Siemens Jailhouse (Xen or KVM (Can Run Under It) Alternative For High Speed Low Latency Network and Io Access) (By Ian Kiszka) Presentation

Unrestricted Siemens AG 2013.
All rights reserved

Static System Partitioning
and KVM
Siemens Corporate Technology | October 2013
Page 2 October 2013 Jan Kiszka Corporate Technology Unrestricted Siemens AG 2013. All rights reserved
Static System Partitioning and KVM
!gen"a
Motivation re!"irements
Jailho#se $ a ne% partitioning approach
Combining partitioning an" &irt#alization
'oing open so#rce
S#mmary an" o#tlook
Gimme all yo"r #PUs$
The nee" (or (#ll reso#rce "e"ication
) %igh&s'eed control tas(s )*10 (%+,
) *&ery +s o&erhea" re"#ces
achie&able (re,#ency
) Small in(re,#ent "ist#rbances can
ha&e signi(icant impact
-* Cache poll#tions
-* -ea"line misses
) %igh&'er.ormance com'"ting
) .ong/r#nning tasks "on0t %ant
interr#ptions
-* Keep caches hot
#/012G30/3%45 6 the sol"tion7
CP2 "omination %ith .in#3
) Goal8 dominate #PU 9ith a single tas(
) 4o interr#pts incl#"ing timer ticks
) 4o ho#sekeeping %ork 56C2 loa" meas#rement etc78
) Stan"ar" application programming mo"el
) 9#t "o not break .in#3:
) 2m'ortant ste's made in "'stream
) 6e"#ce ticks to 1 ;< i( only one task present
) O((loa" 6C2 %ork to other CP2s
) :"t...
) not yet 100=
) more tasks>interr#pts may ha&e to r#n 5on?each?cp#7778
Page @ October 2013 Jan Kiszka Corporate Technology Unrestricted Siemens AG 2013. All rights reserved
;hat i. yo" need asymmetric m"lti'rocessing7
<=/S
;ar"%are
>in"?
7 <=/S
<=&KVM
Page A October 2013 Jan Kiszka Corporate Technology Unrestricted Siemens AG 2013. All rights reserved
>atencies Achieva@le in KVM&only Set"'s
) %ost set"'
) KBC on 3DA P6**CPT/6T .in#3
) Birt#al machine on dedicated core
) Entel 4EC 5*1000 (amily8 as E>O "e&ice
"irectly assigne" to g#est
) Permanent "isk E>O loa"
) G"est set"'
) Proprietary 6TOS
) 6eal/time net%ork stack
) Meas"rement set"'
) .in#3>Fenomai 5nati&e installation8
) 6eal/time net%ork stack 6Tnet
) Perio"ic ECCP ping messages sent to target
) 6ecor" ro#n"/trip latency 5error G@0 +s8
-* ;orst&case latency a.ter 1Ah8 330 Bs
<=/S
G"est
<=&KVM
02# other %;
<eal&=ime
>in"?
9ith <=net
02# other %;
Ceas#ring E>O latency o( an 6T '#est
2m'rova@le via
#/012G30/3%4 #o.
2m'rova@le via
#/012G30/3%4 #o.
Page H October 2013 Jan Kiszka Corporate Technology Unrestricted Siemens AG 2013. All rights reserved
Small is :ea"ti."l
Bali"ation e((orts correlate %ith co"e sizes
) Cemanding sec"rity sa.ety scenarios
) O(ten re,#ire certi(ication
5Common Criteria E*C A1@0D I8
) 4ee" to look closely at har"%are J so(t%are
) 6e&ie% > testing
) 5Kormal8 &ali"ation
) =he larger yo"r systemD the higher yo"r e..ort
) Split critical (rom non/critical components
) Keep critical components small
) Virt"ali+ation can hel' 9ith segregation
) 777i( it remains simpler than non/critical parts
CC 9L/S! 370
Page D October 2013 Jan Kiszka Corporate Technology Unrestricted Siemens AG 2013. All rights reserved
) 1oc"sed on g"est isolation
) Spatial
) Temporal
) <ed"ced com'le?ity ) .eat"res,
) 6e"#ces &ali"ation e((ort
) 6e"#ces g#est latencies
) 0o standard availa@le yet
) 4iche market
) Cany commercial hyper&isors
) Ke% open so#rce proMects
) ;ar"%are restrictions
) 4ot targeting in"#strial #se
1st A''roach8 Micro&%y'ervisor
Micro&%y'ervisor
0on&<=D
non&critical
;or(load
#ritical
;or(load
E>O
CP2 CP2
E>O
Small bare/metal hyper&isor separates %orkloa"s
Page N October 2013 Jan Kiszka Corporate Technology Unrestricted Siemens AG 2013. All rights reserved
;yper&isor
A @are&metal hy'ervisor has to @oot its g"est
Classic type/1 hyper&isor boot/#p
;ar"%are ;ar"%are
GP/S
<=
A''
1. :oot 'hase 2. /'erational 'hase
Kirm%are>9EOS
O9oot .oa"erP
;yper&isor
GP/S
5'eneral
P#rpose OS8
;yper&isor
!gen"a
Coti&ation J re,#irements
Eailho"se 6 a ne9 'artitioning a''roach
'oing open so#rce
S#mmary an" o#tlook
;hat a@o"t 'ost'oning the hy'ervisor start7
9asic concept o( late partitioning
;ar"%are ;ar"%are
Partitioning .ayer
>in"?
>in"?
;ar"%are
Partitioning .ayer
>in"?
<=
A''
1. :oot 'hase 2. Partitioning
'hase
3. /'erational 'hase
Kirm%are>9EOS
O9oot .oa"erP
2mages
#on.igs
>in"?
#hoosing the <ight :alance
Jailho#se (oc#ses on simplicity
K
e
a
t
#
r
e
s
S
i
m
'
l
i
c
i
t
y
Eailho"se Architect"re
>in"? Kernel
Eailho"se
>oader Mod"le
Eailho"se
Management =ool
>"e&>Mailho#se
#ell 2mage
#ell
#on.ig
Eailho"se 2mage
#ell
#on.ig
#ell 2mage
<=
A'' 2
#PU 1 #PU 2 #PU F #PU 3 #PU G #PU A
<=
A'' 1
Cevice 1 Cevice F Cevice G Cevice 2 Cevice 3
Eailho"se %y'ervisor
H#ellI
System
#on.ig
Access #ontrol instead o. Virt"ali+ation
.imits o( e3cl#si&e reso#rce assignment
) 2nterce't and .ilter access to sensitive reso"rces
) Physical a""resses 5#nless har"%are (ilters8
) E>O interr#pt J EPE "estination programming
) Cross/cell impact 5e7g7 system reset8
) 181 reso"rce assignment
) 4o o&ercommitment no sche"#ling
-* 9etter pre"ictability less comple3ity
) Co not hide hy'ervisor e?istence
) 4o em#lation o( lacking reso#rces
) *3pose assigne" reso#rce 5%i"ely8 #nmo"i(ie"
) .in#3 %on0t notice 5alrea"y boote"8 other cells nee" a%areness
Page 1@ October 2013 Jan Kiszka Corporate Technology Unrestricted Siemens AG 2013. All rights reserved
Eailho"se does not overla' 9ith KVM
Jo" need more7 Use KVM$
Page 1A October 2013 Jan Kiszka Corporate Technology Unrestricted Siemens AG 2013. All rights reserved
>in"? is /"r 1riend
6e#se .in#3 (or management tasks
) :ootstra'
) System boot/#p har"%are pre/con(ig#ration
) ;yper&isor loa"ing an" con(ig#ration
) jailhouse enable CONFIG-FILE
) 6T partition creation J image loa"ing
) jailhouse cell create CONFIG-FILE IMAGE-FILE
) .in#3 #npl#gs reso#rces (or ne% cell 5CP2 "e&ices memory8
-* <ed"ced hy'ervisor com'le?ity
-* U02K&li(e loo( .eel
Page 1H October 2013 Jan Kiszka Corporate Technology Unrestricted Siemens AG 2013. All rights reserved
>in"? is /"r 1riend )2,
6e#se .in#3 (or management tasks
) /'eration
) 6econ(ig#rations 5%hile in non/operational mo"e8
) jailhouse cell destroy NAME
) Conitoring logging etc7
) Sh#t"o%n
) jailhouse disable
-* <ed"ced hy'ervisor com'le?ity
-* Short t"rn&aro"nd timesD less reasons to re@oot
Page 1D October 2013 Jan Kiszka Corporate Technology Unrestricted Siemens AG 2013. All rights reserved
Prototy'ing on ?LA
Jailho#se on Entel 3DA
) 2nitial .oc"s on 2ntel
) BT/3 %ith *PT #nrestricte" g#est mo"e 32!PEC
) BT/" %ith interr#pt remapping
) Cirect interr"'t delivery .easi@le
) Keep E6Qs o(( %hile in hyper&isor
) 2se 4CEs R preemption timer (or hyper&isor EPEs
) Minimalistic MM2/
) *nables EO/!PEC 3!PEC PCE mmcon(ig interception
) Simple #noptimize" slo%/path only #se cases
) ;or( in 'rogress
) -e&ice assignment management
) Enterr#pt access control
Page 1N October 2013 Jan Kiszka Corporate Technology Unrestricted Siemens AG 2013. All rights reserved
Prototy'ing on ?LA )2,
Jailho#se "e&elopment insi"e Q*C2>KBC
) :ootstra' develo'ment done inside MNMUOKVM
) 2nbeatable t#rn/aro#n" times
) G30 s (rom co"e (i3 o&er recompilation an" "eployment to e3ec#tion
) So#rce/le&el "eb#gging o( hyper&isor
) 1o"nd and .i?ed several nVMK de.icits @"gs
) -irect E6Q "eli&ery
) n*PT stabilization
) 2nrestricte" g#est mo"e
) Preemption timer
) Un.ort"nately no virt"al V=&d availa@le yet...
!gen"a
#om@ining 'artitioning and virt"ali+ation
'oing open so#rce
S#mmary an" o#tlook
;hat i. more than >in"? sho"ld r"n7
;osting non/.in#3 g#ests
>in"? Kernel
#PU 1 #PU 2 #PU F #PU 3 #PU G #PU A
<=
A''
Cevice 1 Cevice F Cevice G Cevice 2 Cevice 3
Eailho"se %y'ervisor
N?tended Eailho"se7
%o9 to minimi+e the com'le?ity increase7
4este" &irt#alization %ill be more bene(icial
) 1"ll /S @oot over Eailho"se
) .ess o&erhea" (or g#est
) 6e,#ires more "e&ice em#lations
) 6e,#ires more acc#rate &irt#alization
) 6e,#ires &irt#al 9EOS
) 777
) Nna@le KVM over Eailho"se
) O&erhea" o( monitoring pri&ilege" KBC operations
) Can (oc#s on CP2 &irt#alization (eat#res
) 4o nee" to &irt#alize>em#late M#st &ali"ate
) 'ain 5almost8 all (eat#res o( Q*C2>KBC
bene(it (rom its stability
K
e
a
t
#
r
e
s
S
i
m
'
l
i
c
i
t
y
0ested Virt"ali+ation on Ciet
*nabling Entel 3DA KBC o&er Jailho#se
) N?ec"te VMK instr"ctions on @ehal. o. KVM
) Monitor )shado9, VM#S accesses
) Bali" (iel"sS
) Physical a""resses %ith limitsS
) 2ns#pporte" (eat#res "isable"S
) ;e donPt care i. KVM crashes its #PU
) 777as long as it "oesn0t a((ect other cells
) Ceny NP= in 1st 'rototy'e
) Slo% b#t simple
) General need to esta@lish .eat"re restrictions
) PragmaticT loa" KBC a(ter Jailho#se
) 6e"isco&er (eat#res on Jailho#se "etection
CC 9L/S! 370
/'timi+ation8 0ested NP=
Conitoring o( *3ten"e" Page Table #sage by KBC
) 181 ma''ing 6 no shado9ing re!"ired
) Monitoring conce't
) K#ll &ali"ation %alk on ne% *PT
) 4ote *PT internally as &ali"
) Trap %rites to kno%n *PTs
) Check i( page belongs to kno%n *PT
5"rop %rite/protection i( not8
) -eclare *PT in&ali" i( entry becomes in&ali"
thro#gh %rite
) *3ec#te %rite
) 2se KBC0s *PT %hile r#nning its g#est
) >ast resort8 'ara&virt"ali+ation
CC 9L/S! 370
Page 2@ October 2013 Jan Kiszka Corporate Technology Unrestricted Siemens AG 2013. All rights reserved
!gen"a
Going o'en so"rce
S#mmary an" o#tlook
Page 2A October 2013 Jan Kiszka Corporate Technology Unrestricted Siemens AG 2013. All rights reserved
;hy /'en So"rce7
9ene(its o( maintaining Jailho#se as open so#rce
) HE"st a .e9 lines o. codeD easily maintaina@le.I
) ;ar"%are/assiste" &irt#alization is non/tri&ial
-* Cany/eyes principle
) 4e% CP2s an" har"%are (eat#res %ill keep #s b#sy
-* !ttract contrib#tors incl#"ing silicon &en"ors
) :roaden the "sage
) ;igher test co&erage (aster stabilization
) !""itional #se cases UV more contrib#tors
) #lose coo'eration 9ith >in"? (ernel
) *nable #pstream changes o( .in#3 5i( re,#ire"8
) Keep the "oor open (or integration
) GP>8 Preserve o'enness
GPL
Page 2H October 2013 Jan Kiszka Corporate Technology Unrestricted Siemens AG 2013. All rights reserved
!gen"a
'oing open so#rce
S"mmary and o"tloo(
Page 2D October 2013 Jan Kiszka Corporate Technology Unrestricted Siemens AG 2013. All rights reserved
Eailho"se 6 Static Partitioning as >in"? 1eat"re
S#mmary
) 0eed .or critical 9or(load isolation
) 2n"ist#rbe" (rom non/critical system parts
) .o%/latency access to E>O
) 6e"#ce &ali"ation e((orts
) Eailho"se 'rovides @"ilding @loc( .or 'artitioning
) !llo%s (#ll CP2 isolation
) 6e"#ce" to the minim#m 5goalT G10k lines o( co"e8
) .in#3/base" to re#se han"y in(rastr#ct#re
) Optionally combine %ith KBC (or (#ll &irt#alization
Page 2N October 2013 Jan Kiszka Corporate Technology Unrestricted Siemens AG 2013. All rights reserved
;hat is ne?t7
O#tlook
?LA com'letion
KVM over Eailho"se
A<MvQ 'ort
>in"? R >in"?7
1ollo9 O Soin the develo'ment$
htt's8OOgith"@.comOsiemensOSailho"se
Management .eat"res
Any M"estions7
=han( yo"$
Jan Kiszka GMan7kiszkaWsiemens7comV

Siemens Jailhouse (Xen or KVM (Can Run Under It) Alternative For High Speed Low Latency Network and Io Access) (By Ian Kiszka) Presentation

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Siemens Jailhouse (Xen or KVM (Can Run Under It) Alternative For High Speed Low Latency Network and Io Access) (By Ian Kiszka) Presentation

Transféré par

Droits d'auteur :

Formats disponibles

Unrestricted Siemens AG 2013.

All rights reserved

Vous aimerez peut-être aussi