Beruflich Dokumente
Kultur Dokumente
Call to Action
Takeaways
3
Todays Xen Architecture (Since Xen3.0)
Dom0 VM1 VM2 VM3
Device Unmodified Unmodified Unmodified
Manager & User User User
Control s/w Software Software Software
Challenges:
Tremendous effort spent on pushing patches to Linux upstream.
Maintaining effort.
Hard to push certain features/fixes into Linux upstream.
Xen PAT
Xen ACPI.
Xen RAS
5
Why was PV dom0 only?
Problems
Old x86 architecture (Pre-VT)
Virtualization is not considered by design.
Many virtualizations holes exist
X86 architecture with 1st Gen VT
Lack of performance optimizations
No hardware features to support memory/IO virtualization
Solution PV dom0
Modify dom0s kernel source code to address virtualization holes.
Adopt PV interfaces to enhance system performance.
Network, storage, MMU, etc.
But Linux only
6
Limitations of PV Dom0
Dom0 kernel is modified Linux (XenLinux)
Depends on Kernel changes
Hard to push some changes(RAS, PAT, ACPI) to upstream Linux
Cant support unmodified OS (Windows, Mac OS, etc)
Cant leverage VT for performance enhancement
Performance limitations of dom0
64bit dom0 has to suffer from poor performance
Super page cant be supported well
Fast system call cant be supported as well
Un-avoidable various traps to hypervisor
Thread switch
FPU, TLS, stack switch
MMU update operations
Guest page faults
7
New Hardware Virtualization Technologies
CPU virtualization
Virtualization holes are finally closed by architecture
CR access acceleration
TPR shadow/APIC-v
Memory virtualization
EPT VPID memory virtualization is done by hardware
EPT super page supported
Unrestricted guest
I/O virtualization
VT-d supports direct IO for guest
SR-IOV
Interrupt virtualization
APIC-V
Posted interrupts
8
Good chance for improving dom0
Goal
Remove PV dom0s limitations
Leverage new VT technologies to enhance dom0s performance
Options
PVH dom0: Running PV kernel in HVM container, leveraging some VT technologies
(e.g. EPT) to enhance dom0s performance. Only limited to Linux OS.
HVM dom0: Allows unmodified OS (may with PV drivers) running in HVM container
with full VT technologies. Ideally, it can support any unmodified OS.
9
Xen Architecture with HVM dom0
HVM Dom0 HVM Domain
Ring3
Device
Qemu Manager & Unmodified
(virtio
backend)
Control s/w User
Software
VMX
Non-Root
Unmodified
GuestOS
(Windows OS
Linux/Window/etc. Linux))
Ring0
Native Front-End
Back-End Device Device Drivers (e.g.
Device Drivers Driver virtio)
VMX Root Control IF Safe HW IF Event Channel Virtual CPU Virtual MMU
Xen Hypervisor
Hardware
10
Benefits of HVM dom0
11
How to make HVM dom0 work ?
CPU virtualization
Same as HVM domU.
Memory virtualization
Adopt EPT/NPT for memory virtualization
Super page is used for performance enhancement
IO virtualization
With VT-d, all physical devices are assigned to dom0 by default
IO access & mmio access doesnt trigger vmexits.
Interrupt virtualization
Dom0 controls physical IOAPIC
Dom0s local APIC is virtualized
Hypervisor owns physical local APIC
12
HVM dom0 Boot Sequence
EFI-based system as HVM Dom0 (e.g. Windows*)
Dynamically de-privilege EFI shell to a HVM guest environment
Boot flow:
System power on Boot EFI shell execute startup.nsh xen_loader.efi Xen
entry point start_xen() construct_dom0() prepare_hvm_context()
VMLAUNCH back to original EFI shell Load OS as usual
startup.nsh:
xen_loader.efi xen.gz
/boot/efi/ia32.efi
xen_loader.efi:
Used dynamically to de-privilege EFI shell
One EFI binary for loading Xen and setup return point from hypervisor
After back to EFI shell, EFI environment is in a HVM guest
13
HVM dom0 Boot Sequence (Cond)
14
Multi-domain Support
Qemu is a must
Both Linux & Windows supports Qemu
PV Driver support
Xen bus/event channel mechanism is needed
One virtual PCI device (PCI platform device) is virtualized
Port PCI platform devices logic from Qemu to hypervisor
Partially
Windows Virtio Ready Not ready
Ready*
15
Call for Action
16
Takeaways
17
Questions?
Or contact xiantao.zhang@intel.com
18
19