-
The most widely deployed mobile virtualization solution
Data Sheets
Open Kernel Labs Blog
April 23, 2008
Virtualization Hardware Support—What Does It Buy You?
This is another question I get asked frequently (no, I'm really not making this up). Hardware support for virtualization, such as Intel's VT-x and AMD-V, will soon reach embedded processors (eg. ARM is rumoured to be working on something). What will this mean for embedded hypervisor technology, such as OKL4?
In order to understand the implications, we need to understand what this hardware does. In a nutshell, it makes processors virtualizable, meaning that an operating system written for native execution can be made to run safely inside a virtual machine, without any changes to its source or binary code. This is called pure virtualization. It is achieved by ensuring that all virtualization-sensitive instructions (those that change or expose physical machine state) cause a trap into the hypervisor when executed inside a virtual machine (VM).
The advantages are obvious: you can run any OS binary inside a VM by slipping a hypervisor under it, without being restricted to certain supported guest OS versions, and without (engineering-intensive) para-virtualization. Does this mean that you no longer need a fast and sophisticated hypervisor, such as OKL4?
Of course you still need a hypervisor, as something is required to implement the virtual machine. The hardware doesn't do this for you, it only makes it easier. In theory, a hypervisor for virtualizable hardware needs to be less sophisticated than a hypervisor for unvirtualizable hardware. In theory. In reality, things don't change all that much for the hypervisor.
The reason is that pure virtualization is expensive. Each time a sensitive instruction is executed, the hardware traps into the hypervisor, which must then interpret the instruction and perform the virtualization operation and return back to the guest. This is expensive. The inherent cost of each such a trap is about the same as one OKL4 IPC operation. Yes, OKL4 IPC is fast, but we're still talking a cost that is some two orders of magnitude higher higher than if the instruction were allowed to execute normally. So, if your guest OS executes many sensitive instructions, performance will degrade significantly. Linux when manipulating page tables (eg for fork/exec/exit) executes dozens or hundreds of sensitive instructions in short sequence.
Processor manufacturers are trying their best to reduce this virtualization cost. One approach they use is reducing the set of instructions that are virtualization-sensitive—this reduces the number of traps and thus the overhead. Approaches include “nested” page tables (separate hardware-supported page tables for the guest and the hypervisor, so most of the guest's page-table manipulations don't cause a trap) and directing system-call traps directly to the guest OS (without the detour via the hypervisor).
The place where pure virtualization hurts most, and where hardware support does little if anything for you, is device drivers. The low-level part of a driver consists mostly of device register manipulations. Each such operation causes an expensive virtualization trap. Given that drivers are often quite performance-sensitive, this is a real problem. Furthermore, devices often impose time constraints on certain register manipulations. This means that there is a good chance a purely-virtualized driver will not work at all, irrespective of performance.
Besides drivers there are other places inside an OS kernel where the overhead of pure virtualization will remain uncomfortably high for the foreseeable future. Hence, the art of para-virtualization isn't going to become obsolete any time soon, particularly in the performance-sensitive space of mobile devices.
Besides that, I have been arguing repeatedly that virtualization is only a partial solution for the challenges of modern embedded systems, see for example my most recent white paper on virtualization for embedded systems. Virtualization hardware support does nothing to address the other problems for which OKL4 enables solutions. With one exception: support for device virtualization (in the form of IO-MMUs) enables the secure encapsulation of device drivers, even when using DMA. This is the feature I am really looking forward to, as it is extremely useful whether or not you want to use virtual machines.
So, OKL4 will continue to give you the best means for dealing with the safety, security and reliability challenges of modern embedded systems, no matter how advanced your hardware is.
Posted by Gernot Heiser on April 23 at 12:33 AM
About Gernot Heiser:
Gernot Heiser, Chief Technology Officer, never thought he would be in the business world. Prior to NICTA's creation in 2003, Dr Heiser was a full-time faculty member at the University of New South Wales. However, this die-hard academic couldn’t pass up the opportunity to see the commercialization of this research. Gernot still loves teaching, almost as much as he loves good wine and good food. And anyone will tell you that Gernot knows his wine.