Direct quoted from http://blog.csdn.net/wy16223864/article/details/8259146
===========arm Virtualization Research Report =================================================
Research report, in general, the results are as follows:
1) Current ARM virtualization background:
A) Commercial background: Virtualization has long been a solution, of which the famous is OKL4 microvisor by OKL4, MVP by vmware,red Bend Software, TRANGO,VLX for ARM by Virtual Logic, INTEGRITY secure virtualization by Green Hills software. In addition to Green Hill, the others are semi-virtualized, but none of them are open source. Only OKL4 can see the performance test data.
b) Background: Xen on ARM is a pioneer in open source solutions with poor performance but at least a similar solution; KVM for ARM writes a technical report but is closely followed; NICTA and Okl's buddies re-made a micro-core support arm full virtualization expansion of the Hyperv Isor, can only run on the simulator.
c) New ideas: 2011 SOSP paper on Android in the implementation of the operating system virtualization (compared to system virtualization, OS virtualization running a kernel run a number of separate user space, rather than the previous one, chroot is a common OS virtualization). The implementation of multiple Android switching, performance is ideal, and very suitable for Android virtualization needs, is a very good idea of virtualization.
2) Arm virtualization Architecture and development: ARM is a virtualization unfriendly structure, mainly embodied in the following aspects:
I. Sensitive directives with non-privileged
II. Privilege level is not enough, to protect the address is more troublesome
III. Some ASID TLB caused by TLB flush more ~
In addition, ARM virtualization hardware support development is roughly divided into two parts:
Iv. ARM Truezone provides brief hardware support, most notably with two mode secure and non-secure modes, and should be modified with non-privileged sensitive instructions Bug,green Hill company implemented full virtualization on it
V. ARM also introduced a hardware expansion virtualization in 2010, and a HYP model was added to the non-secure. Details are detailed in the third analysis
3) Arm virtualization trend: A micro-core-like independent hypervisor in the rise (personal feeling mainly or okl in support, commercial aspects of the absolute advantage). Xen on arm and Xen on KVM will change with the implementation of ARM hardware virtualization. The development of OS virtualization is also a very good direction, the current commercialization of OS virtualization will feel far beyond the general development of virtualization.
4) test method: Lmbench actually become the default mode, the simulator is probably estimated that the delay of each operation ~
=============arm-related =============================================== of virtual papers
1. Xen on Arm:system virtualization using Xen Hypervisor for arm-based Secure Mobile phones
Content Summary:
1) topics on how to virtualize your arm architecture
2) points out the three difficulties of ARM virtualization: having non-privileged sensitive instructions; only one operation mode; TLB does not asid high refresh rate when switching
3) Current status of arm: 1. Someone's master's thesis mentions arm virtualization but not all, mentions the separation kernel and the user page table but did not realize. 2. The L4 kernel uses a single address mechanism, and the kernel and process thread address space is not duplicated, and the refresh is avoided. Its FCSE mechanism dynamically divides the address space into processes, but each process is limited to 32M. Applicability is not strong, but this direction is worth considering. 3.Trango and Virtuallogic provide arm virtualization products but closed source.
4) Arm CPU virtualization: In order to protect the kernel address, the user mode is divided into two modes, Xen controls the guest OS in both modes, exception handling is mainly the exception how to go through the VMM to the guest kernel, and the sensitive instructions are simply replaced with hypercal.
5) ARM's memory virtualization: To ensure guest address security, the Xen Capture Page table must be written so that the address of the Xen VMM can be protected from the guest OS and guest process addresses. Protect the Guestos address by developing arm's domain mechanism. There are also some cache flush optimizations and other content
6) Experimental results: Lmbench test the efficiency of physical machine and virtual machine, how the virtual machine increases the effect, and how the common operation effect.
2. KVM for ARM
Content Summary:
1) Theme: This article focuses on how to support arm on KVM, using a lightweight, semi-virtualized approach to avoid the non-virtualized parts of ARM architectures.
2) KVM Status: currently supports X86,POWERPC; experimental support ia64,s390.
3) The biggest challenge for ARM is the architecture has a virtualization flaw: non-privileged sensitive instructions
4) KVM for ARM uses lightweight para-virtualization to modify non-privileged sensitive instructions to get into a simulation. The use of lightweight para-virtualization is not dependent on the operating system's source code. Automatically modifies non-sensitive privileged instructions in the operating system instead of displaying the source code in the operating system as normal semi-virtualized.
5) Related work: X86-vmware-xen-hardware support. Business ARM Virtualization System: VLX for Arm (virtual Logic), OKL4 microvisor by OK Labs; MVP by VMware; Intergrity Secure Virtualization by Green Hills-------None of this is open source. Xen on ARM is limited and cumbersome to use with normal para-virtualization. In contrast, the semi-virtualized changes used by KVM for arm are smaller.
6) CPU Virtualization: A series of non-privileged sensitive directives in the arm architecture are described in detail. Because the sensitive directive does not exist with the standard C compiler, it only exists in the assembly file and inline assembly, so you can use a script to bulk modify sensitive instructions in the kernel. Implemented by using a sink-in instruction instead of a sensitive instruction.
7) exception handling: slightly
8) Memory Virtualization: ARM architecture has address conversion through the MMU, there is no address conversion through the MMU, due to the general performance of the MMU does not work, so the general virtualization is the address conversion through the MMU. Memory virtualization uses a shadow page table instead of a semi-virtualized page table in Xen, which implements the details slightly. Memory sharing and state switching slightly. Memory protection is also used by the domain mechanism in arm.
9) Implementation status: The most basic system is realized, the performance is poor, the work is focused on correctness. ARMV6 V7 support is currently being increased. ARMV6 's ASID support reduces TLB invalidation to improve performance. ARM true Zone approaches the hardware virtualization solution, but does not implement something like ept.
3. Hardware Support Virtualization on ARM
Content Summary:
1) Theme ideas: Designed and implemented the first VMM to use ARM's 2010 hardware expansion, and measured its performance on emulated hardware.
2) Background: Virtualization spread to embedded, arm structure is not virtualized, so need to use binary translation or semi-virtualized. Binary translation requires the majority of resources, so the commercial and laboratory use more, and semi-virtualized need to modify the operating system. 2010 ARM released the hardware virtualization specification, so this article provides the first VMM to run a fully virtualized operating system. Because there is no hardware support, the experimental results can only be obtained by simulation.
3) Related work: Commercial arm solutions are provided by: Okl, VMware, Red Bend software, which are used for semi-virtualized. Green Hills Software uses the true Zone feature to provide VMM that can run a single unmodified operating system. Samsung transplanted Xen, but the performance was poor: only half the original. Commercially available OKL4 system with an order of magnitude lower performance than originally. NOVA (what's up?) )。。 Adams and Agesen compared hardware virtualization and two-level translation without MMU support, but only reports have been reported that the MMU support can be very high-performance to a large extent. The virtualization specification for ARM refers to the support for MMU virtualization.
4) Arm Virtualization hardware Support:
A) operation mode: Added a non-secure mode, and added a hyp mode in non-secure mode to form Non-secure user,kernel,hyp three modes of operation.
b) A vmid is added to the TLB to reduce the TLB flush at switchover
c) Many anomalies can be configured to fall into the kernel state or directly into the HYP state
d) Add content in Hyp mode to avoid load and decode sensitive instructions
e) Dual Address translation: There are two tlb.
f) Virtual interrupt injection mode, basically no new content.
g) Unlike x86, the new HYP mode requires VMM to save the guest scene instead of the auto-save in the similar x86; ARM when VMM allows interrupts to be injected directly into guest, the guest can clear interrupts and other operations without falling into, x86 not ARM also adds features to avoid parsing sensitive instructions, while CISC consumes a lot.
h) The same in x86: Dual address mapping, VMID.
5) VMM Design
A) implement a micro-core VMM: You can create and destroy VMM dynamically without using dynamic VMM, and VMM does not use virtual memory. Similar to OKL, unlike the Nova and other micro-cores, VMM does not divide hypervisor into kernel and two parts of the user program
b) Virtual machine interaction: slightly
c) Simulation platform: ARM Fast model
D) Implementation details: mode switching; instruction simulation; device pass through; equipment sharing;
e) Limitations: Virtual machine scheduling lacks data, no multicore support, and dynamic VMM is not supported;
6) Performance: Due to the use of the simulator, so the real data can not be obtained, only estimate the cost of each operation of the clock cycle.
7) Sentiment: Hardware expansion simplifies the hypervisor design.
=========== supports arm's unique hypervisor design ====================================
4. The OKL4 microvisor:convergence point of Microkernels and Hypervisors
Content Summary:
1) Theme ideas: Microkernel and hypervisor have a lot of similarities, OKL4 design can easily see these places.
2) Background: Micro-kernel disputes persist, the first generation microkernel is not recognized because of the performance flaw but some people find that the second-generation micro-kernel as hypervisor can achieve good results. Commercial microkernel includes: QNX for high reliability, high-security green Hills Integrity, high-performance OKL4 micro kernel. In order to eliminate the misunderstanding caused by a slight kernel study in 15, OKL4 developed microvisor in order to prove that the microkernel and hypervisor have the same merits.
3) Microkernel is primarily intended to provide a simpler layer of privileged software, and hypervisor is not conflicting in order to replicate the current hardware provided to more virtual machines for execution. Micro-kernel and hypervisor in the instruction, the memory difference has, but is not irreconcilable, but on the I/O, the development of hypervisor closer to the micro-core.
4) Implementation method
A) Execution abstraction is a virtual machine that runs multiple Vcpus, each Vcpus can dispatch
b) Memory abstraction is a virtual MMU for guest mapping virtual addresses to physical addresses
c) I/O abstracts a heap of memory-mapped device registers and virtual interrupts
d) The communication abstraction is virtual interrupts and channels (pipelines. )
5) Performance Analysis:
A) Not much to compare, Xen on ARM is a, also tested with lmbench data, compared to the Xen on ARM has the advantage
b) It is mentioned that there is currently no standardized hypervisor benchmark on the embedded system, and the lmbench fraction is commonly used to compare virtual machines and hosts
c) Netperf Test network effect is very good, very little discount
6) Related work
A) NOVA: Also simplifies hypervisor design, but requires hardware architecture to support Section virtualization.
b) Nova is larger than OKL4 and is not designed to streamline hardware.
================ Special Virtualization Project ==============================================
5. nova:amicrohypervisor-based Secure Virtualization Architecture
Content Summary:
1) Theme ideas: Current hypervisor large and easy to attack, in order to overcome this shortcoming, this paper designed a system to improve the security of the hypervisor, can be used to run a number of unmodified operating systems, and is smaller than the current virtualization system of an order of magnitude.
2) Contribution: greatly reduce the privilege level code, reduce the virtual machine feasible calculation part of an order of magnitude, virtual machine communication overhead can be reduced, and Nova achieved full virtualization of good performance.
3) Background: Virtual machine back to the mid 1860s, after a period of silence for some time, in the late 90 to disco and VMware business success as the representative of the virtual machine began a revival phase. With the advent of x86 's full virtualization hardware support, new virtual machine environments begin to emerge. Virtual machines are also divided into full virtualization and semi-virtualized. The virtual machine has a positive and negative impact on security, mainly based on the way it is implemented.
4) TCB compared to: Experiment Front Nova's TCB is much smaller than other virtual machine systems.
5) Nova Architecture:
A) Two principles: one is functional decomposition: Micro-Hypervisor;root Division manager, multiple virtual Machine Manager, device driver and other system services. The second is to implement the principle of least privilege in all components.
b) Specific structure: see Figure 2
c) attack model: slightly
D) Microhypervisor: Provides protection domain, execution context, dispatch context, communication gate, signaling system.
e) memory management: Use EPT as much as possible, or use vtlb algorithm
f) Root Partition Manager: Responsible for initializing allocation of resources
g) VMM: Instruction simulation, device simulation, device communication, BIOS simulation, multi-core simulation
6) Performance test:
A) kernel compilation: Test with Vpid, not including vpid ...
b) HDD performance: Hard disk sequential read different block size. Additional overhead increases in three ways: device virtual, interrupt virtual, data transfer.
c) Network performance: Netperf test
d) User and kernel mode conversion: A series of experiments were designed to measure the conversion time.
e) Virtual machine exit frequency: Slightly
============= a new idea of embedded virtualization ==========================================
6. Cells:a Virtual Mobile Smartphone Architecture
Content Summary:
1) An embedded system called cells which can run multiple systems safely and independently is proposed. The main idea is to use a single Linux kernel and multiple file systems, and the Linux kernel provides virtual devices that can be switched between multiple file systems. In reality, it is similar to the application of Chroot program, but the security and isolation line is much better than chroot.
2) Background: Easy to download applications on the Web easily lead to security issues, as well as some work, entertainment and other conflict issues. While arm can be virtualized but requires class virtualization
3) Cell Virtualization Architecture: Supports the architecture of running multiple virtual machines on one operating system, and the operating system is divided into front and back end. The backend does not display, the front end can directly access all the hardware, the backend can only share the hardware at the current end of the time do not need exclusive hardware. The front end can get the physical machine speed. Cells can use VoIP technology for each virtual machine to provide different phone number for different VP without the need for a different SIM card.
4) Cell Use features: support multiple operating system switch, multiple systems from the external generated good copy to the phone. There are no access;shared access;exclusive access three rights control modes for each device.
5) Cell design features: Use device namespace to distinguish between different virtual machine cores and user programs. Virtualization is peculiar. In fact, it is mainly the file system before switching, not the kernel switch, so it involves not to the CPU virtualization of memory virtualization and other standards of virtualization solutions. Therefore, the main content is the sharing of peripherals and resources.
6) Cell test Result: Test standard: CPU performance: Linpack; file i/o:quandrant advanced Edition v1.1.1;3d Graphics: Neocore by Qualcomm; Web browsing: Sunspider v0.9.1 JavaScript Benchmark; network performance: Wget next pack; Energy consumption: play music, calculate the amount of battery remaining every 10 minutes.