1
Limitation Multi-Hypervisor Nested Virtual Machines Yaohui Hu, Siddhesh Phadke, Kartik Gopalan, Michael R.Hines * Computer Science, Binghamton University * IBM Research Labs, Yorktown Heights Contacts: [email protected], [email protected] Developed prototype to run L2 VM on two L1 hypervisors running KVM/QEMU (as in V2) Memory mapping uses shadow-on-EPT mode. Ongoing work on Nested EPT mode Virtio-based I/O distribution. Ongoing work on direct assignment. H1, H2, H3, and H4 are Level-1 hypervisors. V1, V2, V3, and V4 are Level-2 VMs. V1 runs only on H1 as a traditional nested VM. V2 runs on H1 and H2. V3 runs on H2, H3 and H4. V4 runs on H4, and L0. Presently, an L2 VM can run on only one L1 hypervisor at a time. L2 VM cannot run on multiple co-located L1 hypervisors. E.g: An L2 VM cannot simultaneously run on a commodity L1 hypervisor and another L1 hypervisor providing intrusion-detection. Level-0 Level-1 Level-2 Prototype and Performance Users can run their own hypervisors in IaaS clouds. Live migration of hypervisors + guest VMs as a single entity. Hypervisor-level intrusion detection/prevention. Traditional Nested Virtualization Hypervisor VM1 VM2 Non-nested Virtual Machines Hypervisor Hypervisor 1 Hypervisor 2 Nested Virtual Machines VM1 VM1 VM3 VM4 Level -0 Level -1 Level -2 Benefits Multi-Hypervisor Nested Virtualization Hypervisor H1 H2 H3 H4 V1 V2 V3 V4 Memory Mapping Objective Develop systems support to run unmodified Nested VMs simultaneously on multiple hypervisors. 1. Sharing the L2 memory across multiple L1s o Two modes: Shadow-on-EPT and Nested EPT. 2. Distributing L2 vCPUs across multiple L1s 3. Forwarding inter-processor interrupts (IPIs) across L1s 4. Distributing I/O using virtio or direct device assignment. Challenges Current Status Resource Distribution L2 VA L2 GPA L1a GPA L1b GPA L0 HPA L2 Page Table L1b Page Table L1a Page Table EPTb EPTa Shadow-on-EPT Mode L2 VA L2 GPA L1a GPA L1b GPA L0 HPA L2 Page Table L1b Page Table L1a Page Table EPTb EPTa Nested EPT Mode SPTa SPTb Shadow EPTa Shadow EPTb Funded by

Multi-Hypervisor Nested Virtual Machinesosnet.cs.binghamton.edu/publications/hu14multi_poster.pdf · 2015. 6. 16. · hypervisors running KVM/QEMU (as in V2) Memory mapping uses shadow-on-EPT

  • Upload
    others

  • View
    3

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Multi-Hypervisor Nested Virtual Machinesosnet.cs.binghamton.edu/publications/hu14multi_poster.pdf · 2015. 6. 16. · hypervisors running KVM/QEMU (as in V2) Memory mapping uses shadow-on-EPT

Limitation

Multi-Hypervisor Nested Virtual Machines Yaohui Hu, Siddhesh Phadke, Kartik Gopalan, Michael R.Hines*

Computer Science, Binghamton University *IBM Research Labs, Yorktown Heights

Contacts: [email protected], [email protected]

Developed prototype to run L2 VM on two L1

hypervisors running KVM/QEMU (as in V2)

Memory mapping uses shadow-on-EPT mode.

Ongoing work on Nested EPT mode

Virtio-based I/O distribution.

Ongoing work on direct assignment.

H1, H2, H3, and H4 are Level-1 hypervisors.

V1, V2, V3, and V4 are Level-2 VMs.

V1 runs only on H1 as a traditional nested VM.

V2 runs on H1 and H2.

V3 runs on H2, H3 and H4.

V4 runs on H4, and L0.

Presently, an L2 VM can run on only one L1 hypervisor at a time.

L2 VM cannot run on multiple co-located L1 hypervisors.

E.g: An L2 VM cannot simultaneously run on a commodity L1

hypervisor and another L1 hypervisor providing intrusion-detection.

Level-0

Level-1

Level-2

Prototype and Performance

Users can run their own hypervisors in IaaS clouds.

Live migration of hypervisors + guest VMs as a single entity.

Hypervisor-level intrusion detection/prevention.

Traditional Nested Virtualization

Hypervisor

VM1 VM2

Non-nested Virtual Machines

Hypervisor

Hypervisor 1 Hypervisor 2

Nested Virtual Machines

VM1 VM1 VM3 VM4

Level -0

Level -1

Level -2 Benefits

Multi-Hypervisor Nested Virtualization

Hypervisor

H1 H2 H3 H4

V1 V2 V3 V4

Memory Mapping

Objective

Develop systems support to run unmodified Nested VMs

simultaneously on multiple hypervisors.

1. Sharing the L2 memory across multiple L1s

o Two modes: Shadow-on-EPT and Nested EPT.

2. Distributing L2 vCPUs across multiple L1s

3. Forwarding inter-processor interrupts (IPIs) across L1s

4. Distributing I/O using virtio or direct device assignment.

Challenges

Current Status

Resource Distribution

L2 VA

L2 GPA

L1a GPA L1b GPA

L0 HPA

L2 Page Table

L1b

Page Table

L1a

Page Table

EPTb EPTa

Shadow-on-EPT Mode

L2 VA

L2 GPA

L1a GPA L1b GPA

L0 HPA

L2 Page Table

L1b

Page Table

L1a

Page Table

EPTb EPTa

Nested EPT Mode

SPTa SPTb

Shadow

EPTa Shadow

EPTb

Funded by

SDK Application debug on Linux/QEMU TrainingQEMU to start You will see the QEMU start on the SDK console. To kill this session, select Stop QEMU in the same QEMU. The QEMU session

SDK Application debug on Linux/QEMU TrainingQEMU to start You will see the QEMU start on the SDK console. To kill this session, select Stop QEMU in the same QEMU. The QEMU session

Documents
Stateless Hypervisors at Scale

Stateless Hypervisors at Scale

Technology
Xilinx Quick Emulator: User Guide (UG1169) · QEMU User Guide 3 UG1169 (v2018.1) April 18, 2018 Table of Contents Chapter1:Using Xilinx QEMU What is QEMU

Xilinx Quick Emulator: User Guide (UG1169) · QEMU User Guide 3 UG1169 (v2018.1) April 18, 2018 Table of Contents Chapter1:Using Xilinx QEMU What is QEMU

Documents
QEMU for Xilinx ZynqMP - events.static.linuxfound.org · New Chip (Zynq NG) Aggressive target for QEMU as early SW platform emulating WiP chip BootROMs, Boot-loaders, Firmware, Hypervisors,

QEMU for Xilinx ZynqMP - events.static.linuxfound.org · New Chip (Zynq NG) Aggressive target for QEMU as early SW platform emulating WiP chip BootROMs, Boot-loaders, Firmware, Hypervisors,

Documents
virtualization and hypervisors

virtualization and hypervisors

Engineering
Introduction to QEMU/Linux Assignmentcs.rochester.edu/~sandhya/csc256/lectures/cs456_qemu.pdf · About QEMU ! II ¥ Why QEMU? ¥ For the kernel programming in the following assignments

Introduction to QEMU/Linux Assignmentcs.rochester.edu/~sandhya/csc256/lectures/cs456_qemu.pdf · About QEMU ! II ¥ Why QEMU? ¥ For the kernel programming in the following assignments

Documents
Porinting QEMU to Plan 9: QEMU Internals and Port Strategygsoc.cat-v.org/people/nwf/paper-strategy-plus.pdf · Porting QEMU to Plan 9: QEMU Internals and Port Strategy Nathaniel Wesley

Porinting QEMU to Plan 9: QEMU Internals and Port Strategygsoc.cat-v.org/people/nwf/paper-strategy-plus.pdf · Porting QEMU to Plan 9: QEMU Internals and Port Strategy Nathaniel Wesley

Documents
QEMU QEMU and SystemCand SystemC - uni-paderborn.deadt.cs.upb.de/quf/quf11/quf2011_02.pdfMerge SystemC methods into QEMU kernel Remove OSCI simulator and write an API SystemC

QEMU QEMU and SystemCand SystemC - uni-paderborn.deadt.cs.upb.de/quf/quf11/quf2011_02.pdfMerge SystemC methods into QEMU kernel Remove OSCI simulator and write an API SystemC

Documents
Ept Facebook.docx

Ept Facebook.docx

Documents
QEMU Backend Block Device Driver In Practicebos.itdks.com/13e2bb7282b94eac802ee38afaff83c2.pdf · QEMU Utils qemu-img qemu-img create -f qcow2 -o size=100G vol.qcow2 qemu-img info

QEMU Backend Block Device Driver In Practicebos.itdks.com/13e2bb7282b94eac802ee38afaff83c2.pdf · QEMU Utils qemu-img qemu-img create -f qcow2 -o size=100G vol.qcow2 qemu-img info

Documents
QEMU-GlusterFS integration › en › latest › ...Enabling GlusterFS for Virtualization use QEMU-GlusterFS integration – Native integration, no FUSE mount – Gluster as QEMU block

QEMU-GlusterFS integration › en › latest › ...Enabling GlusterFS for Virtualization use QEMU-GlusterFS integration – Native integration, no FUSE mount – Gluster as QEMU block

Documents
Porting the QEMU virtualization software to MINIX 3 · ported QEMU to it. QEMU provides full system virtualization, aiming in particular at portability and speed. I find that QEMU

Porting the QEMU virtualization software to MINIX 3 · ported QEMU to it. QEMU provides full system virtualization, aiming in particular at portability and speed. I find that QEMU

Documents
A Performance Comparison of Hypervisors

A Performance Comparison of Hypervisors

Documents
EPT Sellsheet

EPT Sellsheet

Documents
QEMU Code Overview -

QEMU Code Overview -

Documents
P-QEMU: A Parallel Multi-core System Emulator Based On QEMU

P-QEMU: A Parallel Multi-core System Emulator Based On QEMU

Documents
Introduction to QEMU

Introduction to QEMU

Documents
QEMU in Cross building

QEMU in Cross building

Documents
Xilinx Quick Emulator: User Guide (UG1169) · QEMU User Guide 5 UG1169 (v2018.2) June 6, 2018 Chapter1 Using Xilinx QEMU What is QEMU? Xilinx provides a Quick Emulator (QEMU) for

Xilinx Quick Emulator: User Guide (UG1169) · QEMU User Guide 5 UG1169 (v2018.2) June 6, 2018 Chapter1 Using Xilinx QEMU What is QEMU? Xilinx provides a Quick Emulator (QEMU) for

Documents
QEMU Emulator User Documentation Table of Contentsprocessors.wiki.ti.com/images/2/2b/Mozilla.pdf · QEMU Emulator User Documentation Table of Contents QEMU Emulator User Documentation

QEMU Emulator User Documentation Table of Contentsprocessors.wiki.ti.com/images/2/2b/Mozilla.pdf · QEMU Emulator User Documentation Table of Contents QEMU Emulator User Documentation

Documents
Pres ssc-ict-2014-april hypervisors

Pres ssc-ict-2014-april hypervisors

Technology
QEMU QEMU and SystemCand SystemC

QEMU QEMU and SystemCand SystemC

Documents
5-Level Paging and 5-Level EPT · tables (EPT). When EPT is used, paging produces guest-physical addresses, which EPT translates to physical addresses. Section 1.3 describes the EPT

5-Level Paging and 5-Level EPT · tables (EPT). When EPT is used, paging produces guest-physical addresses, which EPT translates to physical addresses. Section 1.3 describes the EPT

Documents
Breaking hardware enforced security with hypervisors

Breaking hardware enforced security with hypervisors

Technology
Industrial hardware and QEMU

Industrial hardware and QEMU

Documents
Live Block Device Operations in QEMU - FOSDEM › 2018 › schedule › event › vai... · KVM/QEMUvirtualizationcomponents Linux: KVM–/dev/kvm VM1 QEMU VM2 QEMU libvirtd OpenStack

Live Block Device Operations in QEMU - FOSDEM › 2018 › schedule › event › vai... · KVM/QEMUvirtualizationcomponents Linux: KVM–/dev/kvm VM1 QEMU VM2 QEMU libvirtd OpenStack

Documents
with qemu and libvirt

with qemu and libvirt

Documents
EPT Brochure

EPT Brochure

Documents
QEMU - Binary Translation

QEMU - Binary Translation

Software
Electronic Promotion and Tenure Adobe Help Guide, eP&T, EPT, ePT

Electronic Promotion and Tenure Adobe Help Guide, eP&T, EPT, ePT

Documents