM exit

- EPTP register points to Extended Page Tables

  - Instanciated by VMM
  - Saved in VMCS
  - Loaded from VMCS on VM entry


Intel VT-x Extended Page Tables (2)
-----------------------------------

.. figure:: vt-x-mmu.svg

TLB Flush Issue
---------------

.. figure:: tlb-flush-issue.svg

Intel VT-x Virtual Processor Identifier
---------------------------------------

- 16-bit VPID used to tag TLB entries

  - Enabled by VMM in VMCS
  - Unique VPID is assigned by VMM to each VM
  - VPID 0 reserved for VMM

- Current VPID is 0x0000 when

  - Outside VMX operation
  - In VMX root mode operation
  - In VMX non-root mode if VPID disabled in VMCS

- VPID loaded from VMCS on VM Enter

DMA Virtualization (1)
----------------------

- Enable Guest OS to manage I/O devices

  - I/O devices assigned by VMM to Guest OSes

- Transparent mode

  - Use native device driver of Guest OS
  - Unaware of physical memory Virtualization

- Enforce isolation between Guest Oses

  - Guest OS only view hardware ressources assigned by VMM (memory,
    devices)

DMA Principles
--------------

.. figure:: dma.svg

DMA Virtualization (2)
----------------------

.. figure:: dma-virt.svg

DMA Virtualization Issue
------------------------

- Guest OS driver setup I/O registers of device with Guest Physical
  Address of I/O buffers

- Guest Physical Address must be translated into its corresponding
  Machine Physical Address when used for DMA operations by device

- GPA Translation cannot be done by VMM

  - VMM cannot catch device-specific driver operations to setup I/O
    buffers addresses

Intel VT-d Protection Domains
-----------------------------

- Intel VT-d provides DMA Protection Domains

  - Extension of IOMMU translation mechanism
  - Isolated context of a subset of the Machine Physical Memory (MPA)
  - Correspond to the portion of Machine Physical Memory allocated to
    a VM

- I/O devices assigned by VMM to a DMA Protection Domain

  - Achieves DMA isolation by restricting memory view of I/O devices
    through DMA address translation

Intel VT-d DMA Translation
--------------------------

- VT-d hardware treats address specified in DMA request as DMA Virtual
  Address (DVA)

- DVA = GPA of the VM to which the I/O device is assigned

- VT-d translates the DVA into its corresponding Machine Physical
  Address

- Support of multiple Protection Domains

  - DVA to MPA translation table per Protection Domain
  - Must identify the device issuing a DMA request

VT-d PCI Express North Bridge
-----------------------------

.. figure:: vt-d.svg

PCI DMA Requester Identification
--------------------------------

- Mapping between PCI Device and Protection Domains
- 16-bit PCI DMA Requester Identifier

  .. figure:: dma-req-id.svg

- Assigned by PCI configuration software
- Bus # indexes Bus Context Table in Root Context Table
- (Device #, Function #) indexes Device Protection Domain in Bus
  Context Table

Device / Protection Domain Mapping
----------------------------------

.. figure:: device-domain-mapping.svg

Virtual DMA Address Translation
-------------------------------

- VDA ↔ MPA VT-d Page Tables similar to IA-32 processor Page Tables

- 4KB or larger page size granularity

- Read/Write permissions

- Protection Domains managed by VMM

  - Initialized at VM creation time
  - With same translations of the VM Extended Page Table

Device Virtualization
---------------------

- Share I/O device among multiple VMs

  - With no performance lost
  - While enforcing VM isolation and protection

- Move device virtualization from the VMM to the device itself

- Requires support from the device

- Example of Ethernet controllers

Ethernet Device Virtualization
------------------------------

.. figure:: ethernet-dev-virt.svg

Intel Single Root I/O Virtualization
------------------------------------

- SR-IOV capable PCI Device can be partitionned into multiple Virtual
  Functions

- SR-IOV Device appears in PCI configuration space as multiple PCI
  Virtual Functions

- Each Device Virtual Function includes

  - PCI configuration registers
  - DMA streams
  - Interrupts

- Requires VT-d for DMA virtualization

Intel SR-IOV (1)
----------------

- VMM manages physical PCI device

- Create a PCI Virtual Function for each VM

  - Include it into VM PCI configuration space to be probed by VM
    GuestOS kernel
  - Map it to Protection Domain of VM

- Programs the sharing of physical devices ressources between VFs

- PCI Device Virtual Functions directly managed by specific VF-Aware
  GuestOS drivers (kind of Para-Virtualization)

Intel SR-IOV (2)
----------------

XXX

Intel SR-IOV - Ethernet example
-------------------------------

- Intel Kawela (1GB) / Niantic (10GB) Ethernet NICs

  - Multiple RX/TX packet queues per port

- Virtual Device Machine Queues

  - 1 RX paquet queue per VF

- Filters multiple unicast Ethernet Addresses

- Layer-2 paquet filtering based on Ethernet Destination Address

- Duplicate Broadcast / Multicast packets for all VFs

- Load balancing between TX paquets sent by VFs

Virtualization and Embedded Systems
===================================

Old Embedded Systems (1)
------------------------

- Relatively simple architecture

- Single-purpose devices

- Dominated by hardware constraints

  - Memory, battery charge

- Dedicated functionalities, with moderated software size and
  complexity

- Real-time constraints

Old Embedded Systems (2)
------------------------

- Closed environment (« black boxes »)

- Fixed hardware configuration

- Full software provided by device vendor

- No dynamic loading of applications

- Software updates rareful

Embedded Systems Now (1)
------------------------

- Take on features of general-purpose OS's

- Growing functionalities => growing complexity and size

- Run applications originally developed for PC's

  - Sophisticated Human Machine Interfaces (HMI)
  - Safari Web browser on iPhones

- Dynamic loading of applications

  - Iphone
  - Google Android

Embedded Systems Now (2)
------------------------

- Dynamically load device's owner specific applications

  - Games

- Applications developped by engineers with no expertise
  in embedded systems

  - Java applications

- Need for exchanges with external world

  - USB, Bluetooth, Wi-Fi
  - TCP/IP

- Need for open API's, and openness in general

- Need for high-level systems (Linux, Windows)

Embedded Systems Challenges
---------------------------

- Still Real-Time systems (part of it)

  - Baseband stack of mobile phones

- Still hardware constraints

  - Battery
  - Memory (to minimize device's cost)

- Also used in mission/life critical situations

  - Weapons
  - Cars

- High requirements on reliability and security

Mobile Handsets
---------------

XXX

- Run Android/Linux applications on baseband processor

- Re-use existing legacy modem software stack with its RTOS (no
  changes)

- Support of Linux at a minimal development cost

- Operating System independence for future evolutions

- Security & Protection through OS isolation

::

  HMI: Human-Machine-Interface
  PIM: Personal Information

Virtualization in Embedded Systems (1)
--------------------------------------

- Support for heterogeneous OS's environments

- Real-time OS

  - Legacy software
  - Dedicated applications whose real-time constraints cannot be
    achieved by General-Purpose systems
  - Licence issues (« GPL contamination »)

- General Purpose OS

  - Openness
  - HMI

Virtualization in Embedded Systems (2)
--------------------------------------

- Concurrent execution of RTOS and GP-OS on the same CPU

- Reduces cost (Bill Of Material)

- Requires the underlying VMM to provide

  - Memory isolation between OS's
  - CPU scheduling among OS's, with higher priority to the RTOS
  - Device partitionning
  - Communication mechanism between OS's

Virtualization in Embedded Systems (3)
--------------------------------------

- Leverage multi-cores support with virtual machine abstraction

- 1 core per OS => no need for CPU scheduling

- 2 low-performance cores consume less power than a single high
  performance CPU => simplify power management

- New model of software distribution, shipping application with its own OS

  - No OS configuration/version incoherency

Security Through Virtualization
-------------------------------

- Notion of Trusted Computing Base (TCB)

  - Part of the system that provides security foundations
  - Should only include hardware and VMM
  - May also include RTOS, for performance/legacy reasons

- Run GP OS in an isolated Virtual Machine

  - Avoid damaged GP OS to compromise the secure parts (data,
    services) of the system

Embedded + Virtualization Challenges (1)
----------------------------------------

- Full isolation of VM's does not fit cooperation requirements between OS's

- Efficient communication mechanisms between VM's

- Global scheduling, with interleaved priorities

- Global Energy Management

Embedded + Virtualization Challenges (2)
----------------------------------------

- Efficient communication mechanisms between VM's

  - Virtual Ethernet device not adapted
  - Need VMM-controlled shared memory transfers

- Example: Video streaming on a Smartphone

  - Video data received via the baseband managed by RTOS
  - Video data displayed by a Media Player running on GPOS
  - Avoid copy of video data transfered between the 2 OS's !

Task Scheduling Issues
----------------------

- Standard server-oriented Virtualization model

  - The VMM schedules VM's on the CPU
  - The OS on each VM runs its own scheduler

- Interleaved priorities in Embedded Systems

  - Baseband task of RTOS with a high priority
  - But GPOS Media-Player must have a higher priority than some
    low-priority tasks of RTOS
  - Enable a VM to yield the CPU

    - Use a RT task as a proxy of GP OS application, and make it yield
      the CPU

Multi-Users Devices
-------------------

- Mobile phone has 3 types of users, each with specific private data
  to protect from the others

  - The person owning the device, with address book, emails,
    documents, etc.
  - Different wireless providers, for example private and
    professionnal: network access properly authenticated, ensure
    correct billing !
  - Third-party service providers, for instance multimedia providers.

- Owner and third-parties must be granted secure financial
  transactions

Virtualization in Hardware
--------------------------

- Only way to build a real TCB

  - Without penalizing performances

- Should include support for

  - Memory Partitionning
  - Physical Memory / Machine Memory mapping
  - Coupled with multi-cores
  - Device Partitioning

    - Interrupt routing
    - I/O DMA coupled with memory partitioning & Physical Memory /
      Machine Memory mapping

Conclusion / Evolution of Virtualization
========================================

Conclusion
----------

- Emulation : slow, multi-arch, simulates ISA (full machine) or ABI
  (process level)
- Accelerated emulation : faster, code is executed natively, overhead
  for privilegied actions
- Virtual servers : fast and scalable, but same OS and one kernel
- Paravirtualization : fast, needs a modified OS
- HW-assisted virtualization : solves most of the issues

Evolutions of Virtualization
----------------------------

- Cloud computing

  - Big amount of data
  - Virtualization brings flexibility to data center

- Operating systems in browsers ?

  - State of OS is stored remotely

- Virtualization on desktops and small devices

  - Security (isolates work and personal area)